From bugzilla at redhat.com Tue Apr 1 14:13:53 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Apr 2008 10:13:53 -0400 Subject: [RHSA-2008:0192-01] Moderate: cups security update Message-ID: <200804011413.m31EDwYh006202@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security update Advisory ID: RHSA-2008:0192-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0192.html Issue date: 2008-04-01 CVE Names: CVE-2008-0047 CVE-2008-0053 CVE-2008-1373 ===================================================================== 1. Summary: Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the "lp" user. Please note: the default CUPS configuration in Red Hat Enterprise Linux 5 does not allow remote connections to the IPP TCP port. (CVE-2008-0047) Red Hat would like to thank "regenrecht" for reporting this issue. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1373) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 436153 - CVE-2008-0047 cups: heap based buffer overflow in cgiCompileSearch() 438117 - CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter 438303 - CVE-2008-1373 cups: overflow in gif image filter 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.6.src.rpm i386: cups-1.2.4-11.14.el5_1.6.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.i386.rpm cups-libs-1.2.4-11.14.el5_1.6.i386.rpm cups-lpd-1.2.4-11.14.el5_1.6.i386.rpm x86_64: cups-1.2.4-11.14.el5_1.6.x86_64.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.x86_64.rpm cups-libs-1.2.4-11.14.el5_1.6.i386.rpm cups-libs-1.2.4-11.14.el5_1.6.x86_64.rpm cups-lpd-1.2.4-11.14.el5_1.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.6.src.rpm i386: cups-debuginfo-1.2.4-11.14.el5_1.6.i386.rpm cups-devel-1.2.4-11.14.el5_1.6.i386.rpm x86_64: cups-debuginfo-1.2.4-11.14.el5_1.6.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.x86_64.rpm cups-devel-1.2.4-11.14.el5_1.6.i386.rpm cups-devel-1.2.4-11.14.el5_1.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.2.4-11.14.el5_1.6.src.rpm i386: cups-1.2.4-11.14.el5_1.6.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.i386.rpm cups-devel-1.2.4-11.14.el5_1.6.i386.rpm cups-libs-1.2.4-11.14.el5_1.6.i386.rpm cups-lpd-1.2.4-11.14.el5_1.6.i386.rpm ia64: cups-1.2.4-11.14.el5_1.6.ia64.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.ia64.rpm cups-devel-1.2.4-11.14.el5_1.6.ia64.rpm cups-libs-1.2.4-11.14.el5_1.6.i386.rpm cups-libs-1.2.4-11.14.el5_1.6.ia64.rpm cups-lpd-1.2.4-11.14.el5_1.6.ia64.rpm ppc: cups-1.2.4-11.14.el5_1.6.ppc.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.ppc.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.ppc64.rpm cups-devel-1.2.4-11.14.el5_1.6.ppc.rpm cups-devel-1.2.4-11.14.el5_1.6.ppc64.rpm cups-libs-1.2.4-11.14.el5_1.6.ppc.rpm cups-libs-1.2.4-11.14.el5_1.6.ppc64.rpm cups-lpd-1.2.4-11.14.el5_1.6.ppc.rpm s390x: cups-1.2.4-11.14.el5_1.6.s390x.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.s390.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.s390x.rpm cups-devel-1.2.4-11.14.el5_1.6.s390.rpm cups-devel-1.2.4-11.14.el5_1.6.s390x.rpm cups-libs-1.2.4-11.14.el5_1.6.s390.rpm cups-libs-1.2.4-11.14.el5_1.6.s390x.rpm cups-lpd-1.2.4-11.14.el5_1.6.s390x.rpm x86_64: cups-1.2.4-11.14.el5_1.6.x86_64.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.6.x86_64.rpm cups-devel-1.2.4-11.14.el5_1.6.i386.rpm cups-devel-1.2.4-11.14.el5_1.6.x86_64.rpm cups-libs-1.2.4-11.14.el5_1.6.i386.rpm cups-libs-1.2.4-11.14.el5_1.6.x86_64.rpm cups-lpd-1.2.4-11.14.el5_1.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH8kMSXlSAg2UNWIIRAr/jAKCUq0MUvNRjvMfgXbM/3Fv8Jvy8cwCgjPnn QBHQj9XKMSuxQyHgxr1EBk4= =JMg9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 1 14:27:25 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Apr 2008 10:27:25 -0400 Subject: [RHSA-2008:0193-02] Important: lspp-eal4-config-ibm and capp-lspp-eal4-config-hp security update Message-ID: <200804011427.m31ERPQ5008855@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: lspp-eal4-config-ibm and capp-lspp-eal4-config-hp security update Advisory ID: RHSA-2008:0193-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0193.html Issue date: 2008-04-01 CVE Names: CVE-2008-0884 ===================================================================== 1. Summary: Updated lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Description: The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain utilities and documentation for configuring a machine for the Controlled Access Protection Profile, or the Labeled Security Protection Profile. It was discovered that use of the "capp-lspp-config" script results in the "/etc/pam.d/system-auth" file being set to world-writable. Authorized local users who have limited privileges could then exploit this to gain additional access, or to escalate their privileges. (CVE-2008-0884) This issue only affects users who have installed either of these packages from the Red Hat FTP site as their base system configuration kickstart script. New deployments using the lspp-eal4-config-ibm or capp-lspp-eal4-config-hp packages are advised to upgrade to these updated packages, which resolve this issue. For systems already deployed, the following command can be run as root to restore the permissions to a secure setting: chmod 0644 /etc/pam.d/system-auth 3. Solution: This update is available via the Red Hat FTP site. ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/IBM/RPMS/lspp-eal4-config-ibm-0.65-2.el5.noarch.rpm ftp://ftp.redhat.com/pub/redhat/linux/eal/EAL4_RHEL5/HP/RPMS/capp-lspp-eal4-config-hp-0.65-2.el5.noarch.rpm 4. Bugs fixed (http://bugzilla.redhat.com/): 435442 - CVE-2008-0884 system-auth-ac is world-writable 5. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0884 http://www.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH8kZFXlSAg2UNWIIRAhk8AJ96YmzPO8oVcWsXCmpZOM4KSIsoQQCfSEjv dFSW0Ib6HTU9LOAVdS/Q7Tk= =xphM -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 1 14:27:37 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Apr 2008 10:27:37 -0400 Subject: [RHSA-2008:0206-01] Moderate: cups security update Message-ID: <200804011427.m31ERbCQ008873@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security update Advisory ID: RHSA-2008:0206-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0206.html Issue date: 2008-04-01 CVE Names: CVE-2008-0053 CVE-2008-1373 CVE-2008-1374 ===================================================================== 1. Summary: Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1373) It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the "pdftops" filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1374) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 438117 - CVE-2008-0053 cups: buffer overflows in HP-GL/2 filter 438303 - CVE-2008-1373 cups: overflow in gif image filter 438336 - CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.52.src.rpm i386: cups-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-devel-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.i386.rpm ia64: cups-1.1.17-13.3.52.ia64.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.ia64.rpm cups-devel-1.1.17-13.3.52.ia64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.ia64.rpm ppc: cups-1.1.17-13.3.52.ppc.rpm cups-debuginfo-1.1.17-13.3.52.ppc.rpm cups-debuginfo-1.1.17-13.3.52.ppc64.rpm cups-devel-1.1.17-13.3.52.ppc.rpm cups-libs-1.1.17-13.3.52.ppc.rpm cups-libs-1.1.17-13.3.52.ppc64.rpm s390: cups-1.1.17-13.3.52.s390.rpm cups-debuginfo-1.1.17-13.3.52.s390.rpm cups-devel-1.1.17-13.3.52.s390.rpm cups-libs-1.1.17-13.3.52.s390.rpm s390x: cups-1.1.17-13.3.52.s390x.rpm cups-debuginfo-1.1.17-13.3.52.s390.rpm cups-debuginfo-1.1.17-13.3.52.s390x.rpm cups-devel-1.1.17-13.3.52.s390x.rpm cups-libs-1.1.17-13.3.52.s390.rpm cups-libs-1.1.17-13.3.52.s390x.rpm x86_64: cups-1.1.17-13.3.52.x86_64.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.x86_64.rpm cups-devel-1.1.17-13.3.52.x86_64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.52.src.rpm i386: cups-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-devel-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.i386.rpm x86_64: cups-1.1.17-13.3.52.x86_64.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.x86_64.rpm cups-devel-1.1.17-13.3.52.x86_64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.52.src.rpm i386: cups-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-devel-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.i386.rpm ia64: cups-1.1.17-13.3.52.ia64.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.ia64.rpm cups-devel-1.1.17-13.3.52.ia64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.ia64.rpm x86_64: cups-1.1.17-13.3.52.x86_64.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.x86_64.rpm cups-devel-1.1.17-13.3.52.x86_64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.52.src.rpm i386: cups-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-devel-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.i386.rpm ia64: cups-1.1.17-13.3.52.ia64.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.ia64.rpm cups-devel-1.1.17-13.3.52.ia64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.ia64.rpm x86_64: cups-1.1.17-13.3.52.x86_64.rpm cups-debuginfo-1.1.17-13.3.52.i386.rpm cups-debuginfo-1.1.17-13.3.52.x86_64.rpm cups-devel-1.1.17-13.3.52.x86_64.rpm cups-libs-1.1.17-13.3.52.i386.rpm cups-libs-1.1.17-13.3.52.