From bugzilla at redhat.com Tue Oct 2 20:56:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Oct 2007 16:56:46 -0400 Subject: [RHSA-2007:0323-01] Important: xen security update Message-ID: <200710022056.l92KukWq019796@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2007:0323-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0323.html Issue date: 2007-10-02 Updated on: 2007-10-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1320 CVE-2007-1321 CVE-2007-4993 - --------------------------------------------------------------------- 1. Summary: An updated Xen package to fix multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Problem description: The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization. The following security flaws are fixed in the updated Xen package: Joris van Rantwijk found a flaw in the Pygrub utility which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain. (CVE-2007-4993) Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. (CVE-2007-1320) Tavis Ormandy discovered insufficient input validation leading to a heap overflow in the Xen NE2000 network driver. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Xen does not use this driver by default. (CVE-2007-1321) Users of Xen should update to these erratum packages containing backported patches which correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 237342 - CVE-2007-1320 xen Cirrus LGD-54XX "bitblt" Heap Overflow 237343 - CVE-2007-1321 xen QEMU NE2000 emulation issues 302801 - CVE-2007-4993 xen guest root can escape to domain 0 through pygrub 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-25.0.4.el5.src.rpm 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm i386: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm x86_64: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm 8869650a19cb4001e7aa1d1fa1dc562f xen-libs-3.0.3-25.0.4.el5.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-25.0.4.el5.src.rpm 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm i386: f41141cc620e161fedd68456d91c0103 xen-3.0.3-25.0.4.el5.i386.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm x86_64: 8821c1ad48035acc660ec5b1df3a1cb1 xen-3.0.3-25.0.4.el5.x86_64.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm 29ef0e6e5097bd82e44d8492bb8cfe5f xen-devel-3.0.3-25.0.4.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-25.0.4.el5.src.rpm 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm i386: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm ia64: 97d55e42bdc3fa09378f240db42d8dcb xen-debuginfo-3.0.3-25.0.4.el5.ia64.rpm 09a0ab57a37644e796eb9d13efac90cb xen-libs-3.0.3-25.0.4.el5.ia64.rpm x86_64: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm 8869650a19cb4001e7aa1d1fa1dc562f xen-libs-3.0.3-25.0.4.el5.x86_64.rpm RHEL Virtualization (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-25.0.4.el5.src.rpm 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm i386: f41141cc620e161fedd68456d91c0103 xen-3.0.3-25.0.4.el5.i386.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm ia64: aae6a104ac9d96a2258083a2037091e7 xen-3.0.3-25.0.4.el5.ia64.rpm 97d55e42bdc3fa09378f240db42d8dcb xen-debuginfo-3.0.3-25.0.4.el5.ia64.rpm fbf21cbabba81747c23c9462a88e934b xen-devel-3.0.3-25.0.4.el5.ia64.rpm x86_64: 8821c1ad48035acc660ec5b1df3a1cb1 xen-3.0.3-25.0.4.el5.x86_64.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm 29ef0e6e5097bd82e44d8492bb8cfe5f xen-devel-3.0.3-25.0.4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4993 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHArBvXlSAg2UNWIIRAtuRAKCT+Ro8K0H6Sq1OPzWgYeb3VQgVPQCgng8g gdCMyoFY+nAF+ARNuggMWZI= =8jdk -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 2 20:58:27 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Oct 2007 16:58:27 -0400 Subject: [RHSA-2007:0951-01] Important: nfs-utils-lib security update Message-ID: <200710022058.l92KwRhm020074@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: nfs-utils-lib security update Advisory ID: RHSA-2007:0951-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0951.html Issue date: 2007-10-02 Updated on: 2007-10-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3999 CVE-2007-4135 - --------------------------------------------------------------------- 1. Summary: An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. The updated nfs-utils package fixes the following vulnerabilities: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4 unknown uids. If an unknown user ID is encountered on an NFSv4 mounted filesystem, the files will default to being owned by 'root' rather than 'nobody'. (CVE-2007-4135) Users of nfs-utils-lib are advised to upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 250973 - CVE-2007-3999 krb5 RPC library buffer overflow 254040 - CVE-2007-4135 nfs-utils-lib NFSv4 user id mapping flaw 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm 80a7bf1fdfb74b567f0b98882b5de084 nfs-utils-lib-1.0.8-7.2.z2.src.rpm i386: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm x86_64: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 0319d4618fd0cfc2ae148f91cb37eb2e nfs-utils-lib-1.0.8-7.2.z2.x86_64.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm 69c11a02a653647939fc32be7c3c2dd2 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm 80a7bf1fdfb74b567f0b98882b5de084 nfs-utils-lib-1.0.8-7.2.z2.src.rpm i386: 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm x86_64: 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm 69c11a02a653647939fc32be7c3c2dd2 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm 33fe924d3a325d426858b6aad70f1fe6 nfs-utils-lib-devel-1.0.8-7.2.z2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm 80a7bf1fdfb74b567f0b98882b5de084 nfs-utils-lib-1.0.8-7.2.z2.src.rpm i386: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm ia64: b49bcc58f42fe1a3c1fb01aa86f40749 nfs-utils-lib-1.0.8-7.2.z2.ia64.rpm ac743b06cbf45483ec3c22ccc7e12f86 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ia64.rpm 981f9c4878a63f59d23c1b56e88a4488 nfs-utils-lib-devel-1.0.8-7.2.z2.ia64.rpm ppc: f9b8f236a9cd1e0af83e75c6328034ef nfs-utils-lib-1.0.8-7.2.z2.ppc.rpm 15f30c10412135fe3c72c3810fbff021 nfs-utils-lib-1.0.8-7.2.z2.ppc64.rpm 9912592260df40ce8844a90103269689 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ppc.rpm 6a81a1c21d61f183a9a3d32a5a434471 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ppc64.rpm e9010a2a7b9051ef213535caf3720c82 nfs-utils-lib-devel-1.0.8-7.2.z2.ppc.rpm 6d0ff75429edca9126c9eb3c03a61060 nfs-utils-lib-devel-1.0.8-7.2.z2.ppc64.rpm s390x: 45ec57215f2edd048a6fbf06bcc0fefe nfs-utils-lib-1.0.8-7.2.z2.s390.rpm ba87ae35fc6b3fefd91bf158d0c77d5d nfs-utils-lib-1.0.8-7.2.z2.s390x.rpm 777e9f6e54acf0ef3eae43e53593713e nfs-utils-lib-debuginfo-1.0.8-7.2.z2.s390.rpm 1a9be8a4081877d406845b4f510715a3 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.s390x.rpm f0cc242918a225377f7b05302a82d5a7 nfs-utils-lib-devel-1.0.8-7.2.z2.s390.rpm dea17a87ca13c7859fdac6607cd489d1 nfs-utils-lib-devel-1.0.8-7.2.z2.s390x.rpm x86_64: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 0319d4618fd0cfc2ae148f91cb37eb2e nfs-utils-lib-1.0.8-7.2.z2.x86_64.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm 69c11a02a653647939fc32be7c3c2dd2 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm 33fe924d3a325d426858b6aad70f1fe6 nfs-utils-lib-devel-1.0.8-7.2.z2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4135 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHArCkXlSAg2UNWIIRAiCbAKCk1Oz03SEgSYH+1w//h0J/u6kHdACfV63H 1VbIkdLN8ULLB67sRYKkMQw= =s53k -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 3 15:51:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Oct 2007 11:51:15 -0400 Subject: [RHSA-2007:0933-01] Moderate: elinks security update Message-ID: <200710031551.l93FpFDo011364@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: elinks security update Advisory ID: RHSA-2007:0933-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0933.html Issue date: 2007-10-03 Updated on: 2007-10-03 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5034 - --------------------------------------------------------------------- 1. Summary: An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: ELinks is a text mode Web browser used from the command line that supports rendering modern web pages. An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. POST data sent via a proxy to an https site is not properly encrypted by ELinks, possibly allowing the disclosure of sensitive information. (CVE-2007-5034) All users of Elinks are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm ia64: d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm ppc: 2901b97c6ad3dd7fae25a44348b82812 elinks-0.9.2-3.3.5.2.ppc.rpm 7a16ed80746799f184ca44be4a096bb5 elinks-debuginfo-0.9.2-3.3.5.2.ppc.rpm s390: 1d225484d90ff04080c3d570dd54e8d5 elinks-0.9.2-3.3.5.2.s390.rpm 4e84ed71e7c0f40106d6aeb254615c08 elinks-debuginfo-0.9.2-3.3.5.2.s390.rpm s390x: f9d32215514a0c003d315cb8a22305bc elinks-0.9.2-3.3.5.2.s390x.rpm bb7f869803f4066e57cd65438016ec72 elinks-debuginfo-0.9.2-3.3.5.2.s390x.rpm x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm ia64: d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/elinks-0.9.2-3.3.5.2.src.rpm f04cc8143e0eeb2479926cfdd47517bc elinks-0.9.2-3.3.5.2.src.rpm i386: 740855a258e36afc4bd02b2dc939f6d0 elinks-0.9.2-3.3.5.2.i386.rpm 317ad4c79abc3d4568fee5e2c9ac4569 elinks-debuginfo-0.9.2-3.3.5.2.i386.rpm ia64: d27d29fc20f082fd5c4e3d16a1f1b96f elinks-0.9.2-3.3.5.2.ia64.rpm b8cc871fe0778f6f53c99d4286ecc974 elinks-debuginfo-0.9.2-3.3.5.2.ia64.rpm x86_64: ca4941f6358b9b351285bb7268ee368c elinks-0.9.2-3.3.5.2.x86_64.rpm 947a60d3793dd1769afba31fe0598b49 elinks-debuginfo-0.9.2-3.3.5.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/elinks-0.11.1-5.1.0.1.el5.src.rpm df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm i386: 7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm 073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm x86_64: 5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm 536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/elinks-0.11.1-5.1.0.1.el5.src.rpm df97aa87a94550dd9c6b8b3ab4e6f717 elinks-0.11.1-5.1.0.1.el5.src.rpm i386: 7b4b7287bc524c45dc55a702ea6243ea elinks-0.11.1-5.1.0.1.el5.i386.rpm 073d91f669aacc7a121c82c3437ddeff elinks-debuginfo-0.11.1-5.1.0.1.el5.i386.rpm ia64: 7bc784e2951af8725c9876a28c942c5d elinks-0.11.1-5.1.0.1.el5.ia64.rpm 15bf78d4bab60a721c2dd815522cd34c elinks-debuginfo-0.11.1-5.1.0.1.el5.ia64.rpm ppc: 04978852cf223ad9d338eea7e4fffe07 elinks-0.11.1-5.1.0.1.el5.ppc.rpm b085052c86f584b8a7f3dcfb01a490f8 elinks-debuginfo-0.11.1-5.1.0.1.el5.ppc.rpm s390x: 32cce00b9e70804720d80e5c2dd80960 elinks-0.11.1-5.1.0.1.el5.s390x.rpm 987063ebff12a8d7358d854f671388a3 elinks-debuginfo-0.11.1-5.1.0.1.el5.s390x.rpm x86_64: 5cd0b473ae6d27f879f48aa2085e6380 elinks-0.11.1-5.1.0.1.el5.x86_64.rpm 536aff78098fdccca9afc5a2b2b43bf5 elinks-debuginfo-0.11.1-5.1.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHA7pqXlSAg2UNWIIRAqU+AKCaV1t53hJ9xjc26607pniXoIEr2ACfXKhv oGS7xQLedqabAGZlQtgeH1I= =8v5x -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 8 08:13:57 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Oct 2007 04:13:57 -0400 Subject: [RHSA-2007:0905-01] Moderate: kdebase security update Message-ID: <200710080813.l988DvoX032443@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: kdebase security update Advisory ID: RHSA-2007:0905-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0905.html Issue date: 2007-10-08 Updated on: 2007-10-08 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4569 CVE-2007-3820 CVE-2007-4224 - --------------------------------------------------------------------- 1. Summary: Updated kdebase packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. These updated packages address the following vulnerabilities: Kees Huijgen found a flaw in the way KDM handled logins when autologin and "shutdown with password" were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569) Two Konqueror address spoofing flaws were discovered. A malicious web site could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 248537 - CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar 251708 - CVE-2007-4224 URL spoof in address bar 287311 - CVE-2007-4569 kdm password-less login vulnerability 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm 0e7a33a2e43f2cd507e2c699ed182e77 kdebase-3.3.1-6.el4.src.rpm i386: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 6ae3e11f0b1762380e73d91d8bd52805 kdebase-devel-3.3.1-6.el4.i386.rpm ia64: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 4080c57c9d0eb829bba52d586050b9f7 kdebase-3.3.1-6.el4.ia64.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 459bc922b6881bd3ef10199db218ca12 kdebase-debuginfo-3.3.1-6.el4.ia64.rpm bca85b0ad189043614ac62ce158cd9a1 kdebase-devel-3.3.1-6.el4.ia64.rpm ppc: 797edcbc95370892dd9de67764fcebff kdebase-3.3.1-6.el4.ppc.rpm d291ff830e08e407b915498c4d2bec11 kdebase-3.3.1-6.el4.ppc64.rpm 920ca223a09af679376788a2fb453237 kdebase-debuginfo-3.3.1-6.el4.ppc.rpm 28900fbb39c5bb68a34ad2cdf962cce8 kdebase-debuginfo-3.3.1-6.el4.ppc64.rpm 02d25dc71e3b286b9d70fb906547c1ee kdebase-devel-3.3.1-6.el4.ppc.rpm s390: a6259b08ab051eb436f5908fe14f5f24 kdebase-3.3.1-6.el4.s390.rpm 4181c309c0e3e5f5195cb0f9bf41d664 kdebase-debuginfo-3.3.1-6.el4.s390.rpm 6f74b509c6ba0e588d3006158dc9d51f kdebase-devel-3.3.1-6.el4.s390.rpm s390x: a6259b08ab051eb436f5908fe14f5f24 kdebase-3.3.1-6.el4.s390.rpm 9b24c7ebbe3757844be4afb6764f90ce kdebase-3.3.1-6.el4.s390x.rpm 4181c309c0e3e5f5195cb0f9bf41d664 kdebase-debuginfo-3.3.1-6.el4.s390.rpm 950527579d1c7e91bb1d8b432839cfe3 kdebase-debuginfo-3.3.1-6.el4.s390x.rpm b488fe840b23130fcb83a964a632c04e kdebase-devel-3.3.1-6.el4.s390x.rpm x86_64: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 2e88800d1b84083080172915aa66e4b5 kdebase-3.3.1-6.el4.x86_64.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 1c7654265f0065e950ca950ef47ded0a kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm ead5a943fd891d92cb7dc68bcef7826b kdebase-devel-3.3.1-6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm 0e7a33a2e43f2cd507e2c699ed182e77 kdebase-3.3.1-6.el4.src.rpm i386: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 6ae3e11f0b1762380e73d91d8bd52805 kdebase-devel-3.3.1-6.el4.i386.rpm x86_64: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 2e88800d1b84083080172915aa66e4b5 kdebase-3.3.1-6.el4.x86_64.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 1c7654265f0065e950ca950ef47ded0a kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm ead5a943fd891d92cb7dc68bcef7826b kdebase-devel-3.3.1-6.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm 0e7a33a2e43f2cd507e2c699ed182e77 kdebase-3.3.1-6.el4.src.rpm i386: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 6ae3e11f0b1762380e73d91d8bd52805 kdebase-devel-3.3.1-6.el4.i386.rpm ia64: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 4080c57c9d0eb829bba52d586050b9f7 kdebase-3.3.1-6.el4.ia64.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 459bc922b6881bd3ef10199db218ca12 kdebase-debuginfo-3.3.1-6.el4.ia64.rpm bca85b0ad189043614ac62ce158cd9a1 kdebase-devel-3.3.1-6.el4.ia64.rpm x86_64: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 2e88800d1b84083080172915aa66e4b5 kdebase-3.3.1-6.el4.x86_64.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 1c7654265f0065e950ca950ef47ded0a kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm ead5a943fd891d92cb7dc68bcef7826b kdebase-devel-3.3.1-6.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm 0e7a33a2e43f2cd507e2c699ed182e77 kdebase-3.3.1-6.el4.src.rpm i386: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 6ae3e11f0b1762380e73d91d8bd52805 kdebase-devel-3.3.1-6.el4.i386.rpm ia64: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 4080c57c9d0eb829bba52d586050b9f7 kdebase-3.3.1-6.el4.ia64.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 459bc922b6881bd3ef10199db218ca12 kdebase-debuginfo-3.3.1-6.el4.ia64.rpm bca85b0ad189043614ac62ce158cd9a1 kdebase-devel-3.3.1-6.el4.ia64.rpm x86_64: 4293f4d3f0e1168e29dfab6257655dd9 kdebase-3.3.1-6.el4.i386.rpm 2e88800d1b84083080172915aa66e4b5 kdebase-3.3.1-6.el4.x86_64.rpm 8dc6b2b0dc4f689f84e1d90916b8b5b3 kdebase-debuginfo-3.3.1-6.el4.i386.rpm 1c7654265f0065e950ca950ef47ded0a kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm ead5a943fd891d92cb7dc68bcef7826b kdebase-devel-3.3.1-6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdebase-3.5.4-15.el5.src.rpm aa0b359a47ff978b465d54bee7650895 kdebase-3.5.4-15.el5.src.rpm i386: bf677edbe1fdcf6a4ece9c584d93b8ef kdebase-3.5.4-15.el5.i386.rpm f5f008459a0974338f81bd7ee558ab98 kdebase-debuginfo-3.5.4-15.el5.i386.rpm x86_64: bf677edbe1fdcf6a4ece9c584d93b8ef kdebase-3.5.4-15.el5.i386.rpm 333546f51e787502de426209747feb79 kdebase-3.5.4-15.el5.x86_64.rpm f5f008459a0974338f81bd7ee558ab98 kdebase-debuginfo-3.5.4-15.el5.i386.rpm 97f9c313bbe321df3f246ca2dd9ca0c3 kdebase-debuginfo-3.5.4-15.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdebase-3.5.4-15.el5.src.rpm aa0b359a47ff978b465d54bee7650895 kdebase-3.5.4-15.el5.src.rpm i386: f5f008459a0974338f81bd7ee558ab98 kdebase-debuginfo-3.5.4-15.el5.i386.rpm e67261c295813b9f51d3534de4617a46 kdebase-devel-3.5.4-15.el5.i386.rpm x86_64: f5f008459a0974338f81bd7ee558ab98 kdebase-debuginfo-3.5.4-15.el5.i386.rpm 97f9c313bbe321df3f246ca2dd9ca0c3 kdebase-debuginfo-3.5.4-15.el5.x86_64.rpm e67261c295813b9f51d3534de4617a46 kdebase-devel-3.5.4-15.el5.i386.rpm 5c0aef38590702d9b9c13cab87b4ba4e kdebase-devel-3.5.4-15.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kdebase-3.5.4-15.el5.src.rpm aa0b359a47ff978b465d54bee7650895 kdebase-3.5.4-15.el5.src.rpm i386: bf677edbe1fdcf6a4ece9c584d93b8ef kdebase-3.5.4-15.el5.i386.rpm f5f008459a0974338f81bd7ee558ab98 kdebase-debuginfo-3.5.4-15.el5.i386.rpm e67261c295813b9f51d3534de4617a46 kdebase-devel-3.5.4-15.el5.i386.rpm ia64: 94ddb56d1e0170014e7274211f0f5813 kdebase-3.5.4-15.el5.ia64.rpm 2f781b36f9368c7e3292b7ab4ca04733 kdebase-debuginfo-3.5.4-15.el5.ia64.rpm 842fc8df4d585792f2d03102385e8cef kdebase-devel-3.5.4-15.el5.ia64.rpm ppc: a596dcc157092602ba35a6e926c196cf kdebase-3.5.4-15.el5.ppc.rpm d8f78019b7b79bdc75a44a1ae2089fac kdebase-3.5.4-15.el5.ppc64.rpm 6f8dc739f9d8894d8ad03462b8c81bf6 kdebase-debuginfo-3.5.4-15.el5.ppc.rpm ee63b6defec2f759f80c0f8ea1d06637 kdebase-debuginfo-3.5.4-15.el5.ppc64.rpm d6ab4becd323dbfc9ca5bad7c6827e87 kdebase-devel-3.5.4-15.el5.ppc.rpm acbe4ebcb7c6b4b9c2a858af9b314caa kdebase-devel-3.5.4-15.el5.ppc64.rpm s390x: 3e9d1752110a82c727e41ffadf4c2cea kdebase-3.5.4-15.el5.s390.rpm 8fa7bf1d8ccb6a1646a0ee2c05e2c54d kdebase-3.5.4-15.el5.s390x.rpm 1bc000691ddee37f77f4f73995975293 kdebase-debuginfo-3.5.4-15.el5.s390.rpm b2df75a2b7f0d7fae7f24e51d05a44b0 kdebase-debuginfo-3.5.4-15.el5.s390x.rpm cc6726d7eebcd9e1cc9811cf2b8b8661 kdebase-devel-3.5.4-15.el5.s390.rpm c6d4567f015a6d31010c3724060d1fcb kdebase-devel-3.5.4-15.el5.s390x.rpm x86_64: bf677edbe1fdcf6a4ece9c584d93b8ef kdebase-3.5.4-15.el5.i386.rpm 333546f51e787502de426209747feb79 kdebase-3.5.4-15.el5.x86_64.rpm f5f008459a0974338f81bd7ee558ab98 kdebase-debuginfo-3.5.4-15.el5.i386.rpm 97f9c313bbe321df3f246ca2dd9ca0c3 kdebase-debuginfo-3.5.4-15.el5.x86_64.rpm e67261c295813b9f51d3534de4617a46 kdebase-devel-3.5.4-15.el5.i386.rpm 5c0aef38590702d9b9c13cab87b4ba4e kdebase-devel-3.5.4-15.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHCea9XlSAg2UNWIIRAhDLAJ9xEc0ooD1OLYgGOznBf0KMbqeL9wCfXh9J UGsWuHnf7N/Xfr9Rx5wSGio= =Y2Ex -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 8 08:14:05 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Oct 2007 04:14:05 -0400 Subject: [RHSA-2007:0909-01] Moderate: kdelibs security update Message-ID: <200710080814.l988E5UA032465@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: kdelibs security update Advisory ID: RHSA-2007:0909-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0909.html Issue date: 2007-10-08 Updated on: 2007-10-08 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0242 CVE-2007-0537 CVE-2007-1308 CVE-2007-1564 CVE-2007-3820 CVE-2007-4224 - --------------------------------------------------------------------- 1. Summary: Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 229606 - CVE-2007-0537 konqueror XSS 233592 - CVE-2007-1564 FTP protocol PASV design flaw affects konqueror 234633 - CVE-2007-0242 QT UTF8 improper character expansion 248537 - CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar 251708 - CVE-2007-4224 URL spoof in address bar 299891 - CVE-2007-1308 kdelibs KDE JavaScript denial of service (crash) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm 4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm i386: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm 48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm ia64: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm 3df7ac0ae7500ccc3ce57d6f34bf475a kdelibs-3.3.1-9.el4.ia64.