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm ia64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm ppc: cups-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.ppc64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ppc.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ppc64.rpm s390: cups-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm s390x: cups-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.s390x.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm ia64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.6.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm ia64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.ia64.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1374 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH8kZTXlSAg2UNWIIRAlHOAJ46SFS3kExM7B27z3s0KMApjTvNjACdFGLd P0gRc/mNL9tsw9g2qn0qWRo= =dvVS -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 2 11:35:05 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Apr 2008 07:35:05 -0400 Subject: [RHSA-2008:0197-01] Moderate: gnome-screensaver security update Message-ID: <200804021135.m32BZ55h013859@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnome-screensaver security update Advisory ID: RHSA-2008:0197-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0197.html Issue date: 2008-04-02 CVE Names: CVE-2008-0887 ===================================================================== 1. Summary: An updated gnome-screensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: gnome-screensaver is the GNOME project's official screen saver program. A flaw was found in the way gnome-screensaver verified user passwords. When a system used a remote directory service for login credentials, a local attacker able to cause a network outage could cause gnome-screensaver to crash, unlocking the screen. (CVE-2008-0887) Users of gnome-screensaver should upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 435773 - CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnome-screensaver-2.16.1-5.el5_1.1.src.rpm i386: gnome-screensaver-2.16.1-5.el5_1.1.i386.rpm gnome-screensaver-debuginfo-2.16.1-5.el5_1.1.i386.rpm x86_64: gnome-screensaver-2.16.1-5.el5_1.1.x86_64.rpm gnome-screensaver-debuginfo-2.16.1-5.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnome-screensaver-2.16.1-5.el5_1.1.src.rpm i386: gnome-screensaver-2.16.1-5.el5_1.1.i386.rpm gnome-screensaver-debuginfo-2.16.1-5.el5_1.1.i386.rpm ia64: gnome-screensaver-2.16.1-5.el5_1.1.ia64.rpm gnome-screensaver-debuginfo-2.16.1-5.el5_1.1.ia64.rpm ppc: gnome-screensaver-2.16.1-5.el5_1.1.ppc.rpm gnome-screensaver-debuginfo-2.16.1-5.el5_1.1.ppc.rpm s390x: gnome-screensaver-2.16.1-5.el5_1.1.s390x.rpm gnome-screensaver-debuginfo-2.16.1-5.el5_1.1.s390x.rpm x86_64: gnome-screensaver-2.16.1-5.el5_1.1.x86_64.rpm gnome-screensaver-debuginfo-2.16.1-5.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH829fXlSAg2UNWIIRAkGXAJ94refemDJc1ZHtdt0pDU4KGVy/mQCffONl OTW8oHJdUIeFKM0mRDY+/7s= =+g5y -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 3 16:19:56 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Apr 2008 12:19:56 -0400 Subject: [RHSA-2008:0209-01] Moderate: thunderbird security update Message-ID: <200804031619.m33GJuvn003469@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2008:0209-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0209.html Issue date: 2008-04-03 CVE Names: CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1241 ===================================================================== 1. Summary: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially-crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution 438715 - CVE-2008-1234 universal XSS using event handlers 438717 - CVE-2008-1235 chrome privilege via wrong principal 438718 - CVE-2008-1236 browser engine crashes 438721 - CVE-2008-1237 javascript crashes 438724 - CVE-2008-1238 Referrer spoofing bug 438730 - CVE-2008-1241 XUL popup spoofing 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-10.el4.src.rpm i386: thunderbird-1.5.0.12-10.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-10.el4.i386.rpm ia64: thunderbird-1.5.0.12-10.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-10.el4.ia64.rpm ppc: thunderbird-1.5.0.12-10.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-10.el4.ppc.rpm s390: thunderbird-1.5.0.12-10.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-10.el4.s390.rpm s390x: thunderbird-1.5.0.12-10.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-10.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-10.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-10.el4.src.rpm i386: thunderbird-1.5.0.12-10.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-10.el4.i386.rpm x86_64: thunderbird-1.5.0.12-10.