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm 09be826e42e02f1127674a3a0a6c0a3a kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm fe8fe5f994ab48ae8fab363832419204 kdelibs-devel-3.3.1-9.el4.ia64.rpm ppc: 7b134aed54478415a8e4be498be8e919 kdelibs-3.3.1-9.el4.ppc.rpm 464d937764cf050cb37f213dc677ed8d kdelibs-3.3.1-9.el4.ppc64.rpm 779363c80d7de0d18ccaf00281e39cea kdelibs-debuginfo-3.3.1-9.el4.ppc.rpm 64d7f0d7f599f0fd79f2b255f2930731 kdelibs-debuginfo-3.3.1-9.el4.ppc64.rpm d134d0d0233a59b060b3befd9f12ae14 kdelibs-devel-3.3.1-9.el4.ppc.rpm s390: f3655e6c3230a2afc0e24569b1226cf9 kdelibs-3.3.1-9.el4.s390.rpm 67679bb530d305e872c466d8756e4f2b kdelibs-debuginfo-3.3.1-9.el4.s390.rpm 21c32310827a4e7572be6750bd16e6ca kdelibs-devel-3.3.1-9.el4.s390.rpm s390x: f3655e6c3230a2afc0e24569b1226cf9 kdelibs-3.3.1-9.el4.s390.rpm b79978750768f1786f90bbfb5fe50c88 kdelibs-3.3.1-9.el4.s390x.rpm 67679bb530d305e872c466d8756e4f2b kdelibs-debuginfo-3.3.1-9.el4.s390.rpm f8f34ccf13d54e3d7fa515546870eb96 kdelibs-debuginfo-3.3.1-9.el4.s390x.rpm 9f9d7f3481582d30eff7b9b826a14ebe kdelibs-devel-3.3.1-9.el4.s390x.rpm x86_64: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm 45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm 28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm 4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm i386: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm 48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm x86_64: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm 45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm 28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm 4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm i386: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm 48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm ia64: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm 3df7ac0ae7500ccc3ce57d6f34bf475a kdelibs-3.3.1-9.el4.ia64.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm 09be826e42e02f1127674a3a0a6c0a3a kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm fe8fe5f994ab48ae8fab363832419204 kdelibs-devel-3.3.1-9.el4.ia64.rpm x86_64: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm 45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm 28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm 4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm i386: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm 48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm ia64: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm 3df7ac0ae7500ccc3ce57d6f34bf475a kdelibs-3.3.1-9.el4.ia64.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm 09be826e42e02f1127674a3a0a6c0a3a kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm fe8fe5f994ab48ae8fab363832419204 kdelibs-devel-3.3.1-9.el4.ia64.rpm x86_64: d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm 45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm 28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdelibs-3.5.4-13.el5.src.rpm e6ceb931f57d243382512a4e05987c66 kdelibs-3.5.4-13.el5.src.rpm i386: 2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm fcb32b8d69e5a8650a53b5d6ac347e66 kdelibs-apidocs-3.5.4-13.el5.i386.rpm 8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm x86_64: 2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm 68709b52718e0745e3dbd5bb7a04230b kdelibs-3.5.4-13.el5.x86_64.rpm 3f8d019e0ecfcf919d5b3c55757e6101 kdelibs-apidocs-3.5.4-13.el5.x86_64.rpm 8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm 173697bfc07630bc2828a8aec6adc138 kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdelibs-3.5.4-13.el5.src.rpm e6ceb931f57d243382512a4e05987c66 kdelibs-3.5.4-13.el5.src.rpm i386: 8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm 222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm x86_64: 8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm 173697bfc07630bc2828a8aec6adc138 kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm 222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm 7beda8e6b585f62c52e032c6cdee89ea kdelibs-devel-3.5.4-13.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kdelibs-3.5.4-13.el5.src.rpm e6ceb931f57d243382512a4e05987c66 kdelibs-3.5.4-13.el5.src.rpm i386: 2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm fcb32b8d69e5a8650a53b5d6ac347e66 kdelibs-apidocs-3.5.4-13.el5.i386.rpm 8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm 222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm ia64: f5dbf1ec8eceebb294fb9d23b95b4364 kdelibs-3.5.4-13.el5.ia64.rpm cc7710e3dc78bfdccf3ada21f8fbb9de kdelibs-apidocs-3.5.4-13.el5.ia64.rpm 2b4c5c7219a48aea1834015035fccfbd kdelibs-debuginfo-3.5.4-13.el5.ia64.rpm e64135af218a2b089ce7005fed87a04b kdelibs-devel-3.5.4-13.el5.ia64.rpm ppc: 29bd915319ed22e56e0d137253cc852b kdelibs-3.5.4-13.el5.ppc.rpm 46615b20f403cbeb477f86c46c67ac44 kdelibs-3.5.4-13.el5.ppc64.rpm eecf5dc5a052e5defdd3a6816d5b9ae2 kdelibs-apidocs-3.5.4-13.el5.ppc.rpm ea2e4697883a77d5bedfad55ed662ec9 kdelibs-debuginfo-3.5.4-13.el5.ppc.rpm 63065e25fd7d07a7650c21bc24ae285e kdelibs-debuginfo-3.5.4-13.el5.ppc64.rpm 7c556ec7f4c29086ce2dcdee62f5fd14 kdelibs-devel-3.5.4-13.el5.ppc.rpm 2be63373a24d12f1206fe81de6e2c1e9 kdelibs-devel-3.5.4-13.el5.ppc64.rpm s390x: 230dcdb2da9a862e102b32168c792885 kdelibs-3.5.4-13.el5.s390.rpm 0bfb7027d74d2e5d1d4128aa29673227 kdelibs-3.5.4-13.el5.s390x.rpm e750100c621dcc5143b22c47a9e3ca0b kdelibs-apidocs-3.5.4-13.el5.s390x.rpm c7e610193fcb2219e344e6529f473570 kdelibs-debuginfo-3.5.4-13.el5.s390.rpm ac0617c7269a39e793409db486e5a314 kdelibs-debuginfo-3.5.4-13.el5.s390x.rpm 612e4e315bbb301dfc449d9c270f293e kdelibs-devel-3.5.4-13.el5.s390.rpm e7937888bf5d32ba188396ee82bf2fd1 kdelibs-devel-3.5.4-13.el5.s390x.rpm x86_64: 2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm 68709b52718e0745e3dbd5bb7a04230b kdelibs-3.5.4-13.el5.x86_64.rpm 3f8d019e0ecfcf919d5b3c55757e6101 kdelibs-apidocs-3.5.4-13.el5.x86_64.rpm 8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm 173697bfc07630bc2828a8aec6adc138 kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm 222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm 7beda8e6b585f62c52e032c6cdee89ea kdelibs-devel-3.5.4-13.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHCebKXlSAg2UNWIIRAgG+AJ9AiWwUiSB+1AYF6gC4rFMZAlvzQgCgnvDw GZzAI8Yhuu/XrZRWA4myHso= =wJQp -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 8 08:14:30 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Oct 2007 04:14:30 -0400 Subject: [RHSA-2007:0932-01] Moderate: pwlib security update Message-ID: <200710080814.l988EUpS032484@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: pwlib security update Advisory ID: RHSA-2007:0932-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0932.html Issue date: 2007-10-08 Updated on: 2007-10-08 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4897 - --------------------------------------------------------------------- 1. Summary: Updated pwlib packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: PWLib is a library used to support cross-platform applications. In Red Hat Enterprise Linux 5, the Ekiga teleconferencing application uses PWLib. A memory management flaw was discovered in PWLib. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with pwlib (CVE-2007-4897). Users should upgrade to these updated packages which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 292831 - CVE-2007-4897 ekiga GetHostAddress remote DoS 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pwlib-1.10.1-7.0.1.el5.src.rpm 12bf503921102722f4fd4a186dbfe33a pwlib-1.10.1-7.0.1.el5.src.rpm i386: 817015505ca658d99a772f9767c9a68d pwlib-1.10.1-7.0.1.el5.i386.rpm c63326632da424bfa642294768361812 pwlib-debuginfo-1.10.1-7.0.1.el5.i386.rpm x86_64: 0d60956bb433f4806818e508ca834634 pwlib-1.10.1-7.0.1.el5.x86_64.rpm 680df82f90ddc98f7dde1496cd19258e pwlib-debuginfo-1.10.1-7.0.1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pwlib-1.10.1-7.0.1.el5.src.rpm 12bf503921102722f4fd4a186dbfe33a pwlib-1.10.1-7.0.1.el5.src.rpm i386: c63326632da424bfa642294768361812 pwlib-debuginfo-1.10.1-7.0.1.el5.i386.rpm a89f52f37a42bb2f99fd46624c13288d pwlib-devel-1.10.1-7.0.1.el5.i386.rpm x86_64: 680df82f90ddc98f7dde1496cd19258e pwlib-debuginfo-1.10.1-7.0.1.el5.x86_64.rpm 1b5db71a779c5dce18f44545403c6462 pwlib-devel-1.10.1-7.0.1.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pwlib-1.10.1-7.0.1.el5.src.rpm 12bf503921102722f4fd4a186dbfe33a pwlib-1.10.1-7.0.1.el5.src.rpm i386: 817015505ca658d99a772f9767c9a68d pwlib-1.10.1-7.0.1.el5.i386.rpm c63326632da424bfa642294768361812 pwlib-debuginfo-1.10.1-7.0.1.el5.i386.rpm a89f52f37a42bb2f99fd46624c13288d pwlib-devel-1.10.1-7.0.1.el5.i386.rpm x86_64: 0d60956bb433f4806818e508ca834634 pwlib-1.10.1-7.0.1.el5.x86_64.rpm 680df82f90ddc98f7dde1496cd19258e pwlib-debuginfo-1.10.1-7.0.1.el5.x86_64.rpm 1b5db71a779c5dce18f44545403c6462 pwlib-devel-1.10.1-7.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHCebhXlSAg2UNWIIRAssgAJ4ynga1gyDr/AcpuRcvIL9lvoFA1ACcC1Yn 4BPRiKaupq7G/romhXW7618= =YQzW -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 8 08:14:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Oct 2007 04:14:37 -0400 Subject: [RHSA-2007:0957-01] Moderate: opal security update Message-ID: <200710080814.l988Eb61032488@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: opal security update Advisory ID: RHSA-2007:0957-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0957.html Issue date: 2007-10-08 Updated on: 2007-10-08 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4924 - --------------------------------------------------------------------- 1. Summary: Updated opal packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: Open Phone Abstraction Library (opal) is implementation of various telephony and video communication protocols for use over packet based networks. In Red Hat Enterprise Linux 5, the Ekiga application uses opal. A flaw was discovered in the way opal handled certain Session Initiation Protocol (SIP) packets. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with opal. (CVE-2007-4924) Users should upgrade to these updated opal packages which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 296371 - CVE-2007-4924 ekiga remote crash caused by insufficient input validation 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/opal-2.2.2-1.1.0.1.src.rpm e8f4df804ac6245a4e41262f847b66da opal-2.2.2-1.1.0.1.src.rpm i386: c15683ea9ee48593ccd10d86e5261594 opal-2.2.2-1.1.0.1.i386.rpm 99d76983467cfb165a2d6e90354d5fbb opal-debuginfo-2.2.2-1.1.0.1.i386.rpm x86_64: 6eade6ae26711964dd706eef11e200b5 opal-2.2.2-1.1.0.1.x86_64.rpm 3ae2495aa4e07a0a31c9e60f7b85136d opal-debuginfo-2.2.2-1.1.0.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/opal-2.2.2-1.1.0.1.src.rpm e8f4df804ac6245a4e41262f847b66da opal-2.2.2-1.1.0.1.src.rpm i386: 99d76983467cfb165a2d6e90354d5fbb opal-debuginfo-2.2.2-1.1.0.1.i386.rpm 46f1516b61bf9ac4a2078141fe520c63 opal-devel-2.2.2-1.1.0.1.i386.rpm x86_64: 3ae2495aa4e07a0a31c9e60f7b85136d opal-debuginfo-2.2.2-1.1.0.1.x86_64.rpm 0610e0dbfb007c36b071032cba0a3382 opal-devel-2.2.2-1.1.0.1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/opal-2.2.2-1.1.0.1.src.rpm e8f4df804ac6245a4e41262f847b66da opal-2.2.2-1.1.0.1.src.rpm i386: c15683ea9ee48593ccd10d86e5261594 opal-2.2.2-1.1.0.1.i386.rpm 99d76983467cfb165a2d6e90354d5fbb opal-debuginfo-2.2.2-1.1.0.1.i386.rpm 46f1516b61bf9ac4a2078141fe520c63 opal-devel-2.2.2-1.1.0.1.i386.rpm x86_64: 6eade6ae26711964dd706eef11e200b5 opal-2.2.2-1.1.0.1.x86_64.rpm 3ae2495aa4e07a0a31c9e60f7b85136d opal-debuginfo-2.2.2-1.1.0.1.x86_64.rpm 0610e0dbfb007c36b071032cba0a3382 opal-devel-2.2.2-1.1.0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4924 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHCebqXlSAg2UNWIIRAn2aAKDAPEHlIpwODQmb4sYiK5Yvh7d3swCgrFIG RnAVTzNOLriIX2p9sLXJmb0= =DULz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 11 18:26:25 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Oct 2007 14:26:25 -0400 Subject: [RHSA-2007:0876-01] Moderate: tomcat security update Message-ID: <200710111826.l9BIQPYK022883@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: tomcat security update Advisory ID: RHSA-2007:0876-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0876.html Issue date: 2007-10-11 Updated on: 2007-10-11 Product: Red Hat Application Server CVE Names: CVE-2007-1358 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 - --------------------------------------------------------------------- 1. Summary: Updated tomcat packages that fix multiple security issues are now available for Red Hat Application Server v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Server v2 4AS - noarch Red Hat Application Server v2 4ES - noarch Red Hat Application Server v2 4WS - noarch 3. Problem description: Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat incorrectly handled "Accept-Language" headers that do not conform to RFC 2616. An attacker was able to perform cross-site scripting (XSS) attacks in certain applications (CVE-2007-1358). Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386). Users of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 244803 - CVE-2007-1358 tomcat accept-language xss flaw 244804 - CVE-2007-2449 tomcat examples jsp XSS 244808 - CVE-2007-2450 tomcat host manager XSS 247972 - CVE-2007-3382 tomcat handling of cookies 247976 - CVE-2007-3385 tomcat handling of cookie values 247994 - CVE-2007-3386 tomcat host manager xss 6. RPMs required: Red Hat Application Server v2 4AS: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/RHAPS/SRPMS/tomcat5-5.5.23-0jpp_4rh.4.src.rpm c8a9674009457794d5969b0a4db09888 tomcat5-5.5.23-0jpp_4rh.4.src.rpm noarch: 92c991a50808cc48ff7538e3320cd146 tomcat5-5.5.23-0jpp_4rh.4.noarch.rpm 364a741ad7d232a9fe1cf3e183001520 tomcat5-admin-webapps-5.5.23-0jpp_4rh.4.noarch.rpm c7afc607c579c4db42bcc094df7b5498 tomcat5-common-lib-5.5.23-0jpp_4rh.4.noarch.rpm 044ec1d57f92903b32c4dd3f97211ea4 tomcat5-jasper-5.5.23-0jpp_4rh.4.noarch.rpm 2790253849bae9be0960517cfd781c4c tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 0d64bdd04f35659f0b425843bf4cfda2 tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.4.noarch.rpm 7b8448505ae5e74010fa8fb37084dd6e tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 3397d6f2b3ed49fcaa5616fb3363c0ce tomcat5-server-lib-5.5.23-0jpp_4rh.4.noarch.rpm 8f28858bc131b40e9effdac8f0d445ad tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.4.noarch.rpm 0ea67bc6674bbc1e6fc50809a6594d9b tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 6ca13028e1547f3630aefcfd73a84424 tomcat5-webapps-5.5.23-0jpp_4rh.4.noarch.rpm Red Hat Application Server v2 4ES: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/RHAPS/SRPMS/tomcat5-5.5.23-0jpp_4rh.4.src.rpm c8a9674009457794d5969b0a4db09888 tomcat5-5.5.23-0jpp_4rh.4.src.rpm noarch: 92c991a50808cc48ff7538e3320cd146 tomcat5-5.5.23-0jpp_4rh.4.noarch.rpm 364a741ad7d232a9fe1cf3e183001520 tomcat5-admin-webapps-5.5.23-0jpp_4rh.4.noarch.rpm c7afc607c579c4db42bcc094df7b5498 tomcat5-common-lib-5.5.23-0jpp_4rh.4.noarch.rpm 044ec1d57f92903b32c4dd3f97211ea4 tomcat5-jasper-5.5.23-0jpp_4rh.4.noarch.rpm 2790253849bae9be0960517cfd781c4c tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 0d64bdd04f35659f0b425843bf4cfda2 tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.4.noarch.rpm 7b8448505ae5e74010fa8fb37084dd6e tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 3397d6f2b3ed49fcaa5616fb3363c0ce tomcat5-server-lib-5.5.23-0jpp_4rh.4.noarch.rpm 8f28858bc131b40e9effdac8f0d445ad tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.4.noarch.rpm 0ea67bc6674bbc1e6fc50809a6594d9b tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 6ca13028e1547f3630aefcfd73a84424 tomcat5-webapps-5.5.23-0jpp_4rh.4.noarch.rpm Red Hat Application Server v2 4WS: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/RHAPS/SRPMS/tomcat5-5.5.23-0jpp_4rh.4.src.rpm c8a9674009457794d5969b0a4db09888 tomcat5-5.5.23-0jpp_4rh.4.src.rpm noarch: 92c991a50808cc48ff7538e3320cd146 tomcat5-5.5.23-0jpp_4rh.4.noarch.rpm 364a741ad7d232a9fe1cf3e183001520 tomcat5-admin-webapps-5.5.23-0jpp_4rh.4.noarch.rpm c7afc607c579c4db42bcc094df7b5498 tomcat5-common-lib-5.5.23-0jpp_4rh.4.noarch.rpm 044ec1d57f92903b32c4dd3f97211ea4 tomcat5-jasper-5.5.23-0jpp_4rh.4.noarch.rpm 2790253849bae9be0960517cfd781c4c tomcat5-jasper-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 0d64bdd04f35659f0b425843bf4cfda2 tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.4.noarch.rpm 7b8448505ae5e74010fa8fb37084dd6e tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 3397d6f2b3ed49fcaa5616fb3363c0ce tomcat5-server-lib-5.5.23-0jpp_4rh.4.noarch.rpm 8f28858bc131b40e9effdac8f0d445ad tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.4.noarch.rpm 0ea67bc6674bbc1e6fc50809a6594d9b tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp_4rh.4.noarch.rpm 6ca13028e1547f3630aefcfd73a84424 tomcat5-webapps-5.5.23-0jpp_4rh.4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 http://tomcat.apache.org/security-5.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHDmrOXlSAg2UNWIIRAl3OAJ0QBkIqF754UEPVQFJ7Gr+1CcBOfQCgp7iW aIwNdS1PiHUTzjC3Yd+l+IM= =AQ6M -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 11 18:26:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Oct 2007 14:26:32 -0400 Subject: [RHSA-2007:0912-01] Important: libvorbis security update Message-ID: <200710111826.l9BIQWb9022896@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: libvorbis security update Advisory ID: RHSA-2007:0912-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0912.html Issue date: 2007-10-11 Updated on: 2007-10-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3106 CVE-2007-4029 CVE-2007-4065 CVE-2007-4066 - --------------------------------------------------------------------- 1. Summary: Updated libvorbis packages to correct several security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Several flaws were found in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash or execute arbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029, CVE-2007-4065, CVE-2007-4066) Users of libvorbis are advised to upgrade to this updated package, which contains backported patches that resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245991 - CVE-2007-3106 libvorbis array boundary condition 249780 - CVE-2007-4065 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libvorbis-1.0rc2-7.el2.src.rpm b454698b9ea8aa9c498a907e2b86c4a1 libvorbis-1.0rc2-7.el2.src.rpm i386: 1fcc426b0d1ef1ded097ac5bfcc9be0f libvorbis-1.0rc2-7.el2.i386.rpm 9db24d689a071de98362e3ed34c39bec libvorbis-devel-1.0rc2-7.el2.i386.rpm ia64: fcbdccf22526dab1b2bec43cc184a502 libvorbis-1.0rc2-7.el2.ia64.rpm a1ae14c49922e0c91e5d2912dcd1d6a3 libvorbis-devel-1.0rc2-7.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libvorbis-1.0rc2-7.el2.src.rpm b454698b9ea8aa9c498a907e2b86c4a1 libvorbis-1.0rc2-7.el2.src.rpm ia64: fcbdccf22526dab1b2bec43cc184a502 libvorbis-1.0rc2-7.el2.ia64.rpm a1ae14c49922e0c91e5d2912dcd1d6a3 libvorbis-devel-1.0rc2-7.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libvorbis-1.0rc2-7.el2.src.rpm b454698b9ea8aa9c498a907e2b86c4a1 libvorbis-1.0rc2-7.el2.src.rpm i386: 1fcc426b0d1ef1ded097ac5bfcc9be0f libvorbis-1.0rc2-7.el2.i386.rpm 9db24d689a071de98362e3ed34c39bec libvorbis-devel-1.0rc2-7.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libvorbis-1.0rc2-7.el2.src.rpm b454698b9ea8aa9c498a907e2b86c4a1 libvorbis-1.0rc2-7.el2.src.rpm i386: 1fcc426b0d1ef1ded097ac5bfcc9be0f libvorbis-1.0rc2-7.el2.i386.rpm 9db24d689a071de98362e3ed34c39bec libvorbis-devel-1.0rc2-7.el2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHDmrWXlSAg2UNWIIRArIvAKCnYltJ7S8S6aWcpTw5cEsZQo8hVQCgjQPm UG3BXmM93r21UjGpipGCwUQ= =cgAI -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 11 18:26:38 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Oct 2007 14:26:38 -0400 Subject: [RHSA-2007:0960-01] Important: hplip security update Message-ID: <200710111826.l9BIQc9A022904@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: hplip security update Advisory ID: RHSA-2007:0960-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0960.html Issue date: 2007-10-11 Updated on: 2007-10-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5208 - --------------------------------------------------------------------- 1. Summary: An updated hplip package to correct a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 3. Problem description: The hplip (Hewlett-Packard Linux Imaging and Printing Project) package provides drivers for HP printers and multi-function peripherals. Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. (CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted policy for hpssd which is enabled by default, blocks the ability to exploit this issue to run arbitrary code. Users of hplip are advised to upgrade to this updated package, which contains backported patches to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 319921 - CVE-2007-5208 hplip arbitrary command execution 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm c5f2b2ce887ac95075ba475d45baac01 hplip-1.6.7-4.1.el5_0.3.src.rpm i386: 4be2c867b1246aeed68d0844596d787c hpijs-1.6.7-4.1.el5_0.3.i386.rpm 7afd906783f52fe1fa197fc1f3856715 hplip-1.6.7-4.1.el5_0.3.i386.rpm 5742b8afde9f3b3cb0d55c2921ba2e9a hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm da6f95abff9164ef5bae0047158c15b0 libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm x86_64: 747e4df638df0a43104e0836d229d079 hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm a9eef76431a904c7bc8f306e133e496f hplip-1.6.7-4.1.el5_0.3.x86_64.rpm 1bbd3357075d96b2ed3d6126a7714032 hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm 2b58cb4d8adf686133f691888887cbbf libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm c5f2b2ce887ac95075ba475d45baac01 hplip-1.6.7-4.1.el5_0.3.src.rpm i386: 4be2c867b1246aeed68d0844596d787c hpijs-1.6.7-4.1.el5_0.3.i386.rpm 7afd906783f52fe1fa197fc1f3856715 hplip-1.6.7-4.1.el5_0.3.i386.rpm 5742b8afde9f3b3cb0d55c2921ba2e9a hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm da6f95abff9164ef5bae0047158c15b0 libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm ia64: 7cf2ec0558c04de7ee684bb67315a752 hpijs-1.6.7-4.1.el5_0.3.ia64.rpm f43e3af12f7377c05bf629b6a893ba1d hplip-1.6.7-4.1.el5_0.3.ia64.rpm 93f88c75d678539ee3a1efdffee5b8eb hplip-debuginfo-1.6.7-4.1.el5_0.3.ia64.rpm d40d9655bbb0774cae895de6fd93c63e libsane-hpaio-1.6.7-4.1.el5_0.3.ia64.rpm ppc: 4ca6e4a9d3f6abf3d990af0eff16e602 hpijs-1.6.7-4.1.el5_0.3.ppc.rpm a9793da0ce6476abccdb932bc28807c4 hplip-1.6.7-4.1.el5_0.3.ppc.rpm b9d06b0bffd5a93252120da08a2691fc hplip-debuginfo-1.6.7-4.1.el5_0.3.ppc.rpm d4713ab787b5f3fa636a6a6dc2a27caf libsane-hpaio-1.6.7-4.1.el5_0.3.ppc.rpm x86_64: 747e4df638df0a43104e0836d229d079 hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm a9eef76431a904c7bc8f306e133e496f hplip-1.6.7-4.1.el5_0.3.x86_64.rpm 1bbd3357075d96b2ed3d6126a7714032 hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm 2b58cb4d8adf686133f691888887cbbf libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHDmrcXlSAg2UNWIIRAv3gAJ9lilA7doBsplxy2WXbHIHSnYvc+gCgoRQF m1qAthSbglekmykuzjq8t50= =Q+AF -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 12 09:57:54 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 12 Oct 2007 05:57:54 -0400 Subject: [RHSA-2007:0963-01] Important: java-1.5.0-sun security update Message-ID: <200710120957.l9C9vsGN027358@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: java-1.5.0-sun security update Advisory ID: RHSA-2007:0963-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0963.html Issue date: 2007-10-12 Updated on: 2007-10-12 Product: Red Hat Enterprise Linux Extras CVE Names: CVE-2007-5232 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274 - --------------------------------------------------------------------- 1. Summary: Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Problem description: The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Multiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238) Untrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5274) In Red Hat Enterprise Linux a Java Web Start application requesting elevated permissions is only started automatically when signed with a trusted code signing certificate and otherwise requires user confirmation to access privileged resources. All users of java-sun-1.5.0 should upgrade to these packages, which contain Sun Java 1.5.0 Update 13 that corrects these issues. Please note that during our quality testing we discovered that the Java browser plug-in may not function perfectly when visiting some sites that make use of multiple applets on a single HTML page. We have verified that this issue is not due to our packaging and affects Sun Java 1.5.0 Update 13. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 321951 - CVE-2007-5232 Security Vulnerability in Java Runtime Environment With Applet Caching 321961 - CVE-2007-5238 Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache 321981 - CVE-2007-5239 Untrusted Application or Applet May Move or Copy Arbitrary Files 321991 - CVE-2007-5240 Applets or Applications are allowed to display an oversized window 324351 - CVE-2007-5273 Anti-DNS Pinning and Java Applets with HTTP proxy 324361 - CVE-2007-5274 Anti-DNS Pinning and Java Applets with Opera and Firefox 6. RPMs required: Red Hat Enterprise Linux AS version 4 Extras: i386: 3706c9413164ce5b813c58cccdef2c0d java-1.5.0-sun-1.5.0.13-1jpp.1.el4.i586.rpm fc5b7afe7ad0dafc7674046926e4a85d java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.i586.rpm 18cf410980bd3bf9c6efd15e65a5ab55 java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.i586.rpm a8836d4cddc258e716b1b3c391e3e703 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.i586.rpm 7ccd54c80d4fc8af6fd734454c513916 java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el4.i586.rpm 55c3f4337a6c7a7f24961ea1aab7cc51 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.i586.rpm x86_64: 910cd54c393e23be712e998c71896f4a java-1.5.0-sun-1.5.0.13-1jpp.1.el4.x86_64.rpm d7212d88844bab46f7100886fcbd9957 java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.x86_64.rpm b199fc01e8f065cf24682f529c0124bf java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.x86_64.rpm acc23e5c0ca693c9b0687072db464e12 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.x86_64.rpm ecc90825333738682d92f571622fc071 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: 3706c9413164ce5b813c58cccdef2c0d java-1.5.0-sun-1.5.0.13-1jpp.1.el4.i586.rpm fc5b7afe7ad0dafc7674046926e4a85d java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.i586.rpm 18cf410980bd3bf9c6efd15e65a5ab55 java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.i586.rpm a8836d4cddc258e716b1b3c391e3e703 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.i586.rpm 7ccd54c80d4fc8af6fd734454c513916 java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el4.i586.rpm 55c3f4337a6c7a7f24961ea1aab7cc51 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.i586.rpm x86_64: 910cd54c393e23be712e998c71896f4a java-1.5.0-sun-1.5.0.13-1jpp.1.el4.x86_64.rpm d7212d88844bab46f7100886fcbd9957 java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.x86_64.rpm b199fc01e8f065cf24682f529c0124bf java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.x86_64.rpm acc23e5c0ca693c9b0687072db464e12 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.x86_64.rpm ecc90825333738682d92f571622fc071 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: 3706c9413164ce5b813c58cccdef2c0d java-1.5.0-sun-1.5.0.13-1jpp.1.el4.i586.rpm fc5b7afe7ad0dafc7674046926e4a85d java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.i586.rpm 18cf410980bd3bf9c6efd15e65a5ab55 java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.i586.rpm a8836d4cddc258e716b1b3c391e3e703 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.i586.rpm 7ccd54c80d4fc8af6fd734454c513916 java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el4.i586.rpm 55c3f4337a6c7a7f24961ea1aab7cc51 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.i586.rpm x86_64: 910cd54c393e23be712e998c71896f4a java-1.5.0-sun-1.5.0.13-1jpp.1.el4.x86_64.rpm d7212d88844bab46f7100886fcbd9957 java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.x86_64.rpm b199fc01e8f065cf24682f529c0124bf java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.x86_64.rpm acc23e5c0ca693c9b0687072db464e12 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.x86_64.rpm ecc90825333738682d92f571622fc071 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: 3706c9413164ce5b813c58cccdef2c0d java-1.5.0-sun-1.5.0.13-1jpp.1.el4.i586.rpm fc5b7afe7ad0dafc7674046926e4a85d java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.i586.rpm 18cf410980bd3bf9c6efd15e65a5ab55 java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.i586.rpm a8836d4cddc258e716b1b3c391e3e703 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.i586.rpm 7ccd54c80d4fc8af6fd734454c513916 java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el4.i586.rpm 55c3f4337a6c7a7f24961ea1aab7cc51 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.i586.rpm x86_64: 910cd54c393e23be712e998c71896f4a java-1.5.0-sun-1.5.0.13-1jpp.1.el4.x86_64.rpm d7212d88844bab46f7100886fcbd9957 java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4.x86_64.rpm b199fc01e8f065cf24682f529c0124bf java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4.x86_64.rpm acc23e5c0ca693c9b0687072db464e12 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4.x86_64.rpm ecc90825333738682d92f571622fc071 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: 35c9332d0204f54b5b056474bdeaeccf java-1.5.0-sun-1.5.0.13-1jpp.1.el5.i586.rpm 44f9288677a80fcbafba3a5fed92e592 java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5.i586.rpm c5239b51ae5dea75c6b2b0320f0714a4 java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5.i586.rpm d523a49ce4259e115a17531a6b23e467 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5.i586.rpm 3b986af374d7cbc7ea45ed77bf218ebb java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el5.i586.rpm 067de5283b3a7a21d00b89eda43e6280 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5.i586.rpm x86_64: d5f5265a30c8e070f32bcab27acec770 java-1.5.0-sun-1.5.0.13-1jpp.1.el5.x86_64.rpm 1e0e4593210908b9b328510de912bf4d java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5.x86_64.rpm 383d3f8999dcca1f789bb1ca3b1da61a java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5.x86_64.rpm 305bdcd08a3085516b1cebde6ffdd3e0 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5.x86_64.rpm 3b986af374d7cbc7ea45ed77bf218ebb java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el5.i586.rpm 8b9d091c14eee7ceece65a9239a20715 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: 35c9332d0204f54b5b056474bdeaeccf java-1.5.0-sun-1.5.0.13-1jpp.1.el5.i586.rpm 44f9288677a80fcbafba3a5fed92e592 java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5.i586.rpm c5239b51ae5dea75c6b2b0320f0714a4 java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5.i586.rpm d523a49ce4259e115a17531a6b23e467 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5.i586.rpm 3b986af374d7cbc7ea45ed77bf218ebb java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el5.i586.rpm 067de5283b3a7a21d00b89eda43e6280 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5.i586.rpm x86_64: d5f5265a30c8e070f32bcab27acec770 java-1.5.0-sun-1.5.0.13-1jpp.1.el5.x86_64.rpm 1e0e4593210908b9b328510de912bf4d java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5.x86_64.rpm 383d3f8999dcca1f789bb1ca3b1da61a java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5.x86_64.rpm 305bdcd08a3085516b1cebde6ffdd3e0 java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5.x86_64.rpm 3b986af374d7cbc7ea45ed77bf218ebb java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el5.i586.rpm 8b9d091c14eee7ceece65a9239a20715 java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHD0UfXlSAg2UNWIIRArmzAJ4yhlngp9IpzC3MFGdHASiz+++/OQCgrKSM DYGpamd2Bx4XWX98BBEXNIc= =njz4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 12 11:35:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 12 Oct 2007 07:35:15 -0400 Subject: [RHSA-2007:0964-01] Important: openssl security update Message-ID: <200710121135.l9CBZF5G008523@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2007:0964-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0964.html Issue date: 2007-10-12 Updated on: 2007-10-12 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 - --------------------------------------------------------------------- 1. Summary: Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-5135). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-4995). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245732 - CVE-2007-3108 RSA side-channel attack 309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one 321191 - CVE-2007-4995 openssl dtls out of order vulnerabilitiy 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm 0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm i386: 66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm x86_64: 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm 33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm 2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm 0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm i386: ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm x86_64: ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm 05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm 168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm 0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm i386: 66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm 998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm ia64: 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm b025d862ca952a0289f55e04156cedb0 openssl-0.9.8b-8.3.el5_0.2.ia64.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm d0998e6d8191b972a01ddab5e222c0c8 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ia64.rpm e8766e171cebbc2897f0642a0add2244 openssl-devel-0.9.8b-8.3.el5_0.2.ia64.rpm 270be09d92822984dee0c4d7e786fce3 openssl-perl-0.9.8b-8.3.el5_0.2.ia64.rpm ppc: 1141cf40960ae39388e4e8eeebc801b2 openssl-0.9.8b-8.3.el5_0.2.ppc.rpm e30551ffb11d12b7252f95fa3a5a10c5 openssl-0.9.8b-8.3.el5_0.2.ppc64.rpm 83d060df03f60db508c5c8e7aaf35a3c openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc.rpm db703c98b117309f1c3a51524e1f9889 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc64.rpm a9b31f8ab0d0be84bf4a4c6a7f061187 openssl-devel-0.9.8b-8.3.el5_0.2.ppc.rpm ae7a02136749eb6add2064d575fe2358 openssl-devel-0.9.8b-8.3.el5_0.2.ppc64.rpm 9552d697daafba170ecd82a0e265292a openssl-perl-0.9.8b-8.3.el5_0.2.ppc.rpm s390x: b82c768d8fbb7ed7d62d867df39b96e5 openssl-0.9.8b-8.3.el5_0.2.s390.rpm 56868f24204f584792594cbec2744517 openssl-0.9.8b-8.3.el5_0.2.s390x.rpm eb5842143f9b0cd8e801969784673e07 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390.rpm 16125099c4d353a157e231cbb178ada4 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390x.rpm d1fdcc96b1e94d70339efe6ae9850ab7 openssl-devel-0.9.8b-8.3.el5_0.2.s390.rpm f7ee8f120dbbebbc5a0a51b3e9f6a86b openssl-devel-0.9.8b-8.3.el5_0.2.s390x.rpm e543b01864c8ef794d90fc680ba1698d openssl-perl-0.9.8b-8.3.el5_0.2.s390x.rpm x86_64: 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm 33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm 168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm 2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 http://www.openssl.org/news/secadv_20071012.txt http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHD1vxXlSAg2UNWIIRAk+5AKCmcMF7Oqfm1fKUNVtsnq3NUXaLbACgmgQv CgoN8N+kDwk1ouxGI6/bocM= =nhaG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 16 07:11:31 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Oct 2007 03:11:31 -0400 Subject: [RHSA-2007:0956-01] Moderate: java-1.5.0-bea security update Message-ID: <200710160711.l9G7BVpf019450@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: java-1.5.0-bea security update Advisory ID: RHSA-2007:0956-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0956.html Issue date: 2007-10-16 Updated on: 2007-10-16 Product: Red Hat Enterprise Linux Extras CVE Names: CVE-2007-0243 CVE-2007-2788 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3503 CVE-2007-3698 CVE-2007-4381 - --------------------------------------------------------------------- 1. Summary: Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, x86_64 3. Problem description: The BEA WebLogic JRockit 1.5.0_11 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_11 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw was found in the BEA Java Runtime Environment GIF image handling. If an application processes untrusted GIF image input, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-0243) A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.5.0_11 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the "appletviewer" application. (CVE-2007-3005) A cross site scripting (XSS) flaw was found in the Javadoc tool. An attacker could inject arbitrary content into a Javadoc generated HTML documentation page, possibly tricking a user or stealing sensitive information. (CVE-2007-3503) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processes font data. An applet viewed via the 'appletviewer' application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the "appletviewer" application. It may also be possible to crash a server application which processes untrusted font information from a third party. (CVE-2007-4381) All users of java-bea-1.5.0 should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.5.0_11 release that resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 242595 - CVE-2007-3004 Integer overflow in IBM JDK's ICC profile parser 246765 - CVE-2007-3503 HTML files generated with Javadoc are vulnerable to a XSS 249539 - CVE-2007-3698 Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition 250725 - CVE-2007-2788 Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit 250729 - CVE-2007-2789 BMP image parser vulnerability 250733 - CVE-2007-3005 Unspecified vulnerability in Sun JRE 253488 - CVE-2007-4381 Vulnerability in the font parsing code 325941 - CVE-2007-0243 GIF buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4 Extras: i386: 5ee007deaed3fe92f4387a65a047640f java-1.5.0-bea-1.5.0.11-1jpp.2.el4.i686.rpm 8e3c02c82190145a0905b5a2c594985e java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.i686.rpm c74a973d5643f72ae852def88191b083 java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.i686.rpm b61a256d5e440ef167bc94edf78acf72 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.i686.rpm 126172544cb3032c4e4f5e9e40dd06d3 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.i686.rpm ia64: 6101124db3f082c20c4afff52587e6ba java-1.5.0-bea-1.5.0.11-1jpp.2.el4.ia64.rpm 094f7d4653755791de0e92701c8e0295 java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.ia64.rpm 39884e2178042e02b4329d55249b3265 java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.ia64.rpm e22bf4cd3f81d178aaf807be985adbd8 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.ia64.rpm 39cb9b3bea5b0617c609aab0137bbd83 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.ia64.rpm x86_64: de5be6ed82c1e5a65e473e524f751655 java-1.5.0-bea-1.5.0.11-1jpp.2.el4.x86_64.rpm bf3915c8f00d5378beec836ee9cc3437 java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.x86_64.rpm f39f1082dc6c35b40f73bb8cac5f332a java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.x86_64.rpm 93cbe1ac3961201ad5f87cadfbe3346b java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.x86_64.rpm 9790762ccfa267866a9e80e2c1d431e6 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: 5ee007deaed3fe92f4387a65a047640f java-1.5.0-bea-1.5.0.11-1jpp.2.el4.i686.rpm 8e3c02c82190145a0905b5a2c594985e java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.i686.rpm c74a973d5643f72ae852def88191b083 java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.i686.rpm b61a256d5e440ef167bc94edf78acf72 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.i686.rpm 126172544cb3032c4e4f5e9e40dd06d3 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.i686.rpm x86_64: de5be6ed82c1e5a65e473e524f751655 java-1.5.0-bea-1.5.0.11-1jpp.2.el4.x86_64.rpm bf3915c8f00d5378beec836ee9cc3437 java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.x86_64.rpm f39f1082dc6c35b40f73bb8cac5f332a java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.x86_64.rpm 93cbe1ac3961201ad5f87cadfbe3346b java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.x86_64.rpm 9790762ccfa267866a9e80e2c1d431e6 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: 5ee007deaed3fe92f4387a65a047640f java-1.5.0-bea-1.5.0.11-1jpp.2.el4.i686.rpm 8e3c02c82190145a0905b5a2c594985e java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.i686.rpm c74a973d5643f72ae852def88191b083 java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.i686.rpm b61a256d5e440ef167bc94edf78acf72 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.i686.rpm 126172544cb3032c4e4f5e9e40dd06d3 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.i686.rpm ia64: 6101124db3f082c20c4afff52587e6ba java-1.5.0-bea-1.5.0.11-1jpp.2.el4.ia64.rpm 094f7d4653755791de0e92701c8e0295 java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.ia64.rpm 39884e2178042e02b4329d55249b3265 java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.ia64.rpm e22bf4cd3f81d178aaf807be985adbd8 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.ia64.rpm 39cb9b3bea5b0617c609aab0137bbd83 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.ia64.rpm x86_64: de5be6ed82c1e5a65e473e524f751655 java-1.5.0-bea-1.5.0.11-1jpp.2.el4.x86_64.rpm bf3915c8f00d5378beec836ee9cc3437 java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.x86_64.rpm f39f1082dc6c35b40f73bb8cac5f332a java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.x86_64.rpm 93cbe1ac3961201ad5f87cadfbe3346b java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.x86_64.rpm 9790762ccfa267866a9e80e2c1d431e6 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: 5ee007deaed3fe92f4387a65a047640f java-1.5.0-bea-1.5.0.11-1jpp.2.el4.i686.rpm 8e3c02c82190145a0905b5a2c594985e java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.i686.rpm c74a973d5643f72ae852def88191b083 java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.i686.rpm b61a256d5e440ef167bc94edf78acf72 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.i686.rpm 126172544cb3032c4e4f5e9e40dd06d3 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.i686.rpm ia64: 6101124db3f082c20c4afff52587e6ba java-1.5.0-bea-1.5.0.11-1jpp.2.el4.ia64.rpm 094f7d4653755791de0e92701c8e0295 java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.ia64.rpm 39884e2178042e02b4329d55249b3265 java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.ia64.rpm e22bf4cd3f81d178aaf807be985adbd8 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.ia64.rpm 39cb9b3bea5b0617c609aab0137bbd83 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.ia64.rpm x86_64: de5be6ed82c1e5a65e473e524f751655 java-1.5.0-bea-1.5.0.11-1jpp.2.el4.x86_64.rpm bf3915c8f00d5378beec836ee9cc3437 java-1.5.0-bea-demo-1.5.0.11-1jpp.2.el4.x86_64.rpm f39f1082dc6c35b40f73bb8cac5f332a java-1.5.0-bea-devel-1.5.0.11-1jpp.2.el4.x86_64.rpm 93cbe1ac3961201ad5f87cadfbe3346b java-1.5.0-bea-jdbc-1.5.0.11-1jpp.2.el4.x86_64.rpm 9790762ccfa267866a9e80e2c1d431e6 java-1.5.0-bea-src-1.5.0.11-1jpp.2.el4.x86_64.rpm