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-10.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-10.el4.src.rpm i386: thunderbird-1.5.0.12-10.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-10.el4.i386.rpm ia64: thunderbird-1.5.0.12-10.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-10.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-10.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-10.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-10.el4.src.rpm i386: thunderbird-1.5.0.12-10.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-10.el4.i386.rpm ia64: thunderbird-1.5.0.12-10.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-10.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-10.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-1.5.0.12-11.el5_1.src.rpm i386: thunderbird-1.5.0.12-11.el5_1.i386.rpm thunderbird-debuginfo-1.5.0.12-11.el5_1.i386.rpm x86_64: thunderbird-1.5.0.12-11.el5_1.x86_64.rpm thunderbird-debuginfo-1.5.0.12-11.el5_1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-1.5.0.12-11.el5_1.src.rpm i386: thunderbird-1.5.0.12-11.el5_1.i386.rpm thunderbird-debuginfo-1.5.0.12-11.el5_1.i386.rpm x86_64: thunderbird-1.5.0.12-11.el5_1.x86_64.rpm thunderbird-debuginfo-1.5.0.12-11.el5_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH9QOoXlSAg2UNWIIRAgDMAKC/9F4HioOnN++7eHJ0g/ujaq4OuQCdHH8D /NhwwTWCPX4aYTWyIK1IkMY= =jioU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 3 16:20:09 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Apr 2008 12:20:09 -0400 Subject: [RHSA-2008:0210-01] Critical: java-1.5.0-ibm security update Message-ID: <200804031620.m33GK92p003947@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2008:0210-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0210.html Issue date: 2008-04-03 CVE Names: CVE-2008-0657 CVE-2008-1187 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190 CVE-2008-1192 CVE-2008-1193 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 3. Description: IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Two vulnerabilities in the Java Runtime Environment allowed an untrusted application or applet to elevate the assigned privileges. This could be misused by a malicious website to read and write local files or execute local applications in the context of the user running the Java process. (CVE-2008-0657) A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) Several buffer overflow flaws were found in Java Web Start (JWS). An untrusted JNLP application could access local files or execute local applications accessible to the user running the JRE. (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1196) A flaw was found in the Java Plug-in. A remote attacker could bypass the same origin policy, executing arbitrary code with the permissions of the user running the JRE. (CVE-2008-1192) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possible execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The JRE allowed untrusted JavaScript code to create local network connections by the use of Java APIs. A remote attacker could use these flaws to acesss local network services. (CVE-2008-1195) All users of java-ibm-1.5.0 are advised to upgrade to these updated packages, that contain IBM's 1.5.0 SR7 Java release which resolves these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 431861 - CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation 436293 - CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190) 436295 - CVE-2008-1192 Java Plugin same-origin-policy bypass 436296 - CVE-2008-1193 JRE image parsing library allows privilege escalation (CVE-2008-1194) 436299 - CVE-2008-1195 Java-API calls in untrusted Javascript allow network privilege escalation 436302 - CVE-2008-1196 Buffer overflow security vulnerabilities in Java Web Start 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.ppc.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.ppc.rpm s390: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.s390.rpm java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH9QO3XlSAg2UNWIIRAnkOAJ0d/HeCQUeGi+4dXTkMl7s6Dxno5ACgvdyt aXpv/8vVlFUVptr6/6VTCs4= =o/Ah -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 3 16:20:24 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Apr 2008 12:20:24 -0400 Subject: [RHSA-2008:0218-01] Moderate: gnome-screensaver security update Message-ID: <200804031620.m33GKOIo003959@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnome-screensaver security update Advisory ID: RHSA-2008:0218-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0218.html Issue date: 2008-04-03 CVE Names: CVE-2008-0887 ===================================================================== 