RHEL Supplementary (v. 5 server): i386: cb428bcf2243087398758e4f0fed858c java-1.5.0-bea-1.5.0.11-1jpp.1.el5.i686.rpm 429681d5d5b09dc5a932cf2041ab8e8f java-1.5.0-bea-demo-1.5.0.11-1jpp.1.el5.i686.rpm f24a77375c04f507d7e3bc6c113eaeaf java-1.5.0-bea-devel-1.5.0.11-1jpp.1.el5.i686.rpm dd40a04438478306d4c69fad1e36bb06 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.1.el5.i686.rpm 899285f380244e5749f61120fc19b56a java-1.5.0-bea-missioncontrol-1.5.0.11-1jpp.1.el5.i686.rpm e56b9c0f758cb9d2f0fb9b4fc0f104b3 java-1.5.0-bea-src-1.5.0.11-1jpp.1.el5.i686.rpm ia64: b82f6fa44899b04665e52544890aed79 java-1.5.0-bea-1.5.0.11-1jpp.1.el5.ia64.rpm ab161cb6f69b939d3f11817b5ac6b61c java-1.5.0-bea-demo-1.5.0.11-1jpp.1.el5.ia64.rpm 1ce3ad97e0aa52683ec785668cc7b073 java-1.5.0-bea-devel-1.5.0.11-1jpp.1.el5.ia64.rpm d33b7c8c01aa713ad81a524e3284c7fc java-1.5.0-bea-jdbc-1.5.0.11-1jpp.1.el5.ia64.rpm 8cf50b42d5d2c2b913ba308b708408f3 java-1.5.0-bea-src-1.5.0.11-1jpp.1.el5.ia64.rpm x86_64: 93af80136cd63116968da787887bb54d java-1.5.0-bea-1.5.0.11-1jpp.1.el5.x86_64.rpm 400f37f0f79e4eed0c9c2ee8ee01349a java-1.5.0-bea-demo-1.5.0.11-1jpp.1.el5.x86_64.rpm e77e0217be215f6c9c73ad48431bd88a java-1.5.0-bea-devel-1.5.0.11-1jpp.1.el5.x86_64.rpm 0272469e1c6930c9437996a0e414a3e6 java-1.5.0-bea-jdbc-1.5.0.11-1jpp.1.el5.x86_64.rpm 2236ed694f93e7f02c34c8ac0e9739da java-1.5.0-bea-missioncontrol-1.5.0.11-1jpp.1.el5.x86_64.rpm e2367793a0f9126bda87da661b9e271b java-1.5.0-bea-src-1.5.0.11-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHFGQPXlSAg2UNWIIRAvuyAJ4hbHLTpkHfzHwXU/bv3wh8Cyvg0ACffaHd MexjiDgSgJEH6y2NaVhr5tI= =TSm9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 19 16:05:06 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 19 Oct 2007 12:05:06 -0400 Subject: [RHSA-2007:0979-01] Critical: firefox security update Message-ID: <200710191605.l9JG56fk013333@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2007:0979-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0979.html Issue date: 2007-10-19 Updated on: 2007-10-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 - --------------------------------------------------------------------- 1. Summary: Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 246248 - firefox crashes when searching for word "do" 333991 - Mozilla products security update (CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.7.el4.src.rpm 14521bc61a8a3fae6f51e01b7397dcb6 firefox-1.5.0.12-0.7.el4.src.rpm i386: a77fcb609b6967686ace6611ee46006b firefox-1.5.0.12-0.7.el4.i386.rpm a10903d25275b7f3b45b087f5075ac8d firefox-debuginfo-1.5.0.12-0.7.el4.i386.rpm ia64: 22a57ce44aa809198be66d6eef97bb9c firefox-1.5.0.12-0.7.el4.ia64.rpm 94f312b4eadfa99165d44c573bec784d firefox-debuginfo-1.5.0.12-0.7.el4.ia64.rpm ppc: a3067493f97b4921b3e4320516b09988 firefox-1.5.0.12-0.7.el4.ppc.rpm 767062821eba593df0116a7bfc8725b2 firefox-debuginfo-1.5.0.12-0.7.el4.ppc.rpm s390: 304d4a73bbbc1691762caa56fbe751b1 firefox-1.5.0.12-0.7.el4.s390.rpm 91f1b89ec8f0feef079b546327b232dc firefox-debuginfo-1.5.0.12-0.7.el4.s390.rpm s390x: 0536c7d1e6ce3c7147082020d126c546 firefox-1.5.0.12-0.7.el4.s390x.rpm 3d45b068acfd5cb48a047938cdf94339 firefox-debuginfo-1.5.0.12-0.7.el4.s390x.rpm x86_64: 3ee97b00b1b1a207bed96c195fac7c32 firefox-1.5.0.12-0.7.el4.x86_64.rpm 774b51deb8e133d53cba92831f80d1c9 firefox-debuginfo-1.5.0.12-0.7.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.7.el4.src.rpm 14521bc61a8a3fae6f51e01b7397dcb6 firefox-1.5.0.12-0.7.el4.src.rpm i386: a77fcb609b6967686ace6611ee46006b firefox-1.5.0.12-0.7.el4.i386.rpm a10903d25275b7f3b45b087f5075ac8d firefox-debuginfo-1.5.0.12-0.7.el4.i386.rpm x86_64: 3ee97b00b1b1a207bed96c195fac7c32 firefox-1.5.0.12-0.7.el4.x86_64.rpm 774b51deb8e133d53cba92831f80d1c9 firefox-debuginfo-1.5.0.12-0.7.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.7.el4.src.rpm 14521bc61a8a3fae6f51e01b7397dcb6 firefox-1.5.0.12-0.7.el4.src.rpm i386: a77fcb609b6967686ace6611ee46006b firefox-1.5.0.12-0.7.el4.i386.rpm a10903d25275b7f3b45b087f5075ac8d firefox-debuginfo-1.5.0.12-0.7.el4.i386.rpm ia64: 22a57ce44aa809198be66d6eef97bb9c firefox-1.5.0.12-0.7.el4.ia64.rpm 94f312b4eadfa99165d44c573bec784d firefox-debuginfo-1.5.0.12-0.7.el4.ia64.rpm x86_64: 3ee97b00b1b1a207bed96c195fac7c32 firefox-1.5.0.12-0.7.el4.x86_64.rpm 774b51deb8e133d53cba92831f80d1c9 firefox-debuginfo-1.5.0.12-0.7.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.7.el4.src.rpm 14521bc61a8a3fae6f51e01b7397dcb6 firefox-1.5.0.12-0.7.el4.src.rpm i386: a77fcb609b6967686ace6611ee46006b firefox-1.5.0.12-0.7.el4.i386.rpm a10903d25275b7f3b45b087f5075ac8d firefox-debuginfo-1.5.0.12-0.7.el4.i386.rpm ia64: 22a57ce44aa809198be66d6eef97bb9c firefox-1.5.0.12-0.7.el4.ia64.rpm 94f312b4eadfa99165d44c573bec784d firefox-debuginfo-1.5.0.12-0.7.el4.ia64.rpm x86_64: 3ee97b00b1b1a207bed96c195fac7c32 firefox-1.5.0.12-0.7.el4.x86_64.rpm 774b51deb8e133d53cba92831f80d1c9 firefox-debuginfo-1.5.0.12-0.7.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-6.el5.src.rpm 8751dd10ea3396a563771e436a3eb1d1 firefox-1.5.0.12-6.el5.src.rpm i386: e6d7cc39fef9cd508408ebc48d56509f firefox-1.5.0.12-6.el5.i386.rpm 999ed30a8fbb750206abbb6fabf13583 firefox-debuginfo-1.5.0.12-6.el5.i386.rpm x86_64: e6d7cc39fef9cd508408ebc48d56509f firefox-1.5.0.12-6.el5.i386.rpm a3025709096696676df09a4b2125b2e1 firefox-1.5.0.12-6.el5.x86_64.rpm 999ed30a8fbb750206abbb6fabf13583 firefox-debuginfo-1.5.0.12-6.el5.i386.rpm 3d9792bf0c4946b4e901608ff70a2731 firefox-debuginfo-1.5.0.12-6.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-6.el5.src.rpm 8751dd10ea3396a563771e436a3eb1d1 firefox-1.5.0.12-6.el5.src.rpm i386: 999ed30a8fbb750206abbb6fabf13583 firefox-debuginfo-1.5.0.12-6.el5.i386.rpm f307deb5f1cca86fe342f99eef6a0400 firefox-devel-1.5.0.12-6.el5.i386.rpm x86_64: 999ed30a8fbb750206abbb6fabf13583 firefox-debuginfo-1.5.0.12-6.el5.i386.rpm 3d9792bf0c4946b4e901608ff70a2731 firefox-debuginfo-1.5.0.12-6.el5.x86_64.rpm f307deb5f1cca86fe342f99eef6a0400 firefox-devel-1.5.0.12-6.el5.i386.rpm a512569a312536720d54a60b123974c1 firefox-devel-1.5.0.12-6.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-6.el5.src.rpm 8751dd10ea3396a563771e436a3eb1d1 firefox-1.5.0.12-6.el5.src.rpm i386: e6d7cc39fef9cd508408ebc48d56509f firefox-1.5.0.12-6.el5.i386.rpm 999ed30a8fbb750206abbb6fabf13583 firefox-debuginfo-1.5.0.12-6.el5.i386.rpm f307deb5f1cca86fe342f99eef6a0400 firefox-devel-1.5.0.12-6.el5.i386.rpm ia64: 2ca6057ea5a0d1cc04128558d4c85069 firefox-1.5.0.12-6.el5.ia64.rpm eeb360a59d2d93916944ad8f77b0c8a3 firefox-debuginfo-1.5.0.12-6.el5.ia64.rpm 83e887e01be14575bddb90b27fd12046 firefox-devel-1.5.0.12-6.el5.ia64.rpm ppc: 513389cac0f34e73c6ea7268d4105a47 firefox-1.5.0.12-6.el5.ppc.rpm 874161d6167c4fec200ab3c0cc5354ea firefox-debuginfo-1.5.0.12-6.el5.ppc.rpm 6d043336dbfbac647ed0b356b2c0b9a6 firefox-devel-1.5.0.12-6.el5.ppc.rpm s390x: e94181f34bdbf029e08afd540f4788da firefox-1.5.0.12-6.el5.s390.rpm fddf399d5ec6d03d8b8d8e5deec8ff93 firefox-1.5.0.12-6.el5.s390x.rpm b7c23f1cc8a0e93f4363d2a6af5a4981 firefox-debuginfo-1.5.0.12-6.el5.s390.rpm 0110422f2449199de04754571ab3acec firefox-debuginfo-1.5.0.12-6.el5.s390x.rpm 40acebdc1765435c854d4ffb6e74733c firefox-devel-1.5.0.12-6.el5.s390.rpm 09ad411554d856053321d42f590187b4 firefox-devel-1.5.0.12-6.el5.s390x.rpm x86_64: e6d7cc39fef9cd508408ebc48d56509f firefox-1.5.0.12-6.el5.i386.rpm a3025709096696676df09a4b2125b2e1 firefox-1.5.0.12-6.el5.x86_64.rpm 999ed30a8fbb750206abbb6fabf13583 firefox-debuginfo-1.5.0.12-6.el5.i386.rpm 3d9792bf0c4946b4e901608ff70a2731 firefox-debuginfo-1.5.0.12-6.el5.x86_64.rpm f307deb5f1cca86fe342f99eef6a0400 firefox-devel-1.5.0.12-6.el5.i386.rpm a512569a312536720d54a60b123974c1 firefox-devel-1.5.0.12-6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340 http://en.wikipedia.org/wiki/HTTP_response_splitting http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHGNWqXlSAg2UNWIIRAjdUAJ9qsmnqUCLsbUSJqfWEK3hCpFElsgCeLUXx iXqKe+sQlgYotHUQYpYd7GA= =lf6m -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 19 16:05:16 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 19 Oct 2007 12:05:16 -0400 Subject: [RHSA-2007:0980-01] Critical: seamonkey security update Message-ID: <200710191605.l9JG5GaH013342@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2007:0980-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0980.html Issue date: 2007-10-19 Updated on: 2007-10-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 - --------------------------------------------------------------------- 1. Summary: Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 333991 - Mozilla products security update (CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.9-0.6.el2.src.rpm 25375fb11e9e108630c37045f89f84b6 seamonkey-1.0.9-0.6.el2.src.rpm i386: 7e2eb515158d23818b6e9907f425f0c6 seamonkey-1.0.9-0.6.el2.i386.rpm 56b668f2ef954c3944a776b0498035ff seamonkey-chat-1.0.9-0.6.el2.i386.rpm 7a27971e6f4ddaec4cd43d2dcd4061bf seamonkey-devel-1.0.9-0.6.el2.i386.rpm 6c97c6b26f31793556abd4918007139e seamonkey-dom-inspector-1.0.9-0.6.el2.i386.rpm 944fa54ef9d02026734561221fd3157c seamonkey-js-debugger-1.0.9-0.6.el2.i386.rpm 468f95c7e62fab1f38d41dbe781d818b seamonkey-mail-1.0.9-0.6.el2.i386.rpm 8ffead1ec1e3a2e86ffb7c5537d4ce0f seamonkey-nspr-1.0.9-0.6.el2.i386.rpm 3cf65fec1f26b7ace8cc2bbb0ba92345 seamonkey-nspr-devel-1.0.9-0.6.el2.i386.rpm d9d5d2aeb9cf8a16a1b8c65a342189ed seamonkey-nss-1.0.9-0.6.el2.i386.rpm 1ca508595435c3478f6a2a9756d95278 seamonkey-nss-devel-1.0.9-0.6.el2.i386.rpm ia64: 0d4bab7adb0783f236f4831500bc2024 seamonkey-1.0.9-0.6.el2.ia64.rpm 09490c64016243b4fd817078198461e7 seamonkey-chat-1.0.9-0.6.el2.ia64.rpm 6b7bdc19f11256bc2a4c7e07d08f9275 seamonkey-devel-1.0.9-0.6.el2.ia64.rpm 886e43313710b091a81f2e9d33c79617 seamonkey-dom-inspector-1.0.9-0.6.el2.ia64.rpm 7c9f9a51289d2b7b8775ff80a49d405b seamonkey-js-debugger-1.0.9-0.6.el2.ia64.rpm 7a4d8f9f552609f840987a567020440d seamonkey-mail-1.0.9-0.6.el2.ia64.rpm 4bc2ee26263e96226d6d474dd5e8da1d seamonkey-nspr-1.0.9-0.6.el2.ia64.rpm 7d2b1891e6099cffae2bbf32cb3aee9c seamonkey-nspr-devel-1.0.9-0.6.el2.ia64.rpm e258049f386433ebae2561b4b9190447 seamonkey-nss-1.0.9-0.6.el2.ia64.rpm 8a9a3d40700070f76c2bc0fb19b948f4 seamonkey-nss-devel-1.0.9-0.6.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.9-0.6.el2.src.rpm 25375fb11e9e108630c37045f89f84b6 seamonkey-1.0.9-0.6.el2.src.rpm ia64: 0d4bab7adb0783f236f4831500bc2024 seamonkey-1.0.9-0.6.el2.ia64.rpm 09490c64016243b4fd817078198461e7 seamonkey-chat-1.0.9-0.6.el2.ia64.rpm 6b7bdc19f11256bc2a4c7e07d08f9275 seamonkey-devel-1.0.9-0.6.el2.ia64.rpm 886e43313710b091a81f2e9d33c79617 seamonkey-dom-inspector-1.0.9-0.6.el2.ia64.rpm 7c9f9a51289d2b7b8775ff80a49d405b seamonkey-js-debugger-1.0.9-0.6.el2.ia64.rpm 7a4d8f9f552609f840987a567020440d seamonkey-mail-1.0.9-0.6.el2.ia64.rpm 4bc2ee26263e96226d6d474dd5e8da1d seamonkey-nspr-1.0.9-0.6.el2.ia64.rpm 7d2b1891e6099cffae2bbf32cb3aee9c seamonkey-nspr-devel-1.0.9-0.6.el2.ia64.rpm e258049f386433ebae2561b4b9190447 seamonkey-nss-1.0.9-0.6.el2.ia64.rpm 8a9a3d40700070f76c2bc0fb19b948f4 seamonkey-nss-devel-1.0.9-0.6.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.9-0.6.el2.src.rpm 25375fb11e9e108630c37045f89f84b6 seamonkey-1.0.9-0.6.el2.src.rpm i386: 7e2eb515158d23818b6e9907f425f0c6 seamonkey-1.0.9-0.6.el2.i386.rpm 56b668f2ef954c3944a776b0498035ff seamonkey-chat-1.0.9-0.6.el2.i386.rpm 7a27971e6f4ddaec4cd43d2dcd4061bf seamonkey-devel-1.0.9-0.6.el2.i386.rpm 6c97c6b26f31793556abd4918007139e seamonkey-dom-inspector-1.0.9-0.6.el2.i386.rpm 944fa54ef9d02026734561221fd3157c seamonkey-js-debugger-1.0.9-0.6.el2.i386.rpm 468f95c7e62fab1f38d41dbe781d818b seamonkey-mail-1.0.9-0.6.el2.i386.rpm 8ffead1ec1e3a2e86ffb7c5537d4ce0f seamonkey-nspr-1.0.9-0.6.el2.i386.rpm 3cf65fec1f26b7ace8cc2bbb0ba92345 seamonkey-nspr-devel-1.0.9-0.6.el2.i386.rpm d9d5d2aeb9cf8a16a1b8c65a342189ed seamonkey-nss-1.0.9-0.6.el2.i386.rpm 1ca508595435c3478f6a2a9756d95278 seamonkey-nss-devel-1.0.9-0.6.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.9-0.6.el2.src.rpm 25375fb11e9e108630c37045f89f84b6 seamonkey-1.0.9-0.6.el2.src.rpm i386: 7e2eb515158d23818b6e9907f425f0c6 seamonkey-1.0.9-0.6.el2.i386.rpm 56b668f2ef954c3944a776b0498035ff seamonkey-chat-1.0.9-0.6.el2.i386.rpm 7a27971e6f4ddaec4cd43d2dcd4061bf seamonkey-devel-1.0.9-0.6.el2.i386.rpm 6c97c6b26f31793556abd4918007139e seamonkey-dom-inspector-1.0.9-0.6.el2.i386.rpm 944fa54ef9d02026734561221fd3157c seamonkey-js-debugger-1.0.9-0.6.el2.i386.rpm 468f95c7e62fab1f38d41dbe781d818b seamonkey-mail-1.0.9-0.6.el2.i386.rpm 8ffead1ec1e3a2e86ffb7c5537d4ce0f seamonkey-nspr-1.0.9-0.6.el2.i386.rpm 3cf65fec1f26b7ace8cc2bbb0ba92345 seamonkey-nspr-devel-1.0.9-0.6.el2.i386.rpm d9d5d2aeb9cf8a16a1b8c65a342189ed seamonkey-nss-1.0.9-0.6.el2.i386.rpm 1ca508595435c3478f6a2a9756d95278 seamonkey-nss-devel-1.0.9-0.6.el2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.5.el3.src.rpm 13a548e2d4b191891d301188b6f09971 seamonkey-1.0.9-0.5.el3.src.rpm i386: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm b48d55f45a3dc69f204ef0f8ce1b26d4 seamonkey-chat-1.0.9-0.5.el3.i386.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm c24cfc948b16378856343c7c731df9df seamonkey-devel-1.0.9-0.5.el3.i386.rpm 2e960f62d3d8422a79a6b6f1d6d6798c seamonkey-dom-inspector-1.0.9-0.5.el3.i386.rpm a8825eaa03f6f064248b003057ea5fcc seamonkey-js-debugger-1.0.9-0.5.el3.i386.rpm 91c1b5a376632cef9eaccca76c3c6db4 seamonkey-mail-1.0.9-0.5.el3.i386.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 394a7ca77adf20237472e298d41d7a85 seamonkey-nspr-devel-1.0.9-0.5.el3.i386.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 5bdc76df7d03792e9dd80daf52ca9166 seamonkey-nss-devel-1.0.9-0.5.el3.i386.rpm ia64: 8b7f40e7078d884ab8d490f0f4d58dc0 seamonkey-1.0.9-0.5.el3.ia64.rpm e38f826ad8326b08f12c1e290f35ed79 seamonkey-chat-1.0.9-0.5.el3.ia64.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm 28c2db99e458bb0a90620720c8b6fc4e seamonkey-debuginfo-1.0.9-0.5.el3.ia64.rpm 74df23e6e73949c2f7c56cb506b1fbb6 seamonkey-devel-1.0.9-0.5.el3.ia64.rpm 935d312808d58030ac5e01a7ea2b3ce3 seamonkey-dom-inspector-1.0.9-0.5.el3.ia64.rpm f40c5e594f65b98442ca88c39c8fa8ef seamonkey-js-debugger-1.0.9-0.5.el3.ia64.rpm 3895ffb92e6344920a4c6f96ff3a13ed seamonkey-mail-1.0.9-0.5.el3.ia64.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 199c688c239e1aa84472d181548211c7 seamonkey-nspr-1.0.9-0.5.el3.ia64.rpm dcbe093f20d1e553603dd3496836bb17 seamonkey-nspr-devel-1.0.9-0.5.el3.ia64.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 8b953ed11f713fda9ee8c86750f1fe2a seamonkey-nss-1.0.9-0.5.el3.ia64.rpm bf6705a7fbfd86eb21e50de632530853 seamonkey-nss-devel-1.0.9-0.5.el3.ia64.rpm ppc: f16cd6d52027a445bf0f3d1ffb337175 seamonkey-1.0.9-0.5.el3.ppc.rpm 223fe8c54c90fec07624fd463ac7f4d2 seamonkey-chat-1.0.9-0.5.el3.ppc.rpm 55b3d0e366af5056b055a6fd2131ef8d seamonkey-debuginfo-1.0.9-0.5.el3.ppc.rpm 06150ce54982622e27650230097fd7ee seamonkey-devel-1.0.9-0.5.el3.ppc.rpm 9bb6a2550223e1cd7a0f0438b0ff4ebe seamonkey-dom-inspector-1.0.9-0.5.el3.ppc.rpm 68bc1971e521e0618905b2abf516d814 seamonkey-js-debugger-1.0.9-0.5.el3.ppc.rpm 03f85132db03c73223fe94a8f13818c4 seamonkey-mail-1.0.9-0.5.el3.ppc.rpm 3dace85be0f29c33c43c73c30bf1eda3 seamonkey-nspr-1.0.9-0.5.el3.ppc.rpm 55815eba518b69355979c2164cbe9d7f seamonkey-nspr-devel-1.0.9-0.5.el3.ppc.rpm d8c50978419b239a4d409b290561fe82 seamonkey-nss-1.0.9-0.5.el3.ppc.rpm 5e1ce434643fd85dfbab516e2829a769 seamonkey-nss-devel-1.0.9-0.5.el3.ppc.rpm s390: 56253032aaa5ae89c2d8b68845eef7f3 seamonkey-1.0.9-0.5.el3.s390.rpm ab8bddbdf18f3a610e2c384381406264 seamonkey-chat-1.0.9-0.5.el3.s390.rpm 0280df42fdfa183847f7f4a0eb9552c7 seamonkey-debuginfo-1.0.9-0.5.el3.s390.rpm 0991e16d3c5d9468b8015ae0f9557582 seamonkey-devel-1.0.9-0.5.el3.s390.rpm 49ef1339d3815b2913ef81035b85b167 seamonkey-dom-inspector-1.0.9-0.5.el3.s390.rpm e8eccd242f6cc3ace46281da8d96d07e seamonkey-js-debugger-1.0.9-0.5.el3.s390.rpm 31f37a83f1e9f8441eb5b789b1c08090 seamonkey-mail-1.0.9-0.5.el3.s390.rpm 9f0ab980c7691ea8862973a5f35387eb seamonkey-nspr-1.0.9-0.5.el3.s390.rpm 80f3349369d89fe63f9dfc70b4677193 seamonkey-nspr-devel-1.0.9-0.5.el3.s390.rpm f838a5409c8e310b70361f55c9132f4b seamonkey-nss-1.0.9-0.5.el3.s390.rpm 6b4135da0fa54846dfebe0beabdb1eeb seamonkey-nss-devel-1.0.9-0.5.el3.s390.rpm s390x: db0bbe712e0d82ccf86ffcd6ae8ffc80 seamonkey-1.0.9-0.5.el3.s390x.rpm bc54263572c1d2185a35f920774b33e6 seamonkey-chat-1.0.9-0.5.el3.s390x.rpm 0280df42fdfa183847f7f4a0eb9552c7 seamonkey-debuginfo-1.0.9-0.5.el3.s390.rpm 9c1f91210cee052869b0917fd5dfdc94 seamonkey-debuginfo-1.0.9-0.5.el3.s390x.rpm 5c05af177bc27003cc0e60116430a786 seamonkey-devel-1.0.9-0.5.el3.s390x.rpm 00ca575ad9cf7a3ba4727ba089f06e95 seamonkey-dom-inspector-1.0.9-0.5.el3.s390x.rpm 7840a8534b534b141a84ba83ab1388db seamonkey-js-debugger-1.0.9-0.5.el3.s390x.rpm ebdaafeb08a914e27593e0e5566287a4 seamonkey-mail-1.0.9-0.5.el3.s390x.rpm 9f0ab980c7691ea8862973a5f35387eb seamonkey-nspr-1.0.9-0.5.el3.s390.rpm 88283b8dbc66b368554cdf5498601764 seamonkey-nspr-1.0.9-0.5.el3.s390x.rpm 3c8e76bb646dd39ca519b868255983ef seamonkey-nspr-devel-1.0.9-0.5.el3.s390x.rpm f838a5409c8e310b70361f55c9132f4b seamonkey-nss-1.0.9-0.5.el3.s390.rpm b7fc8f8516376894cacd68554a5595da seamonkey-nss-1.0.9-0.5.el3.s390x.rpm e1ac51922913d8e0ee60c8a52259f66c seamonkey-nss-devel-1.0.9-0.5.el3.s390x.rpm x86_64: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm 5c9035794ee5bfc87034699c0371e699 seamonkey-1.0.9-0.5.el3.x86_64.rpm ae585b8f1cd07b4f605f6059aef4b819 seamonkey-chat-1.0.9-0.5.el3.x86_64.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm f1e18afb16fe5773e43e688519e971f1 seamonkey-debuginfo-1.0.9-0.5.el3.x86_64.rpm 3354659c64ade839abff24de77f38b32 seamonkey-devel-1.0.9-0.5.el3.x86_64.rpm c8fe260e94dcf69822a7f1c7a92c4005 seamonkey-dom-inspector-1.0.9-0.5.el3.x86_64.rpm d906c834142617e25c6a0eb3abef8cdc seamonkey-js-debugger-1.0.9-0.5.el3.x86_64.rpm d747d1f353a6b2c03a9668aefd23f2fa seamonkey-mail-1.0.9-0.5.el3.x86_64.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 79d7f066941a49f50f62473988e6400f seamonkey-nspr-1.0.9-0.5.el3.x86_64.rpm 1e867b785894f7afa47ccede3fba0318 seamonkey-nspr-devel-1.0.9-0.5.el3.x86_64.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 90698d329a6d732cb8974e86f8522d97 seamonkey-nss-1.0.9-0.5.el3.x86_64.rpm df4830174cacd1aefb857704036907e6 seamonkey-nss-devel-1.0.9-0.5.el3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.5.el3.src.rpm 13a548e2d4b191891d301188b6f09971 seamonkey-1.0.9-0.5.el3.src.rpm i386: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm b48d55f45a3dc69f204ef0f8ce1b26d4 seamonkey-chat-1.0.9-0.5.el3.i386.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm c24cfc948b16378856343c7c731df9df seamonkey-devel-1.0.9-0.5.el3.i386.rpm 2e960f62d3d8422a79a6b6f1d6d6798c seamonkey-dom-inspector-1.0.9-0.5.el3.i386.rpm a8825eaa03f6f064248b003057ea5fcc seamonkey-js-debugger-1.0.9-0.5.el3.i386.rpm 91c1b5a376632cef9eaccca76c3c6db4 seamonkey-mail-1.0.9-0.5.el3.i386.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 394a7ca77adf20237472e298d41d7a85 seamonkey-nspr-devel-1.0.9-0.5.el3.i386.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 5bdc76df7d03792e9dd80daf52ca9166 seamonkey-nss-devel-1.0.9-0.5.el3.i386.rpm x86_64: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm 5c9035794ee5bfc87034699c0371e699 seamonkey-1.0.9-0.5.el3.x86_64.rpm ae585b8f1cd07b4f605f6059aef4b819 seamonkey-chat-1.0.9-0.5.el3.x86_64.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm f1e18afb16fe5773e43e688519e971f1 seamonkey-debuginfo-1.0.9-0.5.el3.x86_64.rpm 3354659c64ade839abff24de77f38b32 seamonkey-devel-1.0.9-0.5.el3.x86_64.rpm c8fe260e94dcf69822a7f1c7a92c4005 seamonkey-dom-inspector-1.0.9-0.5.el3.x86_64.rpm d906c834142617e25c6a0eb3abef8cdc seamonkey-js-debugger-1.0.9-0.5.el3.x86_64.rpm d747d1f353a6b2c03a9668aefd23f2fa seamonkey-mail-1.0.9-0.5.el3.x86_64.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 79d7f066941a49f50f62473988e6400f seamonkey-nspr-1.0.9-0.5.el3.x86_64.rpm 1e867b785894f7afa47ccede3fba0318 seamonkey-nspr-devel-1.0.9-0.5.el3.x86_64.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 90698d329a6d732cb8974e86f8522d97 seamonkey-nss-1.0.9-0.5.el3.x86_64.rpm df4830174cacd1aefb857704036907e6 seamonkey-nss-devel-1.0.9-0.5.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.5.el3.src.rpm 13a548e2d4b191891d301188b6f09971 seamonkey-1.0.9-0.5.el3.src.rpm i386: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm b48d55f45a3dc69f204ef0f8ce1b26d4 seamonkey-chat-1.0.9-0.5.el3.i386.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm c24cfc948b16378856343c7c731df9df seamonkey-devel-1.0.9-0.5.el3.i386.rpm 2e960f62d3d8422a79a6b6f1d6d6798c seamonkey-dom-inspector-1.0.9-0.5.el3.i386.rpm a8825eaa03f6f064248b003057ea5fcc seamonkey-js-debugger-1.0.9-0.5.el3.i386.rpm 91c1b5a376632cef9eaccca76c3c6db4 seamonkey-mail-1.0.9-0.5.el3.i386.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 394a7ca77adf20237472e298d41d7a85 seamonkey-nspr-devel-1.0.9-0.5.el3.i386.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 5bdc76df7d03792e9dd80daf52ca9166 seamonkey-nss-devel-1.0.9-0.5.el3.i386.rpm ia64: 8b7f40e7078d884ab8d490f0f4d58dc0 seamonkey-1.0.9-0.5.el3.ia64.rpm e38f826ad8326b08f12c1e290f35ed79 seamonkey-chat-1.0.9-0.5.el3.ia64.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm 28c2db99e458bb0a90620720c8b6fc4e seamonkey-debuginfo-1.0.9-0.5.el3.ia64.rpm 74df23e6e73949c2f7c56cb506b1fbb6 seamonkey-devel-1.0.9-0.5.el3.ia64.rpm 935d312808d58030ac5e01a7ea2b3ce3 seamonkey-dom-inspector-1.0.9-0.5.el3.ia64.rpm f40c5e594f65b98442ca88c39c8fa8ef seamonkey-js-debugger-1.0.9-0.5.el3.ia64.rpm 3895ffb92e6344920a4c6f96ff3a13ed seamonkey-mail-1.0.9-0.5.el3.ia64.