1. Summary: An updated gnome-screensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux FasTrack 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: gnome-screensaver is the GNOME project's official screen saver program. A flaw was found in the way gnome-screensaver verified user passwords. When a system used a remote directory service for login credentials, a local attacker able to cause a network outage could cause gnome-screensaver to crash, unlocking the screen. (CVE-2008-0887) Users of gnome-screensaver should upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 435773 - CVE-2008-0887 gnome-screensaver using NIS auth will unlock if NIS goes away 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnome-screensaver-2.16.1-8.el5.src.rpm i386: gnome-screensaver-2.16.1-8.el5.i386.rpm gnome-screensaver-debuginfo-2.16.1-8.el5.i386.rpm x86_64: gnome-screensaver-2.16.1-8.el5.x86_64.rpm gnome-screensaver-debuginfo-2.16.1-8.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnome-screensaver-2.16.1-8.el5.src.rpm i386: gnome-screensaver-2.16.1-8.el5.i386.rpm gnome-screensaver-debuginfo-2.16.1-8.el5.i386.rpm ia64: gnome-screensaver-2.16.1-8.el5.ia64.rpm gnome-screensaver-debuginfo-2.16.1-8.el5.ia64.rpm ppc: gnome-screensaver-2.16.1-8.el5.ppc.rpm gnome-screensaver-debuginfo-2.16.1-8.el5.ppc.rpm s390x: gnome-screensaver-2.16.1-8.el5.s390x.rpm gnome-screensaver-debuginfo-2.16.1-8.el5.s390x.rpm x86_64: gnome-screensaver-2.16.1-8.el5.x86_64.rpm gnome-screensaver-debuginfo-2.16.1-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH9QPBXlSAg2UNWIIRAmk5AKCXJOWO7yMTmoDGlBrof21BJcklGgCfTYGM ex4Ey9P4nmDR2btgbveAByQ= =Wx8j -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 8 23:48:59 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Apr 2008 19:48:59 -0400 Subject: [RHSA-2008:0214-01] Moderate: squid security update Message-ID: <200804082348.m38NmxvM023718@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2008:0214-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0214.html Issue date: 2008-04-08 CVE Names: CVE-2008-1612 ===================================================================== 1. Summary: Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A flaw was found in the way squid manipulated HTTP headers for cached objects stored in system memory. An attacker could use this flaw to cause a squid child process to exit. This interrupted existing connections and made proxy services unavailable. Note: the parent squid process started a new child process, so this attack only resulted in a temporary denial of service. (CVE-2008-1612) Users of squid are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 439801 - CVE-2008-1612 squid: regression in SQUID-2007:2 / CVE-2007-6239 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/squid-2.4.STABLE7-1.21as.12.src.rpm i386: squid-2.4.STABLE7-1.21as.12.i386.rpm ia64: squid-2.4.STABLE7-1.21as.12.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/squid-2.4.STABLE7-1.21as.12.src.rpm ia64: squid-2.4.STABLE7-1.21as.12.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/squid-2.4.STABLE7-1.21as.12.src.rpm i386: squid-2.4.STABLE7-1.21as.12.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-9.3E.src.rpm i386: squid-2.5.STABLE3-9.3E.i386.rpm squid-debuginfo-2.5.STABLE3-9.3E.i386.rpm ia64: squid-2.5.STABLE3-9.3E.ia64.rpm squid-debuginfo-2.5.STABLE3-9.3E.ia64.rpm ppc: squid-2.5.STABLE3-9.3E.ppc.rpm squid-debuginfo-2.5.STABLE3-9.3E.ppc.rpm s390: squid-2.5.STABLE3-9.3E.s390.rpm squid-debuginfo-2.5.STABLE3-9.3E.s390.rpm s390x: squid-2.5.STABLE3-9.3E.s390x.rpm squid-debuginfo-2.5.STABLE3-9.3E.s390x.rpm x86_64: squid-2.5.STABLE3-9.3E.x86_64.rpm squid-debuginfo-2.5.STABLE3-9.3E.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-9.3E.src.rpm i386: squid-2.5.STABLE3-9.3E.i386.rpm squid-debuginfo-2.5.STABLE3-9.3E.i386.rpm x86_64: squid-2.5.STABLE3-9.3E.x86_64.rpm squid-debuginfo-2.5.STABLE3-9.3E.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-9.3E.src.rpm i386: squid-2.5.STABLE3-9.3E.i386.rpm squid-debuginfo-2.5.STABLE3-9.3E.i386.rpm ia64: squid-2.5.STABLE3-9.3E.ia64.rpm squid-debuginfo-2.5.STABLE3-9.3E.ia64.rpm x86_64: squid-2.5.STABLE3-9.3E.x86_64.rpm squid-debuginfo-2.5.STABLE3-9.3E.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-9.3E.src.rpm i386: squid-2.5.STABLE3-9.3E.i386.rpm squid-debuginfo-2.5.STABLE3-9.3E.i386.rpm ia64: squid-2.5.STABLE3-9.3E.ia64.rpm squid-debuginfo-2.5.STABLE3-9.3E.ia64.rpm x86_64: squid-2.5.STABLE3-9.3E.x86_64.rpm squid-debuginfo-2.5.STABLE3-9.3E.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm i386: squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.i386.rpm ia64: squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm ppc: squid-2.5.STABLE14-1.4E.el4_6.2.ppc.