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 199c688c239e1aa84472d181548211c7 seamonkey-nspr-1.0.9-0.5.el3.ia64.rpm dcbe093f20d1e553603dd3496836bb17 seamonkey-nspr-devel-1.0.9-0.5.el3.ia64.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 8b953ed11f713fda9ee8c86750f1fe2a seamonkey-nss-1.0.9-0.5.el3.ia64.rpm bf6705a7fbfd86eb21e50de632530853 seamonkey-nss-devel-1.0.9-0.5.el3.ia64.rpm x86_64: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm 5c9035794ee5bfc87034699c0371e699 seamonkey-1.0.9-0.5.el3.x86_64.rpm ae585b8f1cd07b4f605f6059aef4b819 seamonkey-chat-1.0.9-0.5.el3.x86_64.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm f1e18afb16fe5773e43e688519e971f1 seamonkey-debuginfo-1.0.9-0.5.el3.x86_64.rpm 3354659c64ade839abff24de77f38b32 seamonkey-devel-1.0.9-0.5.el3.x86_64.rpm c8fe260e94dcf69822a7f1c7a92c4005 seamonkey-dom-inspector-1.0.9-0.5.el3.x86_64.rpm d906c834142617e25c6a0eb3abef8cdc seamonkey-js-debugger-1.0.9-0.5.el3.x86_64.rpm d747d1f353a6b2c03a9668aefd23f2fa seamonkey-mail-1.0.9-0.5.el3.x86_64.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 79d7f066941a49f50f62473988e6400f seamonkey-nspr-1.0.9-0.5.el3.x86_64.rpm 1e867b785894f7afa47ccede3fba0318 seamonkey-nspr-devel-1.0.9-0.5.el3.x86_64.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 90698d329a6d732cb8974e86f8522d97 seamonkey-nss-1.0.9-0.5.el3.x86_64.rpm df4830174cacd1aefb857704036907e6 seamonkey-nss-devel-1.0.9-0.5.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.5.el3.src.rpm 13a548e2d4b191891d301188b6f09971 seamonkey-1.0.9-0.5.el3.src.rpm i386: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm b48d55f45a3dc69f204ef0f8ce1b26d4 seamonkey-chat-1.0.9-0.5.el3.i386.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm c24cfc948b16378856343c7c731df9df seamonkey-devel-1.0.9-0.5.el3.i386.rpm 2e960f62d3d8422a79a6b6f1d6d6798c seamonkey-dom-inspector-1.0.9-0.5.el3.i386.rpm a8825eaa03f6f064248b003057ea5fcc seamonkey-js-debugger-1.0.9-0.5.el3.i386.rpm 91c1b5a376632cef9eaccca76c3c6db4 seamonkey-mail-1.0.9-0.5.el3.i386.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 394a7ca77adf20237472e298d41d7a85 seamonkey-nspr-devel-1.0.9-0.5.el3.i386.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 5bdc76df7d03792e9dd80daf52ca9166 seamonkey-nss-devel-1.0.9-0.5.el3.i386.rpm ia64: 8b7f40e7078d884ab8d490f0f4d58dc0 seamonkey-1.0.9-0.5.el3.ia64.rpm e38f826ad8326b08f12c1e290f35ed79 seamonkey-chat-1.0.9-0.5.el3.ia64.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm 28c2db99e458bb0a90620720c8b6fc4e seamonkey-debuginfo-1.0.9-0.5.el3.ia64.rpm 74df23e6e73949c2f7c56cb506b1fbb6 seamonkey-devel-1.0.9-0.5.el3.ia64.rpm 935d312808d58030ac5e01a7ea2b3ce3 seamonkey-dom-inspector-1.0.9-0.5.el3.ia64.rpm f40c5e594f65b98442ca88c39c8fa8ef seamonkey-js-debugger-1.0.9-0.5.el3.ia64.rpm 3895ffb92e6344920a4c6f96ff3a13ed seamonkey-mail-1.0.9-0.5.el3.ia64.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 199c688c239e1aa84472d181548211c7 seamonkey-nspr-1.0.9-0.5.el3.ia64.rpm dcbe093f20d1e553603dd3496836bb17 seamonkey-nspr-devel-1.0.9-0.5.el3.ia64.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 8b953ed11f713fda9ee8c86750f1fe2a seamonkey-nss-1.0.9-0.5.el3.ia64.rpm bf6705a7fbfd86eb21e50de632530853 seamonkey-nss-devel-1.0.9-0.5.el3.ia64.rpm x86_64: 21aae6d9b8be17813eecdf3eb8f1bdee seamonkey-1.0.9-0.5.el3.i386.rpm 5c9035794ee5bfc87034699c0371e699 seamonkey-1.0.9-0.5.el3.x86_64.rpm ae585b8f1cd07b4f605f6059aef4b819 seamonkey-chat-1.0.9-0.5.el3.x86_64.rpm ec9977f68821378e5ff708091e7c2cf8 seamonkey-debuginfo-1.0.9-0.5.el3.i386.rpm f1e18afb16fe5773e43e688519e971f1 seamonkey-debuginfo-1.0.9-0.5.el3.x86_64.rpm 3354659c64ade839abff24de77f38b32 seamonkey-devel-1.0.9-0.5.el3.x86_64.rpm c8fe260e94dcf69822a7f1c7a92c4005 seamonkey-dom-inspector-1.0.9-0.5.el3.x86_64.rpm d906c834142617e25c6a0eb3abef8cdc seamonkey-js-debugger-1.0.9-0.5.el3.x86_64.rpm d747d1f353a6b2c03a9668aefd23f2fa seamonkey-mail-1.0.9-0.5.el3.x86_64.rpm f6008d7a3b0a3048f6de157694d504e3 seamonkey-nspr-1.0.9-0.5.el3.i386.rpm 79d7f066941a49f50f62473988e6400f seamonkey-nspr-1.0.9-0.5.el3.x86_64.rpm 1e867b785894f7afa47ccede3fba0318 seamonkey-nspr-devel-1.0.9-0.5.el3.x86_64.rpm 22169544914006935217b9f395f3bdae seamonkey-nss-1.0.9-0.5.el3.i386.rpm 90698d329a6d732cb8974e86f8522d97 seamonkey-nss-1.0.9-0.5.el3.x86_64.rpm df4830174cacd1aefb857704036907e6 seamonkey-nss-devel-1.0.9-0.5.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-6.el4.src.rpm 6014e2daa4c5c140f55fcb3ae4d5b2f8 seamonkey-1.0.9-6.el4.src.rpm i386: 2d9100c6b6c09c5b472aaa1b4f66f5f1 seamonkey-1.0.9-6.el4.i386.rpm 8a8d43357532ec2b9ef856a1dcd1c062 seamonkey-chat-1.0.9-6.el4.i386.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm e10399d82053219ee28b5ea05eb42f26 seamonkey-devel-1.0.9-6.el4.i386.rpm f601ec032dd1409c27099d600de36f38 seamonkey-dom-inspector-1.0.9-6.el4.i386.rpm 77d7ec48f82f07b3241e4b86ca676c59 seamonkey-js-debugger-1.0.9-6.el4.i386.rpm 563e7adbb727715c693d72603ed90898 seamonkey-mail-1.0.9-6.el4.i386.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 4eff7ab736daced7dd3f184dd750e530 seamonkey-nspr-devel-1.0.9-6.el4.i386.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 542460ac4e0c668f3176b224ee396c5c seamonkey-nss-devel-1.0.9-6.el4.i386.rpm ia64: a5146e5d4ec9e2fa8f35f1f2cf303e39 seamonkey-1.0.9-6.el4.ia64.rpm de999cb716ad66bb816f4da6e722e425 seamonkey-chat-1.0.9-6.el4.ia64.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm c203627451ecc20affee1a5c442a40f5 seamonkey-debuginfo-1.0.9-6.el4.ia64.rpm 92cb76ac3709c69aaf6df95f92951c95 seamonkey-devel-1.0.9-6.el4.ia64.rpm 77c59ba4dca51fb14eab8ac1243adb42 seamonkey-dom-inspector-1.0.9-6.el4.ia64.rpm 0da0858a59d9b3692b8fc9cf2c66ea26 seamonkey-js-debugger-1.0.9-6.el4.ia64.rpm e8544de8e555877e7aa5c8a1f35a236b seamonkey-mail-1.0.9-6.el4.ia64.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 6f178fe6363a677a38d199d64d3b5bac seamonkey-nspr-1.0.9-6.el4.ia64.rpm dc217cfc46296351905a3911987ad2d9 seamonkey-nspr-devel-1.0.9-6.el4.ia64.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 09317c0898ccc14dc7f286f26a64a606 seamonkey-nss-1.0.9-6.el4.ia64.rpm 6e41b5da2df605dac776f73170dd957b seamonkey-nss-devel-1.0.9-6.el4.ia64.rpm ppc: a0a0aa628586582771652acdbf6b72a2 seamonkey-1.0.9-6.el4.ppc.rpm e4896d76e483da5c1646ac93c8dcc386 seamonkey-chat-1.0.9-6.el4.ppc.rpm 9bf4744c73c46b70284ad74c3be10f8e seamonkey-debuginfo-1.0.9-6.el4.ppc.rpm 80ba232bedea2f72df4ce31f003ccf51 seamonkey-devel-1.0.9-6.el4.ppc.rpm c1fd3741ca676e14ba204c2dbdfc5111 seamonkey-dom-inspector-1.0.9-6.el4.ppc.rpm 4f626ac4dabd99cf9edaaea0dd937419 seamonkey-js-debugger-1.0.9-6.el4.ppc.rpm 0978fbcc086ed03471d547d3d2233e93 seamonkey-mail-1.0.9-6.el4.ppc.rpm a65bc2041ee8bb43f149f9553372ba7c seamonkey-nspr-1.0.9-6.el4.ppc.rpm 1989ca830608fd5c4c3d5d52477c53db seamonkey-nspr-devel-1.0.9-6.el4.ppc.rpm 45a5626108c6e22fec7518d763f510ea seamonkey-nss-1.0.9-6.el4.ppc.rpm 6c3d07bfd3825c20bd60bbce6b236e10 seamonkey-nss-devel-1.0.9-6.el4.ppc.rpm s390: 1ce8876e851fe3372e7df9ed36a3158a seamonkey-1.0.9-6.el4.s390.rpm 1c1a72f24501da15ca3cdb7e6bd1de16 seamonkey-chat-1.0.9-6.el4.s390.rpm 7c0b1b3d9ff4c61d914512603493fab2 seamonkey-debuginfo-1.0.9-6.el4.s390.rpm 44f3cd1d0517d65e895074ce16d8a869 seamonkey-devel-1.0.9-6.el4.s390.rpm e5162b0c2e6e5bebf24a9279ae4607de seamonkey-dom-inspector-1.0.9-6.el4.s390.rpm a583e128b4b530c308b43930b62203f0 seamonkey-js-debugger-1.0.9-6.el4.s390.rpm d82548c72de31c78828b8870938e4d61 seamonkey-mail-1.0.9-6.el4.s390.rpm b9002483a54283368c131c2a461dc134 seamonkey-nspr-1.0.9-6.el4.s390.rpm a18d774dacc455ad99044def74e90271 seamonkey-nspr-devel-1.0.9-6.el4.s390.rpm 043299f6f65f301e516695384d5ff723 seamonkey-nss-1.0.9-6.el4.s390.rpm d7a487b7095d7d1e8aa4a3026c253966 seamonkey-nss-devel-1.0.9-6.el4.s390.rpm s390x: 19f81754f766b96ec4087da0418e83ca seamonkey-1.0.9-6.el4.s390x.rpm 178ad4207feb342f2b6e49c44b04632e seamonkey-chat-1.0.9-6.el4.s390x.rpm 7c0b1b3d9ff4c61d914512603493fab2 seamonkey-debuginfo-1.0.9-6.el4.s390.rpm 9ca8d55d8e7009d01eafd293255de0a3 seamonkey-debuginfo-1.0.9-6.el4.s390x.rpm 009660b14ea9c5a19106b84f43f83bd1 seamonkey-devel-1.0.9-6.el4.s390x.rpm 3f3e11e90706744b28c4bed8b74d8468 seamonkey-dom-inspector-1.0.9-6.el4.s390x.rpm df7b9c856d980155641e8ebcacf449c9 seamonkey-js-debugger-1.0.9-6.el4.s390x.rpm 402cb9ac90bc8847bb8e7722eef8e9bb seamonkey-mail-1.0.9-6.el4.s390x.rpm b9002483a54283368c131c2a461dc134 seamonkey-nspr-1.0.9-6.el4.s390.rpm b4676214f7685f91463fe77b7f99427e seamonkey-nspr-1.0.9-6.el4.s390x.rpm cb1c2bdf5aeffb23aecd91fa14a7b316 seamonkey-nspr-devel-1.0.9-6.el4.s390x.rpm 043299f6f65f301e516695384d5ff723 seamonkey-nss-1.0.9-6.el4.s390.rpm 648b140380f9e7564f9aa5508faf2e7b seamonkey-nss-1.0.9-6.el4.s390x.rpm 31c4bef42f39cf1b8df43a7a7fc4f36c seamonkey-nss-devel-1.0.9-6.el4.s390x.rpm x86_64: de6903b30854a87cb6df185a57b3ae77 seamonkey-1.0.9-6.el4.x86_64.rpm 86959d7138d0faae7cf1f72d5f0498ba seamonkey-chat-1.0.9-6.el4.x86_64.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm bf46d56274595e84c393edcda3baa95a seamonkey-debuginfo-1.0.9-6.el4.x86_64.rpm 40e5a62af36dc6b8ea415301bb949b5c seamonkey-devel-1.0.9-6.el4.x86_64.rpm 5259e7e2a0ec23afe419ce5f23ee1fb3 seamonkey-dom-inspector-1.0.9-6.el4.x86_64.rpm dbd0a681b8b6a42b5aa9db3852c516b3 seamonkey-js-debugger-1.0.9-6.el4.x86_64.rpm 96c59300066361f7c4726a7509509184 seamonkey-mail-1.0.9-6.el4.x86_64.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 27068f5b4cde9563488e3e2790c670f1 seamonkey-nspr-1.0.9-6.el4.x86_64.rpm f2ff29ecfff4959b036fb092ddfa8bf3 seamonkey-nspr-devel-1.0.9-6.el4.x86_64.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 0db532b5ed634fdfa8f6ff8a8eb48d07 seamonkey-nss-1.0.9-6.el4.x86_64.rpm fe408300912b9b6e8a7e73532f1a1a40 seamonkey-nss-devel-1.0.9-6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-6.el4.src.rpm 6014e2daa4c5c140f55fcb3ae4d5b2f8 seamonkey-1.0.9-6.el4.src.rpm i386: 2d9100c6b6c09c5b472aaa1b4f66f5f1 seamonkey-1.0.9-6.el4.i386.rpm 8a8d43357532ec2b9ef856a1dcd1c062 seamonkey-chat-1.0.9-6.el4.i386.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm e10399d82053219ee28b5ea05eb42f26 seamonkey-devel-1.0.9-6.el4.i386.rpm f601ec032dd1409c27099d600de36f38 seamonkey-dom-inspector-1.0.9-6.el4.i386.rpm 77d7ec48f82f07b3241e4b86ca676c59 seamonkey-js-debugger-1.0.9-6.el4.i386.rpm 563e7adbb727715c693d72603ed90898 seamonkey-mail-1.0.9-6.el4.i386.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 4eff7ab736daced7dd3f184dd750e530 seamonkey-nspr-devel-1.0.9-6.el4.i386.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 542460ac4e0c668f3176b224ee396c5c seamonkey-nss-devel-1.0.9-6.el4.i386.rpm x86_64: de6903b30854a87cb6df185a57b3ae77 seamonkey-1.0.9-6.el4.x86_64.rpm 86959d7138d0faae7cf1f72d5f0498ba seamonkey-chat-1.0.9-6.el4.x86_64.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm bf46d56274595e84c393edcda3baa95a seamonkey-debuginfo-1.0.9-6.el4.x86_64.rpm 40e5a62af36dc6b8ea415301bb949b5c seamonkey-devel-1.0.9-6.el4.x86_64.rpm 5259e7e2a0ec23afe419ce5f23ee1fb3 seamonkey-dom-inspector-1.0.9-6.el4.x86_64.rpm dbd0a681b8b6a42b5aa9db3852c516b3 seamonkey-js-debugger-1.0.9-6.el4.x86_64.rpm 96c59300066361f7c4726a7509509184 seamonkey-mail-1.0.9-6.el4.x86_64.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 27068f5b4cde9563488e3e2790c670f1 seamonkey-nspr-1.0.9-6.el4.x86_64.rpm f2ff29ecfff4959b036fb092ddfa8bf3 seamonkey-nspr-devel-1.0.9-6.el4.x86_64.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 0db532b5ed634fdfa8f6ff8a8eb48d07 seamonkey-nss-1.0.9-6.el4.x86_64.rpm fe408300912b9b6e8a7e73532f1a1a40 seamonkey-nss-devel-1.0.9-6.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-6.el4.src.rpm 6014e2daa4c5c140f55fcb3ae4d5b2f8 seamonkey-1.0.9-6.el4.src.rpm i386: 2d9100c6b6c09c5b472aaa1b4f66f5f1 seamonkey-1.0.9-6.el4.i386.rpm 8a8d43357532ec2b9ef856a1dcd1c062 seamonkey-chat-1.0.9-6.el4.i386.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm e10399d82053219ee28b5ea05eb42f26 seamonkey-devel-1.0.9-6.el4.i386.rpm f601ec032dd1409c27099d600de36f38 seamonkey-dom-inspector-1.0.9-6.el4.i386.rpm 77d7ec48f82f07b3241e4b86ca676c59 seamonkey-js-debugger-1.0.9-6.el4.i386.rpm 563e7adbb727715c693d72603ed90898 seamonkey-mail-1.0.9-6.el4.i386.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 4eff7ab736daced7dd3f184dd750e530 seamonkey-nspr-devel-1.0.9-6.el4.i386.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 542460ac4e0c668f3176b224ee396c5c seamonkey-nss-devel-1.0.9-6.el4.i386.rpm ia64: a5146e5d4ec9e2fa8f35f1f2cf303e39 seamonkey-1.0.9-6.el4.ia64.rpm de999cb716ad66bb816f4da6e722e425 seamonkey-chat-1.0.9-6.el4.ia64.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm c203627451ecc20affee1a5c442a40f5 seamonkey-debuginfo-1.0.9-6.el4.ia64.rpm 92cb76ac3709c69aaf6df95f92951c95 seamonkey-devel-1.0.9-6.el4.ia64.rpm 77c59ba4dca51fb14eab8ac1243adb42 seamonkey-dom-inspector-1.0.9-6.el4.ia64.rpm 0da0858a59d9b3692b8fc9cf2c66ea26 seamonkey-js-debugger-1.0.9-6.el4.ia64.rpm e8544de8e555877e7aa5c8a1f35a236b seamonkey-mail-1.0.9-6.el4.ia64.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 6f178fe6363a677a38d199d64d3b5bac seamonkey-nspr-1.0.9-6.el4.ia64.rpm dc217cfc46296351905a3911987ad2d9 seamonkey-nspr-devel-1.0.9-6.el4.ia64.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 09317c0898ccc14dc7f286f26a64a606 seamonkey-nss-1.0.9-6.el4.ia64.rpm 6e41b5da2df605dac776f73170dd957b seamonkey-nss-devel-1.0.9-6.el4.ia64.rpm x86_64: de6903b30854a87cb6df185a57b3ae77 seamonkey-1.0.9-6.el4.x86_64.rpm 86959d7138d0faae7cf1f72d5f0498ba seamonkey-chat-1.0.9-6.el4.x86_64.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm bf46d56274595e84c393edcda3baa95a seamonkey-debuginfo-1.0.9-6.el4.x86_64.rpm 40e5a62af36dc6b8ea415301bb949b5c seamonkey-devel-1.0.9-6.el4.x86_64.rpm 5259e7e2a0ec23afe419ce5f23ee1fb3 seamonkey-dom-inspector-1.0.9-6.el4.x86_64.rpm dbd0a681b8b6a42b5aa9db3852c516b3 seamonkey-js-debugger-1.0.9-6.el4.x86_64.rpm 96c59300066361f7c4726a7509509184 seamonkey-mail-1.0.9-6.el4.x86_64.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 27068f5b4cde9563488e3e2790c670f1 seamonkey-nspr-1.0.9-6.el4.x86_64.rpm f2ff29ecfff4959b036fb092ddfa8bf3 seamonkey-nspr-devel-1.0.9-6.el4.x86_64.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 0db532b5ed634fdfa8f6ff8a8eb48d07 seamonkey-nss-1.0.9-6.el4.x86_64.rpm fe408300912b9b6e8a7e73532f1a1a40 seamonkey-nss-devel-1.0.9-6.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-6.el4.src.rpm 6014e2daa4c5c140f55fcb3ae4d5b2f8 seamonkey-1.0.9-6.el4.src.rpm i386: 2d9100c6b6c09c5b472aaa1b4f66f5f1 seamonkey-1.0.9-6.el4.i386.rpm 8a8d43357532ec2b9ef856a1dcd1c062 seamonkey-chat-1.0.9-6.el4.i386.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm e10399d82053219ee28b5ea05eb42f26 seamonkey-devel-1.0.9-6.el4.i386.rpm f601ec032dd1409c27099d600de36f38 seamonkey-dom-inspector-1.0.9-6.el4.i386.rpm 77d7ec48f82f07b3241e4b86ca676c59 seamonkey-js-debugger-1.0.9-6.el4.i386.rpm 563e7adbb727715c693d72603ed90898 seamonkey-mail-1.0.9-6.el4.i386.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 4eff7ab736daced7dd3f184dd750e530 seamonkey-nspr-devel-1.0.9-6.el4.i386.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 542460ac4e0c668f3176b224ee396c5c seamonkey-nss-devel-1.0.9-6.el4.i386.rpm ia64: a5146e5d4ec9e2fa8f35f1f2cf303e39 seamonkey-1.0.9-6.el4.ia64.rpm de999cb716ad66bb816f4da6e722e425 seamonkey-chat-1.0.9-6.el4.ia64.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm c203627451ecc20affee1a5c442a40f5 seamonkey-debuginfo-1.0.9-6.el4.ia64.rpm 92cb76ac3709c69aaf6df95f92951c95 seamonkey-devel-1.0.9-6.el4.ia64.rpm 77c59ba4dca51fb14eab8ac1243adb42 seamonkey-dom-inspector-1.0.9-6.el4.ia64.rpm 0da0858a59d9b3692b8fc9cf2c66ea26 seamonkey-js-debugger-1.0.9-6.el4.ia64.rpm e8544de8e555877e7aa5c8a1f35a236b seamonkey-mail-1.0.9-6.el4.ia64.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 6f178fe6363a677a38d199d64d3b5bac seamonkey-nspr-1.0.9-6.el4.ia64.rpm dc217cfc46296351905a3911987ad2d9 seamonkey-nspr-devel-1.0.9-6.el4.ia64.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 09317c0898ccc14dc7f286f26a64a606 seamonkey-nss-1.0.9-6.el4.ia64.rpm 6e41b5da2df605dac776f73170dd957b seamonkey-nss-devel-1.0.9-6.el4.ia64.rpm x86_64: de6903b30854a87cb6df185a57b3ae77 seamonkey-1.0.9-6.el4.x86_64.rpm 86959d7138d0faae7cf1f72d5f0498ba seamonkey-chat-1.0.9-6.el4.x86_64.rpm 8ba5adc7db3452470a266670e1ed672a seamonkey-debuginfo-1.0.9-6.el4.i386.rpm bf46d56274595e84c393edcda3baa95a seamonkey-debuginfo-1.0.9-6.el4.x86_64.rpm 40e5a62af36dc6b8ea415301bb949b5c seamonkey-devel-1.0.9-6.el4.x86_64.rpm 5259e7e2a0ec23afe419ce5f23ee1fb3 seamonkey-dom-inspector-1.0.9-6.el4.x86_64.rpm dbd0a681b8b6a42b5aa9db3852c516b3 seamonkey-js-debugger-1.0.9-6.el4.x86_64.rpm 96c59300066361f7c4726a7509509184 seamonkey-mail-1.0.9-6.el4.x86_64.rpm 070554906644c4849f87343733d7d720 seamonkey-nspr-1.0.9-6.el4.i386.rpm 27068f5b4cde9563488e3e2790c670f1 seamonkey-nspr-1.0.9-6.el4.x86_64.rpm f2ff29ecfff4959b036fb092ddfa8bf3 seamonkey-nspr-devel-1.0.9-6.el4.x86_64.rpm 87cb3e83fc91005014e34e70e0caab38 seamonkey-nss-1.0.9-6.el4.i386.rpm 0db532b5ed634fdfa8f6ff8a8eb48d07 seamonkey-nss-1.0.9-6.el4.x86_64.rpm fe408300912b9b6e8a7e73532f1a1a40 seamonkey-nss-devel-1.0.9-6.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHGNW5XlSAg2UNWIIRAqdfAJ97i/ngodLGkfsDH3f2MB9lERp22gCfVdh9 tnM4YeJH3s0tmKM4W3JFAjQ= =cbki -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 19 16:05:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 19 Oct 2007 12:05:24 -0400 Subject: [RHSA-2007:0981-01] Moderate: thunderbird security update Message-ID: <200710191605.l9JG5Ocg013348@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2007:0981-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0981.html Issue date: 2007-10-19 Updated on: 2007-10-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 - --------------------------------------------------------------------- 1. Summary: Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 333991 - Mozilla products security update (CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-0.5.el4.src.rpm e6069c001427ad2e2f4c5f5ab0b5f85a thunderbird-1.5.0.12-0.5.el4.src.rpm i386: 85ce35b976888a1591d3c58de77af18a thunderbird-1.5.0.12-0.5.el4.i386.rpm a4508e34bdb40f94c9c499979b86efb1 thunderbird-debuginfo-1.5.0.12-0.5.el4.i386.rpm ia64: b1de1c0e22e09d3d58edf1dd7631ee67 thunderbird-1.5.0.12-0.5.el4.ia64.rpm bc2c3c00d9e1f8e4160cfe66cee7cfbc thunderbird-debuginfo-1.5.0.12-0.5.el4.ia64.rpm ppc: 2ac3cf8c6ce9be5b6a63632cbb801a1f thunderbird-1.5.0.12-0.5.el4.ppc.rpm 6b8855d7ef3ca9bd79e78d326c5aa3de thunderbird-debuginfo-1.5.0.12-0.5.el4.ppc.rpm s390: 9924d1f9427276da09607fae32941262 thunderbird-1.5.0.12-0.5.el4.s390.rpm 9992e72886fd10fc64504859685ca02b thunderbird-debuginfo-1.5.0.12-0.5.el4.s390.rpm s390x: 7b2dbfdbcc08d51f4611e3dc18e3d969 thunderbird-1.5.0.12-0.5.el4.s390x.rpm 7eaaf5b97444fb9af47c64ff0120a79d thunderbird-debuginfo-1.5.0.12-0.5.el4.s390x.rpm x86_64: 275fc6584beeff8258a2e4b85d11de41 thunderbird-1.5.0.12-0.5.el4.x86_64.rpm 23dffb3eac54e0c355066aeb000bef35 thunderbird-debuginfo-1.5.0.12-0.5.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-0.5.el4.src.rpm e6069c001427ad2e2f4c5f5ab0b5f85a thunderbird-1.5.0.12-0.5.el4.src.rpm i386: 85ce35b976888a1591d3c58de77af18a thunderbird-1.5.0.12-0.5.el4.i386.rpm a4508e34bdb40f94c9c499979b86efb1 thunderbird-debuginfo-1.5.0.12-0.5.el4.i386.rpm x86_64: 275fc6584beeff8258a2e4b85d11de41 thunderbird-1.5.0.12-0.5.el4.x86_64.rpm 23dffb3eac54e0c355066aeb000bef35 thunderbird-debuginfo-1.5.0.12-0.5.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-0.5.el4.src.rpm e6069c001427ad2e2f4c5f5ab0b5f85a thunderbird-1.5.0.12-0.5.el4.src.rpm i386: 85ce35b976888a1591d3c58de77af18a thunderbird-1.5.0.12-0.5.el4.i386.rpm a4508e34bdb40f94c9c499979b86efb1 thunderbird-debuginfo-1.5.0.12-0.5.el4.i386.rpm ia64: b1de1c0e22e09d3d58edf1dd7631ee67 thunderbird-1.5.0.12-0.5.el4.ia64.rpm bc2c3c00d9e1f8e4160cfe66cee7cfbc thunderbird-debuginfo-1.5.0.12-0.5.el4.ia64.rpm x86_64: 275fc6584beeff8258a2e4b85d11de41 thunderbird-1.5.0.12-0.5.el4.x86_64.rpm 23dffb3eac54e0c355066aeb000bef35 thunderbird-debuginfo-1.5.0.12-0.5.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-0.5.el4.src.rpm e6069c001427ad2e2f4c5f5ab0b5f85a thunderbird-1.5.0.12-0.5.el4.src.rpm i386: 85ce35b976888a1591d3c58de77af18a thunderbird-1.5.0.12-0.5.el4.i386.rpm a4508e34bdb40f94c9c499979b86efb1 thunderbird-debuginfo-1.5.0.12-0.5.el4.i386.rpm ia64: b1de1c0e22e09d3d58edf1dd7631ee67 thunderbird-1.5.0.12-0.5.el4.ia64.rpm bc2c3c00d9e1f8e4160cfe66cee7cfbc thunderbird-debuginfo-1.5.0.12-0.5.el4.ia64.rpm x86_64: 275fc6584beeff8258a2e4b85d11de41 thunderbird-1.5.0.12-0.5.el4.x86_64.rpm 23dffb3eac54e0c355066aeb000bef35 thunderbird-debuginfo-1.5.0.12-0.5.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-1.5.0.12-5.el5.src.rpm dda97b140a9002f46639c7836d110065 thunderbird-1.5.0.12-5.el5.src.rpm i386: 379a1f33e2cd351ff772852ecc30b290 thunderbird-1.5.0.12-5.el5.i386.rpm 2a0d70646f1cb793a953311cd089ff68 thunderbird-debuginfo-1.5.0.12-5.el5.i386.rpm x86_64: e948a39bad632b09c0bee08ef65f16b6 thunderbird-1.5.0.12-5.el5.x86_64.rpm dacc917e7d607776aabb3d599a5e27b1 thunderbird-debuginfo-1.5.0.12-5.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-1.5.0.12-5.el5.src.rpm dda97b140a9002f46639c7836d110065 thunderbird-1.5.0.12-5.el5.src.rpm i386: 379a1f33e2cd351ff772852ecc30b290 thunderbird-1.5.0.12-5.el5.i386.rpm 2a0d70646f1cb793a953311cd089ff68 thunderbird-debuginfo-1.5.0.12-5.el5.i386.rpm x86_64: e948a39bad632b09c0bee08ef65f16b6 thunderbird-1.5.0.12-5.el5.x86_64.rpm dacc917e7d607776aabb3d599a5e27b1 thunderbird-debuginfo-1.5.0.12-5.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHGNXBXlSAg2UNWIIRApCQAKDA0VfzYpax9A+viYQxwNL/goZJsgCeL9T/ Y3H2BbvgBU0wB+EY4NK9m8s= =/b/Y -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 22 10:44:25 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Oct 2007 06:44:25 -0400 Subject: [RHSA-2007:0813-01] Moderate: openssl security update Message-ID: <200710221044.l9MAiPoA025110@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2007:0813-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0813.html Issue date: 2007-10-22 Updated on: 2007-10-22 Product: Red Hat Enterprise Linux Cross references: RHSA-2007:0806 CVE Names: CVE-2007-3108 CVE-2007-5135 - --------------------------------------------------------------------- 1. Summary: Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245732 - CVE-2007-3108 RSA side-channel attack 250573 - CVE-NONE openssl branch prediction attacks 309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm i386: e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm 29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm 8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm ia64: 7b3744aaf24edc10108b035eb4201e8a openssl-0.9.6b-48.ia64.rpm b4ef30aa6c02c246af8ecc6239bd27c9 openssl-devel-0.9.6b-48.ia64.rpm 1f73927a5997209a03d171b241fea780 openssl-perl-0.9.6b-48.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm ia64: 7b3744aaf24edc10108b035eb4201e8a openssl-0.9.6b-48.ia64.rpm b4ef30aa6c02c246af8ecc6239bd27c9 openssl-devel-0.9.6b-48.ia64.rpm 1f73927a5997209a03d171b241fea780 openssl-perl-0.9.6b-48.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm i386: e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm 29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm 8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm i386: e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm 29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm 8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm ia64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm 9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm 5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm ppc: c762fa662388f5a5275b7dde930b2248 openssl-0.9.7a-33.24.ppc.rpm be5500db07523ca80a9c3c0d76d9c60c openssl-0.9.7a-33.24.ppc64.rpm 8e6393deb6259106bee5a688f5207b4a openssl-debuginfo-0.9.7a-33.24.ppc.rpm 7cad1081f26623f5ed741cf8e2593541 openssl-debuginfo-0.9.7a-33.24.ppc64.rpm a5aeeed998d77dec869f595cd3315bc8 openssl-devel-0.9.7a-33.24.ppc.rpm 86ccb62b0a712d5d98a229f9545dccd4 openssl-perl-0.9.7a-33.24.ppc.rpm s390: 9eccbeb0fcc59b9218d082f9c85b5ea1 openssl-0.9.7a-33.24.s390.rpm 3da3860e8890f76a59d6697e547a0b01 openssl-debuginfo-0.9.7a-33.24.s390.rpm c6e9aec6b0a2d7500c64d964d2b742b7 openssl-devel-0.9.7a-33.24.s390.rpm db1be7fee72ff6d686cca42bc40cbfe9 openssl-perl-0.9.7a-33.24.s390.rpm s390x: 9eccbeb0fcc59b9218d082f9c85b5ea1 openssl-0.9.7a-33.24.s390.rpm 443dd8a5a6434f373d9ac8ae9974e6b4 openssl-0.9.7a-33.24.s390x.rpm 3da3860e8890f76a59d6697e547a0b01 openssl-debuginfo-0.9.7a-33.24.s390.rpm 72755a7981cb27bbaf18bc0fe95e3bb1 openssl-debuginfo-0.9.7a-33.24.s390x.rpm b5ece9779173a3012a9b33bafb04fc36 openssl-devel-0.9.7a-33.24.s390x.rpm 312156b73990ad5d8ab0ca6f4bf09d3c openssl-perl-0.9.7a-33.24.s390x.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm ia64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm 9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm 5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm ia64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm 9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm 5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHH76XlSAg2UNWIIRAmiUAKCqMAlc2iDwiFVDsErkPCbEBRVOTQCfRc2y BlD70FkWDMYdVlTzfod+X1k= =V23I -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 22 10:53:14 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Oct 2007 06:53:14 -0400 Subject: [RHSA-2007:0940-01] Important: kernel security update Message-ID: <200710221053.l9MArEFM026438@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2007:0940-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0940.html Issue date: 2007-10-22 Updated on: 2007-10-22 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3105 CVE-2007-3380 CVE-2007-3513 CVE-2007-3731 CVE-2007-3848 CVE-2007-3850 CVE-2007-4308 CVE-2007-4133 CVE-2007-4574 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. (CVE-2007-4574, Important) * A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * A flaw was found in the Distributed Lock Manager (DLM) in the cluster manager. This allowed a remote user who is able to connect to the DLM port to cause a denial of service. (CVE-2007-3380, Important) * A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate) * A flaw was found in the prio_tree handling of the hugetlb support that allowed a local user to cause a denial of service. This only affected kernels with hugetlb support. (CVE-2007-4133, Moderate) * A flaw was found in the eHCA driver on PowerPC architectures that allowed a local user to access 60k of physical address space. This address space could contain sensitive information. (CVE-2007-3850, Moderate) * A flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate) * A flaw was found in the usblcd driver that allowed a local user to cause a denial of service by writing data to the device node. To exploit this issue, write access to the device node was needed. (CVE-2007-3513, Moderate) * A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. If the root user raised the default wakeup threshold over the size of the output pool, this flaw could be exploited. (CVE-2007-3105, Low) In addition to the security issues described above, several bug fixes preventing possible system crashes and data corruption were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245922 - CVE-2007-3380 A TCP connection to DLM port blocks DLM operations 247728 - CVE-2007-3513 Locally triggerable memory consumption in usblcd 248324 - CVE-2007-3731 NULL pointer dereference triggered by ptrace 248325 - CVE-2007-3105 Bound check ordering issue in random driver 250972 - CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG 252309 - CVE-2007-4308 Missing ioctl() permission checks in aacraid driver 253926 - CVE-2007-4133 prio_tree unit kernel panic 298141 - CVE-2007-4574 EM64T local DoS 308811 - CVE-2007-3850 kernel LTC31426-4k page mapping support for userspace in 64k kernels 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-8.1.15.el5.src.rpm 96e7f738ecce94568d5bb134189c326c kernel-2.6.18-8.1.15.el5.src.rpm i386: f862f2df0259807e71880bd71b7d459c kernel-2.6.18-8.1.15.el5.i686.rpm 04fa118c137a7ed248e9c906df961528 kernel-PAE-2.6.18-8.1.15.el5.i686.rpm 04e2f8b037a27ab6f4943d496339079a kernel-PAE-debuginfo-2.6.18-8.1.15.el5.i686.rpm a2850422391d9909877543b3aca1c16b kernel-PAE-devel-2.6.18-8.1.15.el5.i686.rpm c94b1a5980aa9183b2563ee97af1ec39 kernel-debuginfo-2.6.18-8.1.15.el5.i686.rpm 796744b00942d2ff7aaec2a0519e1c18 kernel-debuginfo-common-2.6.18-8.1.15.el5.i686.rpm fe3e7757c2a305387104d1d3a23eaff4 kernel-devel-2.6.18-8.1.15.el5.i686.rpm e2d502422d61345c2b5e14397358eccc kernel-headers-2.6.18-8.1.15.el5.i386.rpm ea4b753172c08f45e0d67ac8bdd60bf8 kernel-xen-2.6.18-8.1.15.el5.i686.rpm 7310e6056cfacd977b6e9a6e4dbdeaa3 kernel-xen-debuginfo-2.6.18-8.1.15.el5.i686.rpm 9c709312d55ca786d01302618aa50309 kernel-xen-devel-2.6.18-8.1.15.el5.i686.rpm noarch: 82503886fa27faada673b4c5b51f5e91 kernel-doc-2.6.18-8.1.15.el5.noarch.rpm x86_64: 47227f2902ab9ed3e2bf56836cf3f8c8 kernel-2.6.18-8.1.15.el5.x86_64.rpm a7923c0f2724d9c7f844f98cdc6bc4c6 kernel-debuginfo-2.6.18-8.1.15.el5.x86_64.rpm 936c2ebb45de91e38ec406dbd4ea1552 kernel-debuginfo-common-2.6.18-8.1.15.el5.x86_64.rpm de0ab04f9ece35d22230277e57ac4163 kernel-devel-2.6.18-8.1.15.el5.x86_64.rpm 7b14e095feb0be96ed4335c99aeff961 kernel-headers-2.6.18-8.1.15.el5.x86_64.rpm 97d1aac9db45b83ef9ab05ccfa6e41d9 kernel-xen-2.6.18-8.1.15.el5.x86_64.rpm 70908a1f7e420369a81fb2c6772bb94d kernel-xen-debuginfo-2.6.18-8.1.15.el5.x86_64.rpm e1356a3b6a13306a0da4da273b78c8de kernel-xen-devel-2.6.18-8.1.15.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-8.1.15.el5.src.rpm 96e7f738ecce94568d5bb134189c326c kernel-2.6.18-8.1.15.el5.src.rpm i386: f862f2df0259807e71880bd71b7d459c kernel-2.6.18-8.1.15.el5.i686.rpm 04fa118c137a7ed248e9c906df961528 kernel-PAE-2.6.18-8.1.15.el5.i686.rpm 04e2f8b037a27ab6f4943d496339079a kernel-PAE-debuginfo-2.6.18-8.1.15.el5.i686.rpm a2850422391d9909877543b3aca1c16b kernel-PAE-devel-2.6.18-8.1.15.el5.i686.rpm c94b1a5980aa9183b2563ee97af1ec39 kernel-debuginfo-2.6.18-8.1.15.el5.i686.rpm 796744b00942d2ff7aaec2a0519e1c18 kernel-debuginfo-common-2.6.18-8.1.15.el5.i686.rpm fe3e7757c2a305387104d1d3a23eaff4 kernel-devel-2.6.18-8.1.15.el5.i686.rpm e2d502422d61345c2b5e14397358eccc kernel-headers-2.6.18-8.1.15.el5.i386.rpm ea4b753172c08f45e0d67ac8bdd60bf8 kernel-xen-2.6.18-8.1.15.el5.i686.rpm 7310e6056cfacd977b6e9a6e4dbdeaa3 kernel-xen-debuginfo-2.6.18-8.1.15.el5.i686.rpm 9c709312d55ca786d01302618aa50309 kernel-xen-devel-2.6.18-8.1.15.el5.i686.rpm ia64: d359d0330e7b6804af362af1eb1adc7d kernel-2.6.18-8.1.15.el5.ia64.rpm ef7242edeab0b6b4e819931012a9ac77 kernel-debuginfo-2.6.18-8.1.15.el5.ia64.rpm 70d97793b3913609d98a56716d788fa8 kernel-debuginfo-common-2.6.18-8.1.15.el5.ia64.rpm 3376e3721a0409159040aa448d2e7c63 kernel-devel-2.6.18-8.1.15.el5.ia64.rpm 9b176d5a29ee2f4ddfded0e6317b5260 kernel-headers-2.6.18-8.1.15.el5.ia64.rpm d48babc1ecb538673533d2c00017773f kernel-xen-2.6.18-8.1.15.el5.ia64.rpm 7d095696578e0b8c6da43885a7f0b119 kernel-xen-debuginfo-2.6.18-8.1.15.el5.ia64.rpm e65b46be5519d6e9cda212a2f52cbc51 kernel-xen-devel-2.6.18-8.1.15.el5.ia64.rpm noarch: 82503886fa27faada673b4c5b51f5e91 kernel-doc-2.6.18-8.1.15.el5.noarch.rpm ppc: 075c973a5187cfc363b4039743c851a1 kernel-2.6.18-8.1.15.el5.ppc64.rpm dcdec27094c2c3ad8ac98ad549f7e2b9 kernel-debuginfo-2.6.18-8.1.15.el5.ppc64.rpm b3146028b8afb016a14629f203341a66 kernel-debuginfo-common-2.6.18-8.1.15.el5.ppc64.rpm 28cb4c0282755727b1d0960b188816a6 kernel-devel-2.6.18-8.1.15.el5.ppc64.rpm 7b52271f10576a5649ae85050732ad62 kernel-headers-2.6.18-8.1.15.el5.ppc.rpm b66c688e3bae66044baa5f8d987d5606 kernel-headers-2.6.18-8.1.15.el5.ppc64.rpm 2d6a3bed623a2ae016793e99c283dfea kernel-kdump-2.6.18-8.1.15.el5.ppc64.rpm 8ba60265e125f856c813cafcf1587a56 kernel-kdump-debuginfo-2.6.18-8.1.15.el5.ppc64.rpm d5d1dd7a6b076f01338430fc45570192 kernel-kdump-devel-2.6.18-8.1.15.el5.ppc64.rpm s390x: e0982a8fa0d9e315cb3b7dc7efcacfde kernel-2.6.18-8.1.15.el5.s390x.rpm 38f795e7b02840409e2afceaf6659211 kernel-debuginfo-2.6.18-8.1.15.el5.s390x.rpm ff1b32db3d923a14e969eed741c22e88 kernel-debuginfo-common-2.6.18-8.1.15.el5.s390x.rpm e0fd341c4267569f79589ed67d151d92 kernel-devel-2.6.18-8.1.15.el5.s390x.rpm d616fd9a1ecac69f961977ee2e3d0288 kernel-headers-2.6.18-8.1.15.el5.s390x.rpm x86_64: 47227f2902ab9ed3e2bf56836cf3f8c8 kernel-2.6.18-8.1.15.el5.x86_64.rpm a7923c0f2724d9c7f844f98cdc6bc4c6 kernel-debuginfo-2.6.18-8.1.15.el5.x86_64.rpm 936c2ebb45de91e38ec406dbd4ea1552 kernel-debuginfo-common-2.6.18-8.1.15.el5.x86_64.rpm de0ab04f9ece35d22230277e57ac4163 kernel-devel-2.6.18-8.1.15.el5.x86_64.rpm 7b14e095feb0be96ed4335c99aeff961 kernel-headers-2.6.18-8.1.15.el5.x86_64.rpm 97d1aac9db45b83ef9ab05ccfa6e41d9 kernel-xen-2.6.18-8.1.15.el5.x86_64.rpm 70908a1f7e420369a81fb2c6772bb94d kernel-xen-debuginfo-2.6.18-8.1.15.el5.x86_64.rpm e1356a3b6a13306a0da4da273b78c8de kernel-xen-devel-2.6.18-8.1.15.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3731 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4574 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHIEFXlSAg2UNWIIRAqflAJ9WjecqY68XP5N3RPfKKC2vwR4tyACfVJF/ apZqUd5xaSNM+TO7elKMh8M= =Z0n2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 22 15:49:33 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Oct 2007 11:49:33 -0400 Subject: [RHSA-2007:0975-02] Important: flac security update Message-ID: <200710221549.l9MFnX3E008744@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: flac security update Advisory ID: RHSA-2007:0975-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0975.html Issue date: 2007-10-22 Updated on: 2007-10-22 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4619 - --------------------------------------------------------------------- 1. Summary: An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 331991 - CVE-2007-4619 FLAC Integer overflows 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm ia64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm 9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm 5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm ppc: 184b7fafd7a5ed2e2b334d737b9dad90 flac-1.1.0-7.el4_5.2.ppc.rpm f78edb2aeb440f8b8640c4fbddf2710b flac-1.1.0-7.el4_5.2.ppc64.rpm 9276d16e87e9e550d83ce782db34c52e flac-debuginfo-1.1.0-7.el4_5.2.ppc.rpm 27f02a41c8f78e6ca4c6057484a3fc28 flac-debuginfo-1.1.0-7.el4_5.2.ppc64.rpm 57baef335123034cb0d09c748bc986ce flac-devel-1.1.0-7.el4_5.2.ppc.rpm 041129c822241a9f05f48db18dd4444e xmms-flac-1.1.0-7.el4_5.2.ppc.rpm s390: 0577eff8b7303a9a311a9ab5821e99c7 flac-1.1.0-7.el4_5.2.s390.rpm 80bae29006433c509abd79056455d2b5 flac-debuginfo-1.1.0-7.el4_5.2.s390.rpm 72a11ace1105cc3c4caf0302a573d100 flac-devel-1.1.0-7.el4_5.2.s390.rpm 83e98de9ed7257deccf64bfeadf9e955 xmms-flac-1.1.0-7.el4_5.2.s390.rpm s390x: 0577eff8b7303a9a311a9ab5821e99c7 flac-1.1.0-7.el4_5.2.s390.rpm b9f0b84374b5d552728b1d6cb47f0ef8 flac-1.1.0-7.el4_5.2.s390x.rpm 80bae29006433c509abd79056455d2b5 flac-debuginfo-1.1.0-7.el4_5.2.s390.rpm 7d6031748d452b7259a60fa0af21d4bf flac-debuginfo-1.1.0-7.el4_5.2.s390x.rpm 8738d7b7b2c251cef2f791e1cd846483 flac-devel-1.1.0-7.el4_5.2.s390x.rpm 8ecf0e7c96034cc9742c9b90a6de8258 xmms-flac-1.1.0-7.el4_5.2.s390x.rpm x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm ia64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm 9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm 5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm ia64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm 9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm 5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/flac-1.1.2-28.el5_0.1.src.rpm 3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm i386: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm x86_64: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 9b95c3d9efb3abcf828fa1b2e769027b flac-1.1.2-28.el5_0.1.x86_64.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/flac-1.1.2-28.el5_0.1.src.rpm 3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm i386: 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm x86_64: 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm 62e04b284340920f8660d7262f1a4036 flac-devel-1.1.2-28.el5_0.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/flac-1.1.2-28.el5_0.1.src.rpm 3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm i386: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm ia64: fd01db6b4d0945e884cab6e6258d82d2 flac-1.1.2-28.el5_0.1.ia64.rpm e82680450bf807e4b5b4cc71ce72e2b8 flac-debuginfo-1.1.2-28.el5_0.1.ia64.rpm 30ad312b0e269d377f350fba71d861be flac-devel-1.1.2-28.el5_0.1.ia64.rpm ppc: 5b3943171819aa7879796cb622383209 flac-1.1.2-28.el5_0.1.ppc.rpm 2e8bdcb5d2f178dab798a37b315a3081 flac-1.1.2-28.el5_0.1.ppc64.rpm 8fc3a5070be7271696e28b9836dd84db flac-debuginfo-1.1.2-28.el5_0.1.ppc.rpm 03997f954c1f2fb1baeb6ce76016441a flac-debuginfo-1.1.2-28.el5_0.1.ppc64.rpm 279c295c7365c4e5ccd333a04c2bb206 flac-devel-1.1.2-28.el5_0.1.ppc.rpm e24423a67f8d97857ada252378e3c501 flac-devel-1.1.2-28.el5_0.1.ppc64.rpm s390x: fc2b06b6529e0c0ea3aaa5c6bb8f8a60 flac-1.1.2-28.el5_0.1.s390.rpm 312afc68d82be827607cc4bc9709993c flac-1.1.2-28.el5_0.1.s390x.rpm c7c60e89d26de29498b0afc2457418f7 flac-debuginfo-1.1.2-28.el5_0.1.s390.rpm 161d8f9a624f1898fe583e4a360f6bbe flac-debuginfo-1.1.2-28.el5_0.1.s390x.rpm 89a33fd0e6a5eaa8ed8608731830d06a flac-devel-1.1.2-28.el5_0.1.s390.rpm 47551c0d545ee9e7ba19e5659b2e4c6d flac-devel-1.1.2-28.el5_0.1.s390x.rpm x86_64: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 9b95c3d9efb3abcf828fa1b2e769027b flac-1.1.2-28.el5_0.1.x86_64.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm 62e04b284340920f8660d7262f1a4036 flac-devel-1.1.2-28.el5_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHMaLXlSAg2UNWIIRAsv9AJ92kKFR1oO3HvLU48yy345oSzux8ACgqpBp 2LoPfiGhja1pQYAgNNfs1ps= =dzcs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 23 12:57:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Oct 2007 08:57:23 -0400 Subject: [RHSA-2007:0970-01] Important: dhcp security update Message-ID: <200710231257.l9NCvN11027030@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: dhcp security update Advisory ID: RHSA-2007:0970-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0970.html Issue date: 2007-10-23 Updated on: 2007-10-23 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5365 - --------------------------------------------------------------------- 1. Summary: An updated dhcp package that corrects a security flaw is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 3. Problem description: The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows devices to get their own network configuration information from a server. A bug was found in the way dhcpd validates certain DHCP protocol options. A malicious DHCP client could send a carefully crafted DHCP request and cause dhcpd to crash or possibly execute arbitrary code. (CVE-2007-5365) All users of dhcp should upgrade to this updated package, which contains a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 327781 - CVE-2007-5365 dhcpd stack-based buffer overlow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dhcp-2.0pl5-11.src.rpm bc3905c228b60bbc915df1b3b15d6f12 dhcp-2.0pl5-11.src.rpm i386: 79e4f918da843b09ffa9d9ee6c09e89c dhcp-2.0pl5-11.i386.rpm ia64: c490264ff32b441938a6543185f22b43 dhcp-2.0pl5-11.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dhcp-2.0pl5-11.src.rpm bc3905c228b60bbc915df1b3b15d6f12 dhcp-2.0pl5-11.src.rpm ia64: c490264ff32b441938a6543185f22b43 dhcp-2.0pl5-11.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dhcp-2.0pl5-11.src.rpm bc3905c228b60bbc915df1b3b15d6f12 dhcp-2.0pl5-11.src.rpm i386: 79e4f918da843b09ffa9d9ee6c09e89c dhcp-2.0pl5-11.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5365 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHe+MXlSAg2UNWIIRAtmvAKCbpRONtAP6FJxjAjaMelUfq7wLTACfcX0v A0ePQKfXEgQyCpx9q4nLQ5k= =c6wu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 23 15:55:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Oct 2007 11:55:15 -0400 Subject: [RHSA-2007:0888-01] Moderate: php security update Message-ID: <200710231555.l9NFtFY8026228@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2007:0888-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0888.html Issue date: 2007-10-23 Updated on: 2007-10-23 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-2509 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-4670 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_script function with a user-supplied third argument. (CVE-2007-2872) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799) A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 239014 - CVE-2007-2509 php CRLF injection 242032 - CVE-2007-2872 php chunk_split integer overflow 250726 - CVE-2007-3799 php cross-site cookie insertion 278031 - CVE-2007-3996 php multiple integer overflows in gd 278041 - CVE-2007-4670 php malformed cookie handling 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.19.src.rpm d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm i386: 2c6c7d5c75706e695608992a48312dc9 php-4.1.2-2.19.i386.rpm ac1a914700f541022790f14f7f4be67e php-devel-4.1.2-2.19.i386.rpm dbb6a6a436edfd6af00ceb50c69871f0 php-imap-4.1.2-2.19.i386.rpm e18872974d96d7d6645ff9eb5e8df70e php-ldap-4.1.2-2.19.i386.rpm 0b5816829e4fe08c75da34bc49f235b0 php-manual-4.1.2-2.19.i386.rpm 4e1ffad2e6f96b7099fb60f8ee7b41de php-mysql-4.1.2-2.19.i386.rpm 27a0b33680d1380c3e27292881e5ddb3 php-odbc-4.1.2-2.19.i386.rpm cdd8dab08dc25799a4bc56d23157aa64 php-pgsql-4.1.2-2.19.i386.rpm ia64: 6f9788224b1a661895378c206402d190 php-4.1.2-2.19.ia64.rpm dcfe6c96266cc9c0f7cf6bac756dc548 php-devel-4.1.2-2.19.ia64.rpm 539a654c81629bfbda65b5e9827d9da0 php-imap-4.1.2-2.19.ia64.rpm 7152cbca5380150e77098c616af0e7dd php-ldap-4.1.2-2.19.ia64.rpm 06098dc1102450a0f11ae94823f6c4b0 php-manual-4.1.2-2.19.ia64.rpm 546cb984504a375bbdad6999e2b0748f php-mysql-4.1.2-2.19.ia64.rpm fdb45b74ed4414297f0fe366507b3d44 php-odbc-4.1.2-2.19.ia64.rpm a8a8b6b9e5da2af891fddb1199c429f4 php-pgsql-4.1.2-2.19.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.19.src.rpm d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm ia64: 6f9788224b1a661895378c206402d190 php-4.1.2-2.19.ia64.rpm dcfe6c96266cc9c0f7cf6bac756dc548 php-devel-4.1.2-2.19.ia64.rpm 539a654c81629bfbda65b5e9827d9da0 php-imap-4.1.2-2.19.ia64.rpm 7152cbca5380150e77098c616af0e7dd php-ldap-4.1.2-2.19.ia64.rpm 06098dc1102450a0f11ae94823f6c4b0 php-manual-4.1.2-2.19.ia64.rpm 546cb984504a375bbdad6999e2b0748f php-mysql-4.1.2-2.19.ia64.rpm fdb45b74ed4414297f0fe366507b3d44 php-odbc-4.1.2-2.19.ia64.rpm a8a8b6b9e5da2af891fddb1199c429f4 php-pgsql-4.1.2-2.19.