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.ppc.rpm s390: squid-2.5.STABLE14-1.4E.el4_6.2.s390.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.s390.rpm s390x: squid-2.5.STABLE14-1.4E.el4_6.2.s390x.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.s390x.rpm x86_64: squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm i386: squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.i386.rpm x86_64: squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm i386: squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.i386.rpm ia64: squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm x86_64: squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.2.src.rpm i386: squid-2.5.STABLE14-1.4E.el4_6.2.i386.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.i386.rpm ia64: squid-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.ia64.rpm x86_64: squid-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm squid-debuginfo-2.5.STABLE14-1.4E.el4_6.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/squid-2.6.STABLE6-5.el5_1.3.src.rpm i386: squid-2.6.STABLE6-5.el5_1.3.i386.rpm squid-debuginfo-2.6.STABLE6-5.el5_1.3.i386.rpm x86_64: squid-2.6.STABLE6-5.el5_1.3.x86_64.rpm squid-debuginfo-2.6.STABLE6-5.el5_1.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/squid-2.6.STABLE6-5.el5_1.3.src.rpm i386: squid-2.6.STABLE6-5.el5_1.3.i386.rpm squid-debuginfo-2.6.STABLE6-5.el5_1.3.i386.rpm ia64: squid-2.6.STABLE6-5.el5_1.3.ia64.rpm squid-debuginfo-2.6.STABLE6-5.el5_1.3.ia64.rpm ppc: squid-2.6.STABLE6-5.el5_1.3.ppc.rpm squid-debuginfo-2.6.STABLE6-5.el5_1.3.ppc.rpm s390x: squid-2.6.STABLE6-5.el5_1.3.s390x.rpm squid-debuginfo-2.6.STABLE6-5.el5_1.3.s390x.rpm x86_64: squid-2.6.STABLE6-5.el5_1.3.x86_64.rpm squid-debuginfo-2.6.STABLE6-5.el5_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH/ARpXlSAg2UNWIIRAjK0AKC7xio2YpU6n0z07cpSrarLTnTDvQCePf9z igH8itRYtHb0Av0cub7EbTw= =X+WS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 8 23:49:08 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Apr 2008 19:49:08 -0400 Subject: [RHSA-2008:0221-01] Critical: flash-plugin security update Message-ID: <200804082349.m38Nn8Ou023729@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2008:0221-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0221.html Issue date: 2008-04-08 CVE Names: CVE-2007-5275 CVE-2007-6243 CVE-2007-6637 CVE-2007-6019 CVE-2007-0071 CVE-2008-1655 CVE-2008-1654 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Desktop version 3 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. Several input validation flaws were found in the way Flash Player displayed certain content. These may have made it possible to execute arbitrary code on a victim's machine, if the victim opened a malicious Adobe Flash file. (CVE-2007-0071, CVE-2007-6019) A flaw was found in the way Flash Player established TCP sessions to remote hosts. A remote attacker could, consequently, use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655) A flaw was found in the way Flash Player restricted the interpretation and usage of cross-domain policy files. A remote attacker could use Flash Player to conduct cross-domain and cross-site scripting attacks. (CVE-2007-6243, CVE-2008-1654) A flaw was found in the way Flash Player interacted with web browsers. An attacker could use malicious content presented by Flash Player to conduct a cross-site scripting attack. (CVE-2007-6637) All users of Adobe Flash Player should upgrade to this updated package, which contains Flash Player version 9.0.124.0 and resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 367501 - CVE-2007-5275 Flash plugin DNS rebinding 440664 - CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws 440666 - CVE-2007-6637 Flash Player content injection flaw 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm Red Hat Desktop version 3 Extras: i386: flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: flash-plugin-9.0.124.0-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: flash-plugin-9.0.124.