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.19.src.rpm d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm i386: 2c6c7d5c75706e695608992a48312dc9 php-4.1.2-2.19.i386.rpm ac1a914700f541022790f14f7f4be67e php-devel-4.1.2-2.19.i386.rpm dbb6a6a436edfd6af00ceb50c69871f0 php-imap-4.1.2-2.19.i386.rpm e18872974d96d7d6645ff9eb5e8df70e php-ldap-4.1.2-2.19.i386.rpm 0b5816829e4fe08c75da34bc49f235b0 php-manual-4.1.2-2.19.i386.rpm 4e1ffad2e6f96b7099fb60f8ee7b41de php-mysql-4.1.2-2.19.i386.rpm 27a0b33680d1380c3e27292881e5ddb3 php-odbc-4.1.2-2.19.i386.rpm cdd8dab08dc25799a4bc56d23157aa64 php-pgsql-4.1.2-2.19.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.19.src.rpm d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm i386: 2c6c7d5c75706e695608992a48312dc9 php-4.1.2-2.19.i386.rpm ac1a914700f541022790f14f7f4be67e php-devel-4.1.2-2.19.i386.rpm dbb6a6a436edfd6af00ceb50c69871f0 php-imap-4.1.2-2.19.i386.rpm e18872974d96d7d6645ff9eb5e8df70e php-ldap-4.1.2-2.19.i386.rpm 0b5816829e4fe08c75da34bc49f235b0 php-manual-4.1.2-2.19.i386.rpm 4e1ffad2e6f96b7099fb60f8ee7b41de php-mysql-4.1.2-2.19.i386.rpm 27a0b33680d1380c3e27292881e5ddb3 php-odbc-4.1.2-2.19.i386.rpm cdd8dab08dc25799a4bc56d23157aa64 php-pgsql-4.1.2-2.19.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHhlgXlSAg2UNWIIRAoabAJ43YcKi1lndvVCoQwviWs0zRB4n2wCfe1cd izhyPOFL/idOIOPZf/q10fw= =Gnpt -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 23 15:57:35 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Oct 2007 11:57:35 -0400 Subject: [RHSA-2007:0917-01] Moderate: php security update Message-ID: <200710231557.l9NFvZtf026407@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2007:0917-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0917.html Issue date: 2007-10-23 Updated on: 2007-10-23 Product: Red Hat Application Stack CVE Names: CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4659 CVE-2007-4658 CVE-2007-4670 CVE-2007-4661 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. These updated packages address the following vulnerabilities: Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658) A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799) A flaw was found in handling of dynamic changes to global variables. A script which used certain functions which change global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-4659) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_split function with a user-supplied third argument. (CVE-2007-4661) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 250726 - CVE-2007-3799 php cross-site cookie insertion 276081 - CVE-2007-3998 php floating point exception inside wordwrap 276531 - CVE-2007-4659 php zend_alter_ini_entry() memory_limit interruption 278011 - CVE-2007-4658 php money_format format string issue 278031 - CVE-2007-3996 php multiple integer overflows in gd 278041 - CVE-2007-4670 php malformed cookie handling 278161 - CVE-2007-4661 php size calculation in chunk_split 6. RPMs required: Red Hat Application Stack v2 for Enterprise Linux (v.5) : SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/php-5.2.3-3.el5s2.src.rpm e687175bc07eab174e25abfa0dca9534 php-5.2.3-3.el5s2.src.rpm i386: b75257f1461ddacc4225dfbd891b87c0 php-5.2.3-3.el5s2.i386.rpm cb472d5aaf4ead14957de0623bb3d4b0 php-bcmath-5.2.3-3.el5s2.i386.rpm 4699cbe6cdbc71a5f6a1759978f54251 php-cli-5.2.3-3.el5s2.i386.rpm 4724204a1e88eb1c5aed999dbf91ec67 php-common-5.2.3-3.el5s2.i386.rpm b9de6d61bfeac292c42f942fa9028ab0 php-dba-5.2.3-3.el5s2.i386.rpm 846597bc34fe474947aa7b53ccb5c9da php-debuginfo-5.2.3-3.el5s2.i386.rpm aabc9ea6aab27c1ee72a2f572b2a7d6e php-devel-5.2.3-3.el5s2.i386.rpm 8f80b518067d270abebebad0ae106ad3 php-gd-5.2.3-3.el5s2.i386.rpm 2a94e6d5702a43e7ce122700d10623df php-imap-5.2.3-3.el5s2.i386.rpm 9be1e1f1586fbed06b072fe1450f87a1 php-ldap-5.2.3-3.el5s2.i386.rpm 6022524a6d83957557931e40b2e7b0eb php-mbstring-5.2.3-3.el5s2.i386.rpm bdc5fdbeed9c3ec4a38d39f5c311a380 php-mysql-5.2.3-3.el5s2.i386.rpm 766c6870d011afdef2252b38586b8757 php-ncurses-5.2.3-3.el5s2.i386.rpm f485a913c5a2a62ecfab4af6ebdfeeb6 php-odbc-5.2.3-3.el5s2.i386.rpm 4accbad7b61afde3cf04e7080816ab27 php-pdo-5.2.3-3.el5s2.i386.rpm 948e9ded764717a015b13545f8c3ae76 php-pgsql-5.2.3-3.el5s2.i386.rpm 58d564da90e8cb502f5f275b306dbb40 php-snmp-5.2.3-3.el5s2.i386.rpm 3f4c98ff0f1e6bb6d82f095210b717d3 php-soap-5.2.3-3.el5s2.i386.rpm 8948939da05b4c3fba26361de13a8fba php-xml-5.2.3-3.el5s2.i386.rpm 112adcbe4b0d4d678b3e31b3283ac3cb php-xmlrpc-5.2.3-3.el5s2.i386.rpm x86_64: 1abd82cd077414578c0e9d089aad86a1 php-5.2.3-3.el5s2.x86_64.rpm f0ee0e1049ddf2468d2660de416e99f8 php-bcmath-5.2.3-3.el5s2.x86_64.rpm fed55d2cd7a05ef9a713a3dca80b7854 php-cli-5.2.3-3.el5s2.x86_64.rpm 0fe6dedad39ec7c72f365c73cea751be php-common-5.2.3-3.el5s2.x86_64.rpm 0fafd4f847edd0e46395883faf26158c php-dba-5.2.3-3.el5s2.x86_64.rpm 7e7de482ff435455ea95d8fcbd2b2433 php-debuginfo-5.2.3-3.el5s2.x86_64.rpm d9bb222938344fde246415f30b6707a4 php-devel-5.2.3-3.el5s2.x86_64.rpm e43176b50da43f3c03667cd839d40892 php-gd-5.2.3-3.el5s2.x86_64.rpm bcae5919312d5c7667aebd8c37f73def php-imap-5.2.3-3.el5s2.x86_64.rpm c46e4cff3b9d4951d99689d8b8e66450 php-ldap-5.2.3-3.el5s2.x86_64.rpm 1e7610c3e9f7980ed5746ad9d1617fa2 php-mbstring-5.2.3-3.el5s2.x86_64.rpm 9742d3a1435fd94b9546d9ec14e825ee php-mysql-5.2.3-3.el5s2.x86_64.rpm 19333f47eaae706437e09de493e8dc1a php-ncurses-5.2.3-3.el5s2.x86_64.rpm f320e99dd5c77c7c72cc675be50ad66f php-odbc-5.2.3-3.el5s2.x86_64.rpm 71081a91ab2a7479ebde113726316452 php-pdo-5.2.3-3.el5s2.x86_64.rpm f03c434be520b19dff2717e35a773038 php-pgsql-5.2.3-3.el5s2.x86_64.rpm 542e220bce399a52527e10bbc0266c9a php-snmp-5.2.3-3.el5s2.x86_64.rpm 2e093e544a9daab2d8d47949a98ecf12 php-soap-5.2.3-3.el5s2.x86_64.rpm 9dd382af22a630f7e9d8522c451713ad php-xml-5.2.3-3.el5s2.x86_64.rpm e5606dab1ed2af4baa68ddd3ba6fdfcb php-xmlrpc-5.2.3-3.el5s2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4661 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHhnlXlSAg2UNWIIRArgOAKCcE6ZyvVUUMqKHOiLf1nmeweksrwCcDWco 2fktGdioLm1gxvxa8q+xI2I= =0uCJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 23 16:58:39 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Oct 2007 12:58:39 -0400 Subject: [RHSA-2007:0992-01] Moderate: libpng security update Message-ID: <200710231658.l9NGwdIb004525@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2007:0992-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0992.html Issue date: 2007-10-23 Updated on: 2007-10-23 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5269 - --------------------------------------------------------------------- 1. Summary: Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Several flaws were discovered in the way libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-5269) Users should update to these updated packages which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 324771 - CVE-2007-5269 libpng DoS via multiple out-of-bounds reads 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 libpng-1.0.14-11.src.rpm i386: 0732df5ec12664939d67fca62b3da78b libpng-1.0.14-11.i386.rpm 4b312981223ae37653b226aa4f0e1c30 libpng-devel-1.0.14-11.i386.rpm ia64: f72eaeeac93446fbe94e3e7e9bfe8bf0 libpng-1.0.14-11.ia64.rpm 677500e029f8fd4899e44227f43d4649 libpng-devel-1.0.14-11.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 libpng-1.0.14-11.src.rpm ia64: f72eaeeac93446fbe94e3e7e9bfe8bf0 libpng-1.0.14-11.ia64.rpm 677500e029f8fd4899e44227f43d4649 libpng-devel-1.0.14-11.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 libpng-1.0.14-11.src.rpm i386: 0732df5ec12664939d67fca62b3da78b libpng-1.0.14-11.i386.rpm 4b312981223ae37653b226aa4f0e1c30 libpng-devel-1.0.14-11.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libpng-1.0.14-11.src.rpm 30e8ca77f1ae13695cbaaf67b4a5fe37 libpng-1.0.14-11.src.rpm i386: 0732df5ec12664939d67fca62b3da78b libpng-1.0.14-11.i386.rpm 4b312981223ae37653b226aa4f0e1c30 libpng-devel-1.0.14-11.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng-1.2.2-28.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc libpng10-1.0.13-18.src.rpm i386: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng-devel-1.2.2-28.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 libpng10-devel-1.0.13-18.i386.rpm ia64: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm acd381e3f94266b3542adec6d4e08416 libpng-1.2.2-28.ia64.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm a666b995d7064635d517900be42b6b7d libpng-debuginfo-1.2.2-28.ia64.rpm 245b83155a02385a4bc5fd03b4e6ccbc libpng-devel-1.2.2-28.ia64.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 26852e343c608d95663b7ae89f335abe libpng10-1.0.13-18.ia64.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 299089581c7e06c7b23d2ad4802f8206 libpng10-debuginfo-1.0.13-18.ia64.rpm c41b244b944a5abf14b5132da07928cd libpng10-devel-1.0.13-18.ia64.rpm ppc: 0a8761c27ccb7cc4900d15331dc1c12d libpng-1.2.2-28.ppc.rpm 9d5ec4aa6761d7914fd73831082e9299 libpng-1.2.2-28.ppc64.rpm dcb2d33eea4fcf6ae53d8900b8459e54 libpng-debuginfo-1.2.2-28.ppc.rpm 189d719cf677a66e61d4e0bba7621c48 libpng-debuginfo-1.2.2-28.ppc64.rpm 19e686a66398e92fea9b962bfae8ce5e libpng-devel-1.2.2-28.ppc.rpm fcf6b29d1b76daeb7bc6091109ecc9ed libpng10-1.0.13-18.ppc.rpm ef0ef7c74efd42f04067ff50b32ac3ac libpng10-1.0.13-18.ppc64.rpm b0ad0e3a8300f02fd8dd5bfe31dfaa46 libpng10-debuginfo-1.0.13-18.ppc.rpm 4c44bfc1cedbd4863bac74104259fd40 libpng10-debuginfo-1.0.13-18.ppc64.rpm 473b4b8c89ffc3dab3c56507b401c052 libpng10-devel-1.0.13-18.ppc.rpm s390: 968cb9a3a89a65daa6962096d3a58188 libpng-1.2.2-28.s390.rpm 6468e1ac8ec8fb49563fe5ce805f9a31 libpng-debuginfo-1.2.2-28.s390.rpm 362b6bb1f98f9104ca10974376620f2a libpng-devel-1.2.2-28.s390.rpm 7590e69979bf194292b755b0ac6bedf9 libpng10-1.0.13-18.s390.rpm ec9a2d33185949be0300935dcd77d6f8 libpng10-debuginfo-1.0.13-18.s390.rpm a57a419cd51068ef0dbdf1af7ba4c3c5 libpng10-devel-1.0.13-18.s390.rpm s390x: 968cb9a3a89a65daa6962096d3a58188 libpng-1.2.2-28.s390.rpm 6c8fe05498b1825d50e5f77d1168fad7 libpng-1.2.2-28.s390x.rpm 6468e1ac8ec8fb49563fe5ce805f9a31 libpng-debuginfo-1.2.2-28.s390.rpm 0598a620e5cbedfb1e8ce3f914b1c0cd libpng-debuginfo-1.2.2-28.s390x.rpm c827a52fc4e5617fec140aae565a7f10 libpng-devel-1.2.2-28.s390x.rpm 7590e69979bf194292b755b0ac6bedf9 libpng10-1.0.13-18.s390.rpm 1715d2cd8827a3c271e3d804a14b2e86 libpng10-1.0.13-18.s390x.rpm ec9a2d33185949be0300935dcd77d6f8 libpng10-debuginfo-1.0.13-18.s390.rpm a6aab85d5b9dce58fff21c511955f538 libpng10-debuginfo-1.0.13-18.s390x.rpm 4b90378e89a98c937bfd6dad7c33aa31 libpng10-devel-1.0.13-18.s390x.rpm x86_64: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-1.2.2-28.x86_64.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm 7df2b84e259320541bb0d1db427a8596 libpng-debuginfo-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng-devel-1.2.2-28.x86_64.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-1.0.13-18.x86_64.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 71eeaa31509e92e957875dff588b9f53 libpng10-debuginfo-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 libpng10-devel-1.0.13-18.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng-1.2.2-28.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc libpng10-1.0.13-18.src.rpm i386: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng-devel-1.2.2-28.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 libpng10-devel-1.0.13-18.i386.rpm x86_64: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-1.2.2-28.x86_64.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm 7df2b84e259320541bb0d1db427a8596 libpng-debuginfo-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng-devel-1.2.2-28.x86_64.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-1.0.13-18.x86_64.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 71eeaa31509e92e957875dff588b9f53 libpng10-debuginfo-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 libpng10-devel-1.0.13-18.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng-1.2.2-28.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc libpng10-1.0.13-18.src.rpm i386: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng-devel-1.2.2-28.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 libpng10-devel-1.0.13-18.i386.rpm ia64: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm acd381e3f94266b3542adec6d4e08416 libpng-1.2.2-28.ia64.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm a666b995d7064635d517900be42b6b7d libpng-debuginfo-1.2.2-28.ia64.rpm 245b83155a02385a4bc5fd03b4e6ccbc libpng-devel-1.2.2-28.ia64.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 26852e343c608d95663b7ae89f335abe libpng10-1.0.13-18.ia64.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 299089581c7e06c7b23d2ad4802f8206 libpng10-debuginfo-1.0.13-18.ia64.rpm c41b244b944a5abf14b5132da07928cd libpng10-devel-1.0.13-18.ia64.rpm x86_64: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-1.2.2-28.x86_64.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm 7df2b84e259320541bb0d1db427a8596 libpng-debuginfo-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng-devel-1.2.2-28.x86_64.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-1.0.13-18.x86_64.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 71eeaa31509e92e957875dff588b9f53 libpng10-debuginfo-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 libpng10-devel-1.0.13-18.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng-1.2.2-28.src.rpm 452b9ef105ad5a978b53a849429b2bdd libpng-1.2.2-28.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng10-1.0.13-18.src.rpm 7af8c69417b18c7c26ac0695095409dc libpng10-1.0.13-18.src.rpm i386: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm e2d924f7b4d38554b58b7f0f42b7e58c libpng-devel-1.2.2-28.i386.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 6678792260419468771c5363fb3484b3 libpng10-devel-1.0.13-18.i386.rpm ia64: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm acd381e3f94266b3542adec6d4e08416 libpng-1.2.2-28.ia64.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm a666b995d7064635d517900be42b6b7d libpng-debuginfo-1.2.2-28.ia64.rpm 245b83155a02385a4bc5fd03b4e6ccbc libpng-devel-1.2.2-28.ia64.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 26852e343c608d95663b7ae89f335abe libpng10-1.0.13-18.ia64.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 299089581c7e06c7b23d2ad4802f8206 libpng10-debuginfo-1.0.13-18.ia64.rpm c41b244b944a5abf14b5132da07928cd libpng10-devel-1.0.13-18.ia64.rpm x86_64: 9ac799c70e2aa25a03789a45b7f4a4d0 libpng-1.2.2-28.i386.rpm 7278777e2388c8a8ced54fc713ed4466 libpng-1.2.2-28.x86_64.rpm ead13a6806bdf0cd7f04a340cb50cc74 libpng-debuginfo-1.2.2-28.i386.rpm 7df2b84e259320541bb0d1db427a8596 libpng-debuginfo-1.2.2-28.x86_64.rpm 0d777274d05cef2a5790fac55046ced5 libpng-devel-1.2.2-28.x86_64.rpm 5bde1c74bb6a9bfbf0307b1c8197988f libpng10-1.0.13-18.i386.rpm 4333fc5ab13f02df083326e1a5a0d62a libpng10-1.0.13-18.x86_64.rpm 94dbecc1348bb05e1524bab518e4376b libpng10-debuginfo-1.0.13-18.i386.rpm 71eeaa31509e92e957875dff588b9f53 libpng10-debuginfo-1.0.13-18.x86_64.rpm 02c9d7f727053cfc0922b2f5f281b3c6 libpng10-devel-1.0.13-18.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng-1.2.7-3.el4_5.1.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 libpng10-1.0.16-3.el4_5.1.src.rpm i386: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng-devel-1.2.7-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm ia64: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm e0e382f23144b1db7236db07c93ff04b libpng-1.2.7-3.el4_5.1.ia64.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 72c307721ddd8a354de84b51479f03b4 libpng-debuginfo-1.2.7-3.el4_5.1.ia64.rpm 9b2ba4fa2a07659c915598d6c8950c90 libpng-devel-1.2.7-3.el4_5.1.ia64.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm 4cf8836500a6ffb6f8bb8f1fb3895e1e libpng10-1.0.16-3.el4_5.1.ia64.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 67e26aa7ed4665d013e4a62bdfd54195 libpng10-debuginfo-1.0.16-3.el4_5.1.ia64.rpm 94a1c1d37ccfaf2a22f60a261aff1431 libpng10-devel-1.0.16-3.el4_5.1.ia64.rpm ppc: 109c40de142c61a9d4178a49c8af72f0 libpng-1.2.7-3.el4_5.1.ppc.rpm 1fdcafde194c3deb7d1b23732fa98e5a libpng-1.2.7-3.el4_5.1.ppc64.rpm f712ff7698af07972d8ed445183b064e libpng-debuginfo-1.2.7-3.el4_5.1.ppc.rpm e3369115d45188efbb0ddcf8e125457d libpng-debuginfo-1.2.7-3.el4_5.1.ppc64.rpm 0badebb39d758e761f03257efe7ce84c libpng-devel-1.2.7-3.el4_5.1.ppc.rpm 66d86d2f5e530d8ea01ac37956d36dfe libpng10-1.0.16-3.el4_5.1.ppc.rpm d0d43d869a483fe9191e76140e212eba libpng10-1.0.16-3.el4_5.1.ppc64.rpm 5946151ab16ae40a50bd5900c9393593 libpng10-debuginfo-1.0.16-3.el4_5.1.ppc.rpm 8ea4302d134cf534e7b9ca036c795389 libpng10-debuginfo-1.0.16-3.el4_5.1.ppc64.rpm 918e652b7162445974b32dded8141319 libpng10-devel-1.0.16-3.el4_5.1.ppc.rpm s390: 8ad873d02bc00f7ba9ecb82b8cb4adf0 libpng-1.2.7-3.el4_5.1.s390.rpm b4681231e79ae557d9e16e5e4d31a10e libpng-debuginfo-1.2.7-3.el4_5.1.s390.rpm 88cd5db037c5df73de82e187758b4732 libpng-devel-1.2.7-3.el4_5.1.s390.rpm a7eb5891475fabe7bba2eefa49499f8f libpng10-1.0.16-3.el4_5.1.s390.rpm 1ff7d5cbfebc6d2cb670357ab5d15354 libpng10-debuginfo-1.0.16-3.el4_5.1.s390.rpm ae563e1a22d6b74c3b31a01aa15b5e92 libpng10-devel-1.0.16-3.el4_5.1.s390.rpm s390x: 8ad873d02bc00f7ba9ecb82b8cb4adf0 libpng-1.2.7-3.el4_5.1.s390.rpm c7afff88eb09b848033959d8ac581251 libpng-1.2.7-3.el4_5.1.s390x.rpm b4681231e79ae557d9e16e5e4d31a10e libpng-debuginfo-1.2.7-3.el4_5.1.s390.rpm 9da380decbf9b8c6e7e903ef41640f4d libpng-debuginfo-1.2.7-3.el4_5.1.s390x.rpm 99f200a2ed459ebea2cf7ce4c3cf5ccb libpng-devel-1.2.7-3.el4_5.1.s390x.rpm a7eb5891475fabe7bba2eefa49499f8f libpng10-1.0.16-3.el4_5.1.s390.rpm 57acd057bf0fc707930821128919f879 libpng10-1.0.16-3.el4_5.1.s390x.rpm 1ff7d5cbfebc6d2cb670357ab5d15354 libpng10-debuginfo-1.0.16-3.el4_5.1.s390.rpm 1abb891217b76593c66eeb74796065d4 libpng10-debuginfo-1.0.16-3.el4_5.1.s390x.rpm b8e55470d4a04f5d6729dba92cc85510 libpng10-devel-1.0.16-3.el4_5.1.s390x.rpm x86_64: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-1.2.7-3.el4_5.1.x86_64.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 7e1923acfdaab0e63aefc08f023e4491 libpng-debuginfo-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-1.0.16-3.el4_5.1.x86_64.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 9ddaf2654e3b56d37a9a0cf31dce380f libpng10-debuginfo-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng-1.2.7-3.el4_5.1.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 libpng10-1.0.16-3.el4_5.1.src.rpm i386: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng-devel-1.2.7-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm x86_64: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-1.2.7-3.el4_5.1.x86_64.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 7e1923acfdaab0e63aefc08f023e4491 libpng-debuginfo-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-1.0.16-3.el4_5.1.x86_64.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 9ddaf2654e3b56d37a9a0cf31dce380f libpng10-debuginfo-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng-1.2.7-3.el4_5.1.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 libpng10-1.0.16-3.el4_5.1.src.rpm i386: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng-devel-1.2.7-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm ia64: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm e0e382f23144b1db7236db07c93ff04b libpng-1.2.7-3.el4_5.1.ia64.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 72c307721ddd8a354de84b51479f03b4 libpng-debuginfo-1.2.7-3.el4_5.1.ia64.rpm 9b2ba4fa2a07659c915598d6c8950c90 libpng-devel-1.2.7-3.el4_5.1.ia64.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm 4cf8836500a6ffb6f8bb8f1fb3895e1e libpng10-1.0.16-3.el4_5.1.ia64.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 67e26aa7ed4665d013e4a62bdfd54195 libpng10-debuginfo-1.0.16-3.el4_5.1.ia64.rpm 94a1c1d37ccfaf2a22f60a261aff1431 libpng10-devel-1.0.16-3.el4_5.1.ia64.rpm x86_64: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-1.2.7-3.el4_5.1.x86_64.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 7e1923acfdaab0e63aefc08f023e4491 libpng-debuginfo-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-1.0.16-3.el4_5.1.x86_64.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 9ddaf2654e3b56d37a9a0cf31dce380f libpng10-debuginfo-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-3.el4_5.1.src.rpm 148984da8d07fac846d96f25aa0b3f70 libpng-1.2.7-3.el4_5.1.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-3.el4_5.1.src.rpm 395ef2c128e03d1ff37f1f59f2cd5ef0 libpng10-1.0.16-3.el4_5.1.src.rpm i386: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 359405978911789ddb6ee1e69fc9f5ff libpng-devel-1.2.7-3.el4_5.1.i386.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 3e4eeab10fd7b6df0354bc6546bed263 libpng10-devel-1.0.16-3.el4_5.1.i386.rpm ia64: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm e0e382f23144b1db7236db07c93ff04b libpng-1.2.7-3.el4_5.1.ia64.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 72c307721ddd8a354de84b51479f03b4 libpng-debuginfo-1.2.7-3.el4_5.1.ia64.rpm 9b2ba4fa2a07659c915598d6c8950c90 libpng-devel-1.2.7-3.el4_5.1.ia64.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm 4cf8836500a6ffb6f8bb8f1fb3895e1e libpng10-1.0.16-3.el4_5.1.ia64.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 67e26aa7ed4665d013e4a62bdfd54195 libpng10-debuginfo-1.0.16-3.el4_5.1.ia64.rpm 94a1c1d37ccfaf2a22f60a261aff1431 libpng10-devel-1.0.16-3.el4_5.1.ia64.rpm x86_64: 01f38cffc23b4a7835bb363bca4a59fb libpng-1.2.7-3.el4_5.1.i386.rpm d9ba46fa73e1178ffdf3468480d8ecb7 libpng-1.2.7-3.el4_5.1.x86_64.rpm 4a99bcce9fdd60e5a4ead952c54e673a libpng-debuginfo-1.2.7-3.el4_5.1.i386.rpm 7e1923acfdaab0e63aefc08f023e4491 libpng-debuginfo-1.2.7-3.el4_5.1.x86_64.rpm be677208234a0a66a3efb9e056914961 libpng-devel-1.2.7-3.el4_5.1.x86_64.rpm 5ef408a041b79d1ac8608d5d394be908 libpng10-1.0.16-3.el4_5.1.i386.rpm b0b5279c763c4bb1bd3ab313a1632f99 libpng10-1.0.16-3.el4_5.1.x86_64.rpm f6c4549505ebfb6b84a62ed075f367f5 libpng10-debuginfo-1.0.16-3.el4_5.1.i386.rpm 9ddaf2654e3b56d37a9a0cf31dce380f libpng10-debuginfo-1.0.16-3.el4_5.1.x86_64.rpm b9ed6cfeafc3c32d4b8d463f77609aec libpng10-devel-1.0.16-3.el4_5.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_0.1.src.rpm 87b94f6101b6d2cdf57f964ba6ae04d2 libpng-1.2.10-7.1.el5_0.1.src.rpm i386: 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.i386.rpm 031c8b61343a2f8e03bd89e46037fe4c libpng-debuginfo-1.2.10-7.1.el5_0.1.i386.rpm x86_64: 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.i386.rpm 27e8628c8b3c47a8f5a2b2b80b108708 libpng-1.2.10-7.1.el5_0.1.x86_64.rpm 031c8b61343a2f8e03bd89e46037fe4c libpng-debuginfo-1.2.10-7.1.el5_0.1.i386.rpm 5b57a586edc64fb34d1e0fcd94163321 libpng-debuginfo-1.2.10-7.1.el5_0.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_0.1.src.rpm 87b94f6101b6d2cdf57f964ba6ae04d2 libpng-1.2.10-7.1.el5_0.1.src.rpm i386: 031c8b61343a2f8e03bd89e46037fe4c libpng-debuginfo-1.2.10-7.1.el5_0.1.i386.rpm 65ef21ca6d3d0954adcb398cb00f285d libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm x86_64: 031c8b61343a2f8e03bd89e46037fe4c libpng-debuginfo-1.2.10-7.1.el5_0.1.i386.rpm 5b57a586edc64fb34d1e0fcd94163321 libpng-debuginfo-1.2.10-7.1.el5_0.1.x86_64.rpm 65ef21ca6d3d0954adcb398cb00f285d libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm 723b5a2156637e0b4101ae8318c85785 libpng-devel-1.2.10-7.1.el5_0.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-7.1.el5_0.1.src.rpm 87b94f6101b6d2cdf57f964ba6ae04d2 libpng-1.2.10-7.1.el5_0.1.src.rpm i386: 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.i386.rpm 031c8b61343a2f8e03bd89e46037fe4c libpng-debuginfo-1.2.10-7.1.el5_0.1.i386.rpm 65ef21ca6d3d0954adcb398cb00f285d libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm ia64: 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.i386.rpm 6b36c5108884419749ffc165d47f9afc libpng-1.2.10-7.1.el5_0.1.ia64.rpm 031c8b61343a2f8e03bd89e46037fe4c libpng-debuginfo-1.2.10-7.1.el5_0.1.i386.rpm a965d8345f76ac126070b1c24a00d29f libpng-debuginfo-1.2.10-7.1.el5_0.1.ia64.rpm c10072a581bbe5142303f90b375a2278 libpng-devel-1.2.10-7.1.el5_0.1.ia64.rpm ppc: 2fa00880cf8d53757bb9695e10362706 libpng-1.2.10-7.1.el5_0.1.ppc.rpm 91ec17d87bf25f9fad722a0b38ab6734 libpng-1.2.10-7.1.el5_0.1.ppc64.rpm b94b3ee228fdca3534bfb6f2c0fbb041 libpng-debuginfo-1.2.10-7.1.el5_0.1.ppc.rpm 67e4bd7f91dd376fbedc594949922628 libpng-debuginfo-1.2.10-7.1.el5_0.1.ppc64.rpm 576324386a2758c4bb8f9e9455600ac4 libpng-devel-1.2.10-7.1.el5_0.1.ppc.rpm 737e75e486443c58b7775ed79c594224 libpng-devel-1.2.10-7.1.el5_0.1.ppc64.rpm s390x: 772aa1d0ae113188171ccae531883d59 libpng-1.2.10-7.1.el5_0.1.s390.rpm 8aaa30ebc5cd568eedd37e1028ba82a2 libpng-1.2.10-7.1.el5_0.1.s390x.rpm 321beac09a2e579136c5d3d2f24ee210 libpng-debuginfo-1.2.10-7.1.el5_0.1.s390.rpm 9f2e61741560d21ffe4dde7739d0700c libpng-debuginfo-1.2.10-7.1.el5_0.1.s390x.rpm ef124a76d593c0a089921c0a61062fd5 libpng-devel-1.2.10-7.1.el5_0.1.s390.rpm aa4ad4049d1477039e5b31819b899f9f libpng-devel-1.2.10-7.1.el5_0.1.s390x.rpm x86_64: 6ca07548baaf0d6cdc1b37b202acfc7a libpng-1.2.10-7.1.el5_0.1.i386.rpm 27e8628c8b3c47a8f5a2b2b80b108708 libpng-1.2.10-7.1.el5_0.1.x86_64.rpm 031c8b61343a2f8e03bd89e46037fe4c libpng-debuginfo-1.2.10-7.1.el5_0.1.i386.rpm 5b57a586edc64fb34d1e0fcd94163321 libpng-debuginfo-1.2.10-7.1.el5_0.1.x86_64.rpm 65ef21ca6d3d0954adcb398cb00f285d libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm 723b5a2156637e0b4101ae8318c85785 libpng-devel-1.2.10-7.1.el5_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHig9XlSAg2UNWIIRAvMJAJ9yzZoxqfAUi3/nxfM8StpIGjM45QCfe4ft WdrOLEK21f2RdYbl0IM7BlE= =ydyq -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 25 17:37:51 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Oct 2007 13:37:51 -0400 Subject: [RHSA-2007:0891-01] Moderate: php security update Message-ID: <200710251737.l9PHbpm8010226@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2007:0891-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0891.html Issue date: 2007-10-25 Updated on: 2007-10-25 Product: Red Hat Application Stack CVE Names: CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 CVE-2007-4670 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. These updated packages address the following vulnerabilities: Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_script function with a user-supplied third argument. (CVE-2007-2872) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658) A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799) An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 242032 - CVE-2007-2872 php chunk_split integer overflow 242033 - CVE-2007-2756 php imagecreatefrompng infinite loop 250726 - CVE-2007-3799 php cross-site cookie insertion 276081 - CVE-2007-3998 php floating point exception inside wordwrap 278011 - CVE-2007-4658 php money_format format string issue 278031 - CVE-2007-3996 php multiple integer overflows in gd 278041 - CVE-2007-4670 php malformed cookie handling 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.8.src.rpm 5a5a93ea5e81fd4432071154467d55b2 php-5.1.6-3.el4s1.8.src.rpm i386: f1c52f8badcbf8a02590cf030c73e8b2 php-5.1.6-3.el4s1.8.i386.rpm 6167cad0145903ca5ce649042bc118e2 php-bcmath-5.1.6-3.el4s1.8.i386.rpm 72d49a3c7a73ee813b4eaf14abec105d php-cli-5.1.6-3.el4s1.8.i386.rpm 6d7b667d87a970e99567dcc2c5dd01c0 php-common-5.1.6-3.el4s1.8.i386.rpm 195c2d08b5b332aaf6dd5b286c7fdc4d php-dba-5.1.6-3.el4s1.8.i386.rpm 3e6ae9b89e1f4c420c23740027719836 php-debuginfo-5.1.6-3.el4s1.8.i386.rpm c5da559c8d4bb7e3e5fa0ca7a0846272 php-devel-5.1.6-3.el4s1.8.i386.rpm 4448f622d41047f70e5efb05092b28e6 php-gd-5.1.6-3.el4s1.8.i386.rpm 13549ef2f56cf39213411c974dc25511 php-imap-5.1.6-3.el4s1.8.i386.rpm 557b76135e9ca5b5be3a068afb176d2c php-ldap-5.1.6-3.el4s1.8.i386.rpm fd5d5c58dfc2ab580d51a33443243120 php-mbstring-5.1.6-3.el4s1.8.i386.rpm 2b48409dce9bdcc6e9af76e512fce9e6 php-mysql-5.1.6-3.el4s1.8.i386.rpm 4c4ca089595dbad0d002b60f92ff687d php-ncurses-5.1.6-3.el4s1.8.i386.rpm 2aa0c5973aa47a0c7389f1a98902eac7 php-odbc-5.1.6-3.el4s1.8.i386.rpm bee9d1881d4e48e013c6b02045212d72 php-pdo-5.1.6-3.el4s1.8.i386.rpm 16cc1a7ea42c1dfa162b04a29b8744f7 php-pgsql-5.1.6-3.el4s1.8.i386.rpm 727852222040bb489a2c422adcd07095 php-snmp-5.1.6-3.el4s1.8.i386.rpm 895121dd4d3467132f8c7d0deb89d03e php-soap-5.1.6-3.el4s1.8.i386.rpm a79fdb3ccceec34644499cd36763cbcb php-xml-5.1.6-3.el4s1.8.i386.rpm 6fbac183b81ce2d0335ff495f6975826 php-xmlrpc-5.1.6-3.el4s1.8.i386.rpm x86_64: a03004e6fc62309fc53c8aed9037ec3c php-5.1.6-3.el4s1.8.x86_64.rpm a7004bcf974fee87a93e29d8f09e2864 php-bcmath-5.1.6-3.el4s1.8.x86_64.rpm 42d8fe8df8fc88fce408e9a74082b1ec php-cli-5.1.6-3.el4s1.8.x86_64.rpm 3fff0d6177109b60b0c71d1674d2b426 php-common-5.1.6-3.el4s1.8.x86_64.rpm 424626a6d5c2cdeadb1bd83dd3625b36 php-dba-5.1.6-3.el4s1.8.x86_64.rpm 40259731512102f696b3ef6f381d5af5 php-debuginfo-5.1.6-3.el4s1.8.x86_64.rpm 27e5b064afba826d0bc730213d4e0a62 php-devel-5.1.6-3.el4s1.8.x86_64.rpm a46bc2a96e2fd3be080c8deeb02417db php-gd-5.1.6-3.el4s1.8.x86_64.rpm dd6b22f140922f0a6eed431215db2f90 php-imap-5.1.6-3.el4s1.8.x86_64.rpm 0a400488fe0e9eca51a37f49b92b8dff php-ldap-5.1.6-3.el4s1.8.x86_64.rpm ad082a623b672b555a1246d71d46fd5b php-mbstring-5.1.6-3.el4s1.8.x86_64.rpm 9d2df5c954e70f58a4cb157f672e1684 php-mysql-5.1.6-3.el4s1.8.x86_64.rpm 0531af6e0d8272df2b9886f8d3dc92fe php-ncurses-5.1.6-3.el4s1.8.x86_64.rpm ac4c00d2126af30777d44cdc8e2a02b4 php-odbc-5.1.6-3.el4s1.8.x86_64.rpm 8224c48bf245ff54f7483cb9c2bf3a2c php-pdo-5.1.6-3.el4s1.8.x86_64.rpm e74d967c5f590b6e5191d65821fd0ce7 php-pgsql-5.1.6-3.el4s1.8.x86_64.rpm d2a65e385b3ea99d833d4af8e8991257 php-snmp-5.1.6-3.el4s1.8.x86_64.rpm 51c6db19ebd3b1a473aaa20670025c26 php-soap-5.1.6-3.el4s1.8.x86_64.rpm 7afc87f20da8aeee286a68be9202ce8b php-xml-5.1.6-3.el4s1.8.x86_64.rpm 1ab5380da805b9cb87ab7879316bddac php-xmlrpc-5.1.6-3.el4s1.8.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.8.src.rpm 5a5a93ea5e81fd4432071154467d55b2 php-5.1.6-3.el4s1.8.src.rpm i386: f1c52f8badcbf8a02590cf030c73e8b2 php-5.1.6-3.el4s1.8.i386.rpm 6167cad0145903ca5ce649042bc118e2 php-bcmath-5.1.6-3.el4s1.8.i386.rpm 72d49a3c7a73ee813b4eaf14abec105d php-cli-5.1.6-3.el4s1.8.i386.rpm 6d7b667d87a970e99567dcc2c5dd01c0 php-common-5.1.6-3.el4s1.8.i386.rpm 195c2d08b5b332aaf6dd5b286c7fdc4d php-dba-5.1.6-3.el4s1.8.i386.rpm 3e6ae9b89e1f4c420c23740027719836 php-debuginfo-5.1.6-3.el4s1.8.i386.rpm c5da559c8d4bb7e3e5fa0ca7a0846272 php-devel-5.1.6-3.el4s1.8.i386.rpm 4448f622d41047f70e5efb05092b28e6 php-gd-5.1.6-3.el4s1.8.i386.rpm 13549ef2f56cf39213411c974dc25511 php-imap-5.1.6-3.el4s1.8.i386.rpm 557b76135e9ca5b5be3a068afb176d2c php-ldap-5.1.6-3.el4s1.8.i386.rpm fd5d5c58dfc2ab580d51a33443243120 php-mbstring-5.1.6-3.el4s1.8.i386.rpm 2b48409dce9bdcc6e9af76e512fce9e6 php-mysql-5.1.6-3.el4s1.8.i386.rpm 4c4ca089595dbad0d002b60f92ff687d php-ncurses-5.1.6-3.el4s1.8.i386.rpm 2aa0c5973aa47a0c7389f1a98902eac7 php-odbc-5.1.6-3.el4s1.8.i386.rpm bee9d1881d4e48e013c6b02045212d72 php-pdo-5.1.6-3.el4s1.8.i386.rpm 16cc1a7ea42c1dfa162b04a29b8744f7 php-pgsql-5.1.6-3.el4s1.8.i386.rpm 727852222040bb489a2c422adcd07095 php-snmp-5.1.6-3.el4s1.8.i386.rpm 895121dd4d3467132f8c7d0deb89d03e php-soap-5.1.6-3.el4s1.8.i386.rpm a79fdb3ccceec34644499cd36763cbcb php-xml-5.1.6-3.el4s1.8.i386.rpm 6fbac183b81ce2d0335ff495f6975826 php-xmlrpc-5.1.6-3.el4s1.8.i386.rpm x86_64: a03004e6fc62309fc53c8aed9037ec3c php-5.1.6-3.el4s1.8.x86_64.rpm a7004bcf974fee87a93e29d8f09e2864 php-bcmath-5.1.6-3.el4s1.8.x86_64.rpm 42d8fe8df8fc88fce408e9a74082b1ec php-cli-5.1.6-3.el4s1.8.x86_64.rpm 3fff0d6177109b60b0c71d1674d2b426 php-common-5.1.6-3.el4s1.8.x86_64.rpm 424626a6d5c2cdeadb1bd83dd3625b36 php-dba-5.1.6-3.el4s1.8.x86_64.rpm 40259731512102f696b3ef6f381d5af5 php-debuginfo-5.1.6-3.el4s1.8.x86_64.rpm 27e5b064afba826d0bc730213d4e0a62 php-devel-5.1.6-3.el4s1.8.x86_64.rpm a46bc2a96e2fd3be080c8deeb02417db php-gd-5.1.6-3.el4s1.8.x86_64.rpm dd6b22f140922f0a6eed431215db2f90 php-imap-5.1.6-3.el4s1.8.x86_64.rpm 0a400488fe0e9eca51a37f49b92b8dff php-ldap-5.1.6-3.el4s1.8.x86_64.rpm ad082a623b672b555a1246d71d46fd5b php-mbstring-5.1.6-3.el4s1.8.x86_64.rpm 9d2df5c954e70f58a4cb157f672e1684 php-mysql-5.1.6-3.el4s1.8.x86_64.rpm 0531af6e0d8272df2b9886f8d3dc92fe php-ncurses-5.1.6-3.el4s1.8.x86_64.rpm ac4c00d2126af30777d44cdc8e2a02b4 php-odbc-5.1.6-3.el4s1.8.x86_64.rpm 8224c48bf245ff54f7483cb9c2bf3a2c php-pdo-5.1.6-3.el4s1.8.x86_64.rpm e74d967c5f590b6e5191d65821fd0ce7 php-pgsql-5.1.6-3.el4s1.8.x86_64.rpm d2a65e385b3ea99d833d4af8e8991257 php-snmp-5.1.6-3.el4s1.8.x86_64.rpm 51c6db19ebd3b1a473aaa20670025c26 php-soap-5.1.6-3.el4s1.8.x86_64.rpm 7afc87f20da8aeee286a68be9202ce8b php-xml-5.1.6-3.el4s1.8.x86_64.rpm 1ab5380da805b9cb87ab7879316bddac php-xmlrpc-5.1.6-3.el4s1.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHINRqXlSAg2UNWIIRAl2HAJ99AyBhycMmHSHZXPMCvKivOQJIswCfYFcJ APrUergEY57qLT89kgf3ANM= =8bza -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 25 17:38:03 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Oct 2007 13:38:03 -0400 Subject: [RHSA-2007:0911-01] Moderate: httpd security update Message-ID: <200710251738.l9PHc3EY010259@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2007:0911-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0911.html Issue date: 2007-10-25 Updated on: 2007-10-25 Product: Red Hat Application Stack CVE Names: CVE-2007-3847 CVE-2007-4465 - --------------------------------------------------------------------- 1. Summary: Updated httpd packages that fix two security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64 3. Problem description: The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) Users of httpd should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 250731 - CVE-2007-3847 httpd out of bounds read 289511 - CVE-2007-4465 mod_autoindex XSS 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/httpd-2.0.59-1.el4s1.8.src.rpm b22d942398339ba1cc053714f1245559 httpd-2.0.59-1.el4s1.8.src.rpm i386: 23b907a015f7b4968a0f2ebe68ddb9bb httpd-2.0.59-1.el4s1.8.i386.rpm dfe9025cfcb1e3f5ee617481267281ac httpd-debuginfo-2.0.59-1.el4s1.8.i386.rpm d29093f7086e36831697065af1ace33b httpd-devel-2.0.59-1.el4s1.8.i386.rpm d7e801938aa2ade0ec8b6de4e38a4191 httpd-manual-2.0.59-1.el4s1.8.i386.rpm 2364d43a57752986156c38a2b2cf1a4d mod_ssl-2.0.59-1.el4s1.8.i386.rpm x86_64: 2692e4c6b432a195b05fabf7c479af69 httpd-2.0.59-1.el4s1.8.x86_64.rpm 2e57ee08b75d10fa8a560658b57504b5 httpd-debuginfo-2.0.59-1.el4s1.8.x86_64.rpm 8f71efc4adbb9d16a8d6575097d54ef1 httpd-devel-2.0.59-1.el4s1.8.x86_64.rpm e5f1af974d7203f476c6592f02f9a640 httpd-manual-2.0.59-1.el4s1.8.x86_64.rpm e99210762a5307b09fff744537ffe14d mod_ssl-2.0.59-1.el4s1.8.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/httpd-2.0.59-1.el4s1.8.src.rpm b22d942398339ba1cc053714f1245559 httpd-2.0.59-1.el4s1.8.src.rpm i386: 23b907a015f7b4968a0f2ebe68ddb9bb httpd-2.0.59-1.el4s1.8.i386.rpm dfe9025cfcb1e3f5ee617481267281ac httpd-debuginfo-2.0.59-1.el4s1.8.i386.rpm d29093f7086e36831697065af1ace33b httpd-devel-2.0.59-1.el4s1.8.i386.rpm d7e801938aa2ade0ec8b6de4e38a4191 httpd-manual-2.0.59-1.el4s1.8.i386.rpm 2364d43a57752986156c38a2b2cf1a4d mod_ssl-2.0.59-1.el4s1.8.i386.rpm x86_64: 2692e4c6b432a195b05fabf7c479af69 httpd-2.0.59-1.el4s1.8.x86_64.rpm 2e57ee08b75d10fa8a560658b57504b5 httpd-debuginfo-2.0.59-1.el4s1.8.x86_64.rpm 8f71efc4adbb9d16a8d6575097d54ef1 httpd-devel-2.0.59-1.el4s1.8.x86_64.rpm e5f1af974d7203f476c6592f02f9a640 httpd-manual-2.0.59-1.el4s1.8.x86_64.rpm e99210762a5307b09fff744537ffe14d mod_ssl-2.0.59-1.el4s1.8.x86_64.rpm Red Hat Application Stack v2 for Enterprise Linux (v.5) : SRPMS: ftp://updates.redhat.com/enterprise//en/RHWAS/SRPMS/httpd-2.2.4-7.el5s2.src.rpm 5b24a23198e69394837c1bffc9a092bd httpd-2.2.4-7.el5s2.src.rpm i386: e24b96db9a4fa7e549685674cf7712fe httpd-2.2.4-7.el5s2.i386.rpm a865d1e5d2c8c3ddfc231559d1f29f59 httpd-debuginfo-2.2.4-7.el5s2.i386.rpm 5f28a8daf0d46d53f4d32fe9e4203da9 httpd-devel-2.2.4-7.el5s2.i386.rpm 5d5a7bb9acc85554a9fc43a3fe91a97d httpd-manual-2.2.4-7.el5s2.i386.rpm a90655c1d69d20a46b81f3ee491a6b36 mod_ssl-2.2.4-7.el5s2.i386.rpm x86_64: 7702abea501f3817ebf45787656acfd9 httpd-2.2.4-7.el5s2.x86_64.rpm a865d1e5d2c8c3ddfc231559d1f29f59 httpd-debuginfo-2.2.4-7.el5s2.i386.rpm 1947e49d5aa632c97b17c5ab7e7239b7 httpd-debuginfo-2.2.4-7.el5s2.x86_64.rpm 5f28a8daf0d46d53f4d32fe9e4203da9 httpd-devel-2.2.4-7.el5s2.i386.rpm bb87b357ca2f0f85dfa2d10fafc80f24 httpd-devel-2.2.4-7.el5s2.x86_64.rpm 2f8bdb1f247c766e46070718e2332144 httpd-manual-2.2.4-7.el5s2.x86_64.rpm 3bde4cb28d3a52c34083fea4225870c1 mod_ssl-2.2.4-7.el5s2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHINRzXlSAg2UNWIIRAmkLAJ9JAw3taJqLWbeyUK+JvxowioMC9wCgs9er Fwh/M5uT9vhYn304aedQnd4= =Ppdm -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 31 13:54:14 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Oct 2007 09:54:14 -0400 Subject: [RHSA-2007:1020-01] Important: cups security and bug fix update Message-ID: <200710311354.l9VDsEFG007021@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: cups security and bug fix update Advisory ID: RHSA-2007:1020-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1020.html Issue date: 2007-10-31 Updated on: 2007-10-31 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4351 - --------------------------------------------------------------------- 1. Summary: Updated CUPS packages that fix a security issue in the Internet Printing Protocol (IPP) handling and correct some bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed: * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the "-odocument-format=..." option. * a memory allocation bug has been fixed in cupsd. * support for UNIX domain sockets authentication without passwords has been added. * in the LSPP configuration, a problem that could lead to cupsd crashing has been fixed. * the error handling in the initscript has been improved. * The job-originating-host-name attribute was not correctly set for jobs submitted via the cups-lpd service. This has been fixed. * a problem with parsing IPv6 addresses in the configuration file has been fixed. * a problem that could lead to cupsd crashing when it failed to open a "file:" URI has been fixed. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 213828 - Cups starts as S55cups, before sshd 228107 - [LSPP] Labels for labeled printing don't linewrap 229673 - [LSPP] cups is overriding mls when querying jobs with lpq -al 230073 - cups-lpd : server-args has no effect 230613 - [LSPP] cups is allowing users to delete other user's job 231522 - [LSPP] cupsd crash 237953 - Wrong init script 240223 - cups-lpd doesn't set 'job-originating-host-name' 241400 - IPV6 addresses not accepted in "Allow From" directives 250415 - cupsd crashes when failing to open a file: URI 345091 - CVE-2007-4351 cups boundary error 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.1.src.rpm d4024b6f80540a02718c91f739a8bf05 cups-1.2.4-11.14.el5_1.1.src.rpm i386: 04105308f4089ea32df6a2d8bf540d5a cups-1.2.4-11.14.el5_1.1.i386.rpm a9214c78f171330d64a2b59932b5ca12 cups-debuginfo-1.2.4-11.14.el5_1.1.i386.rpm b4e79e982cc21036b2848f6ded17ecdd cups-libs-1.2.4-11.14.el5_1.1.i386.rpm 0ad495e3b1565dcdf0f75eac2eb5e8a7 cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm x86_64: 0a7fe3996a0c8ea2feb144fa07f76d98 cups-1.2.4-11.14.el5_1.1.x86_64.rpm a9214c78f171330d64a2b59932b5ca12 cups-debuginfo-1.2.4-11.14.el5_1.1.i386.rpm a3f2712e792df40303b4c861864673c7 cups-debuginfo-1.2.4-11.14.el5_1.1.x86_64.rpm b4e79e982cc21036b2848f6ded17ecdd cups-libs-1.2.4-11.14.el5_1.1.i386.rpm 056a430c4c1308c44c88441639e312b9 cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm c9d27661f6732bda4ae0b30e8f0aa725 cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.1.src.rpm d4024b6f80540a02718c91f739a8bf05 cups-1.2.4-11.14.el5_1.1.src.rpm i386: a9214c78f171330d64a2b59932b5ca12 cups-debuginfo-1.2.4-11.14.el5_1.1.i386.rpm b4fe280e49d3dcf3c63fd54524390a09 cups-devel-1.2.4-11.14.el5_1.1.i386.rpm x86_64: a9214c78f171330d64a2b59932b5ca12 cups-debuginfo-1.2.4-11.14.el5_1.1.i386.rpm a3f2712e792df40303b4c861864673c7 cups-debuginfo-1.2.4-11.14.el5_1.1.x86_64.rpm b4fe280e49d3dcf3c63fd54524390a09 cups-devel-1.2.4-11.14.el5_1.1.i386.rpm 263d1d22a7c9be2f4dbd0c8b43b80e2a cups-devel-1.2.4-11.14.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.2.4-11.14.el5_1.1.src.rpm d4024b6f80540a02718c91f739a8bf05 cups-1.2.4-11.14.el5_1.1.src.rpm i386: 04105308f4089ea32df6a2d8bf540d5a cups-1.2.4-11.14.el5_1.1.i386.rpm a9214c78f171330d64a2b59932b5ca12 cups-debuginfo-1.2.4-11.14.el5_1.1.i386.rpm b4fe280e49d3dcf3c63fd54524390a09 cups-devel-1.2.4-11.14.el5_1.1.i386.rpm b4e79e982cc21036b2848f6ded17ecdd cups-libs-1.2.4-11.14.el5_1.1.i386.rpm 0ad495e3b1565dcdf0f75eac2eb5e8a7 cups-lpd-1.2.4-11.14.el5_1.1.i386.rpm ia64: af37a1ebfdf26598d5897bc9507e78f3 cups-1.2.4-11.14.el5_1.1.ia64.rpm a9214c78f171330d64a2b59932b5ca12 cups-debuginfo-1.2.4-11.14.el5_1.1.i386.rpm 75e856f97b8a1ae6d183ed3d4fdd8d68 cups-debuginfo-1.2.4-11.14.el5_1.1.ia64.rpm 7ac227b7833556eedb6ecba08ba6bca8 cups-devel-1.2.4-11.14.el5_1.1.ia64.rpm b4e79e982cc21036b2848f6ded17ecdd cups-libs-1.2.4-11.14.el5_1.1.i386.rpm 50caa7e5a1665b947b6d4ce812b4c082 cups-libs-1.2.4-11.14.el5_1.1.ia64.rpm 887f0418bc37a56c2d1ac8d718b5f8b2 cups-lpd-1.2.4-11.14.el5_1.1.ia64.rpm ppc: 6aa115515899f2ee4c7cea725a0ccabb cups-1.2.4-11.14.el5_1.1.ppc.rpm fbb63189e62c3639add434d7a9522b25 cups-debuginfo-1.2.4-11.14.el5_1.1.ppc.rpm 0109adc637556efb2ebfc60f345e685f cups-debuginfo-1.2.4-11.14.el5_1.1.ppc64.rpm 3655447b3b729453387439aa0aee91af cups-devel-1.2.4-11.14.el5_1.1.ppc.rpm bd9683c6898cdecf1064bdf9237a26f6 cups-devel-1.2.4-11.14.el5_1.1.ppc64.rpm 55cf96a356456cc9c97260424a180e74 cups-libs-1.2.4-11.14.el5_1.1.ppc.rpm 612f14d317b075c75b3ff6a879569a97 cups-libs-1.2.4-11.14.el5_1.1.ppc64.rpm 9ee96feb5dd1cb42503decbdc776d521 cups-lpd-1.2.4-11.14.el5_1.1.ppc.rpm s390x: cc0e592487e1443afe2632ce8132c200 cups-1.2.4-11.14.el5_1.1.s390x.rpm cb49bab7c8c4d595dbefff730582311d cups-debuginfo-1.2.4-11.14.el5_1.1.s390.rpm d6cd0e3e4eb460f33900ff066142c008 cups-debuginfo-1.2.4-11.14.el5_1.1.s390x.rpm a4e18a2797c91483bffabefcb3bd257c cups-devel-1.2.4-11.14.el5_1.1.s390.rpm 00fbb56f9d73eec63607ea20febfa616 cups-devel-1.2.4-11.14.el5_1.1.s390x.rpm 754c8b7459b07318a7ee21e3947e0197 cups-libs-1.2.4-11.14.el5_1.1.s390.rpm 52ee99fe60dec2c85ef0489642ab5b6e cups-libs-1.2.4-11.14.el5_1.1.s390x.rpm 8779ba5c0746dad6c3899561b807b552 cups-lpd-1.2.4-11.14.el5_1.1.s390x.rpm x86_64: 0a7fe3996a0c8ea2feb144fa07f76d98 cups-1.2.4-11.14.el5_1.1.x86_64.rpm a9214c78f171330d64a2b59932b5ca12 cups-debuginfo-1.2.4-11.14.el5_1.1.i386.rpm a3f2712e792df40303b4c861864673c7 cups-debuginfo-1.2.4-11.14.el5_1.1.x86_64.rpm b4fe280e49d3dcf3c63fd54524390a09 cups-devel-1.2.4-11.14.el5_1.1.i386.rpm 263d1d22a7c9be2f4dbd0c8b43b80e2a cups-devel-1.2.4-11.14.el5_1.1.x86_64.rpm b4e79e982cc21036b2848f6ded17ecdd cups-libs-1.2.4-11.14.el5_1.1.i386.rpm 056a430c4c1308c44c88441639e312b9 cups-libs-1.2.4-11.14.el5_1.1.x86_64.rpm c9d27661f6732bda4ae0b30e8f0aa725 cups-lpd-1.2.4-11.14.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHKIjVXlSAg2UNWIIRApI+AKC3e/KnYzwl6suwIjq8+KhUWOX9MACgxEQ/ 1vakibpF+OBG68Gso2X+FdY= =ib5C -----END PGP SIGNATURE-----