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: flash-plugin-9.0.124.0-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: flash-plugin-9.0.124.0-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: flash-plugin-9.0.124.0-1.el5.i386.rpm x86_64: flash-plugin-9.0.124.0-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: flash-plugin-9.0.124.0-1.el5.i386.rpm x86_64: flash-plugin-9.0.124.0-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFH/ARyXlSAg2UNWIIRAmH9AJoDh5tWbwt6UKTo3TWp6uXO5mY5EgCgsBuv lK7I9GdvxAw8ySpOHybYFRk= =zuAv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 01:45:39 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Apr 2008 21:45:39 -0400 Subject: [RHSA-2008:0145-01] Moderate: ImageMagick security update Message-ID: <200804170145.m3H1jd0U006123@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ImageMagick security update Advisory ID: RHSA-2008:0145-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0145.html Issue date: 2008-04-16 Keywords: heap stack buffer integer overflow CVE Names: CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097 ===================================================================== 1. Summary: Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim's machine. (CVE-2007-1797) Several denial of service flaws were found in ImageMagick's parsing of XCF and DCM files. Attempting to process a specially-crafted input file in these formats could cause ImageMagick to enter an infinite loop. (CVE-2007-4985) Several integer overflow flaws were found in ImageMagick. If a victim opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4986) An integer overflow flaw was found in ImageMagick's DIB parsing code. If a victim opened a specially-crafted DIB file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4988) A heap-based buffer overflow flaw was found in the way ImageMagick parsed XCF files. If a specially-crafted XCF image was opened, ImageMagick could be made to overwrite heap memory beyond the bounds of its allocated memory. This could, potentially, allow an attacker to execute arbitrary code on the machine running ImageMagick. (CVE-2008-1096) A heap-based buffer overflow flaw was found in ImageMagick's processing of certain malformed PCX images. If a victim opened a specially-crafted PCX file, an attacker could possibly execute arbitrary code on the victim's machine. (CVE-2008-1097) All users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 235071 - CVE-2007-1797 Heap overflow in ImageMagick's DCM and XWD coders 285861 - CVE-2008-1097 Memory corruption in ImageMagick's PCX coder 286411 - CVE-2008-1096 Out of bound write in ImageMagick's XCF coder 310081 - CVE-2007-4988 Integer overflow in ImageMagick's DIB coder 310091 - CVE-2007-4985 Infinite loops in ImageMagick's XCF and DCM coders 310121 - CVE-2007-4986 Multiple integer overflows in ImageMagick 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-28.src.rpm i386: ImageMagick-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-devel-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-devel-5.5.6-28.i386.rpm ImageMagick-perl-5.5.6-28.i386.rpm ia64: ImageMagick-5.5.6-28.i386.rpm ImageMagick-5.5.6-28.ia64.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.ia64.rpm ImageMagick-c++-devel-5.5.6-28.ia64.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.ia64.rpm ImageMagick-devel-5.5.6-28.ia64.rpm ImageMagick-perl-5.5.6-28.ia64.rpm ppc: ImageMagick-5.5.6-28.ppc.rpm ImageMagick-5.5.6-28.ppc64.rpm ImageMagick-c++-5.5.6-28.ppc.rpm ImageMagick-c++-5.5.6-28.ppc64.rpm ImageMagick-c++-devel-5.5.6-28.ppc.rpm ImageMagick-debuginfo-5.5.6-28.ppc.rpm ImageMagick-debuginfo-5.5.6-28.ppc64.rpm ImageMagick-devel-5.5.6-28.ppc.rpm ImageMagick-perl-5.5.6-28.ppc.rpm s390: ImageMagick-5.5.6-28.s390.rpm ImageMagick-c++-5.5.6-28.s390.rpm ImageMagick-c++-devel-5.5.6-28.s390.rpm ImageMagick-debuginfo-5.5.6-28.s390.rpm ImageMagick-devel-5.5.6-28.s390.rpm ImageMagick-perl-5.5.6-28.s390.rpm s390x: ImageMagick-5.5.6-28.s390.rpm ImageMagick-5.5.6-28.s390x.rpm ImageMagick-c++-5.5.6-28.s390.rpm ImageMagick-c++-5.5.6-28.s390x.rpm ImageMagick-c++-devel-5.5.6-28.s390x.rpm ImageMagick-debuginfo-5.5.6-28.s390.rpm ImageMagick-debuginfo-5.5.6-28.s390x.rpm ImageMagick-devel-5.5.6-28.s390x.rpm ImageMagick-perl-5.5.6-28.s390x.rpm x86_64: ImageMagick-5.5.6-28.i386.rpm ImageMagick-5.5.6-28.x86_64.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.x86_64.rpm ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.x86_64.rpm ImageMagick-devel-5.5.6-28.x86_64.rpm ImageMagick-perl-5.5.6-28.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-28.src.rpm i386: ImageMagick-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-devel-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-devel-5.5.6-28.i386.rpm ImageMagick-perl-5.5.6-28.i386.rpm x86_64: ImageMagick-5.5.6-28.i386.rpm ImageMagick-5.5.6-28.x86_64.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.x86_64.rpm ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.x86_64.rpm ImageMagick-devel-5.5.6-28.x86_64.rpm ImageMagick-perl-5.5.6-28.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-28.src.rpm i386: ImageMagick-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-devel-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-devel-5.5.6-28.i386.rpm ImageMagick-perl-5.5.6-28.i386.rpm ia64: ImageMagick-5.5.6-28.i386.rpm ImageMagick-5.5.6-28.ia64.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.ia64.rpm ImageMagick-c++-devel-5.5.6-28.ia64.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.ia64.rpm ImageMagick-devel-5.5.6-28.ia64.rpm ImageMagick-perl-5.5.6-28.ia64.rpm x86_64: ImageMagick-5.5.6-28.i386.rpm ImageMagick-5.5.6-28.x86_64.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.x86_64.rpm ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.x86_64.rpm ImageMagick-devel-5.5.6-28.x86_64.rpm ImageMagick-perl-5.5.6-28.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-28.src.rpm i386: ImageMagick-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-devel-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-devel-5.5.6-28.i386.rpm ImageMagick-perl-5.5.6-28.i386.rpm ia64: ImageMagick-5.5.6-28.i386.rpm ImageMagick-5.5.6-28.ia64.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.ia64.rpm ImageMagick-c++-devel-5.5.6-28.ia64.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.ia64.rpm ImageMagick-devel-5.5.6-28.ia64.rpm ImageMagick-perl-5.5.6-28.ia64.rpm x86_64: ImageMagick-5.5.6-28.i386.rpm ImageMagick-5.5.6-28.x86_64.rpm ImageMagick-c++-5.5.6-28.i386.rpm ImageMagick-c++-5.5.6-28.x86_64.rpm ImageMagick-c++-devel-5.5.6-28.x86_64.rpm ImageMagick-debuginfo-5.5.6-28.i386.rpm ImageMagick-debuginfo-5.5.6-28.x86_64.rpm ImageMagick-devel-5.5.6-28.x86_64.rpm ImageMagick-perl-5.5.6-28.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-17.el4_6.1.src.rpm i386: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm ia64: ImageMagick-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.ia64.rpm ppc: ImageMagick-6.0.7.1-17.el4_6.1.ppc.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.ppc.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ppc.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.ppc.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.ppc.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.ppc.rpm s390: ImageMagick-6.0.7.1-17.el4_6.1.s390.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.s390.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.s390.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.s390.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.s390.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.s390.rpm s390x: ImageMagick-6.0.7.1-17.el4_6.1.s390x.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.s390x.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.s390x.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.s390x.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.s390x.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.s390x.rpm x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-17.el4_6.1.src.rpm i386: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-17.el4_6.1.src.rpm i386: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm ia64: ImageMagick-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.ia64.rpm x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-17.el4_6.1.src.rpm i386: ImageMagick-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.i386.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.i386.rpm ia64: ImageMagick-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.ia64.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.ia64.rpm x86_64: ImageMagick-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-c++-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-debuginfo-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-devel-6.0.7.1-17.el4_6.1.x86_64.rpm ImageMagick-perl-6.0.7.1-17.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ImageMagick-6.2.8.0-4.el5_1.1.src.rpm i386: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-perl-6.2.8.0-4.el5_1.1.i386.rpm x86_64: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-perl-6.2.8.0-4.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ImageMagick-6.2.8.0-4.el5_1.1.src.rpm i386: ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm x86_64: ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ImageMagick-6.2.8.0-4.el5_1.1.src.rpm i386: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-perl-6.2.8.0-4.el5_1.1.i386.rpm ia64: ImageMagick-6.2.8.0-4.el5_1.1.ia64.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.ia64.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.ia64.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.ia64.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.ia64.rpm ImageMagick-perl-6.2.8.0-4.el5_1.1.ia64.rpm ppc: ImageMagick-6.2.8.0-4.el5_1.1.ppc.rpm ImageMagick-6.2.8.0-4.el5_1.1.ppc64.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.ppc.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.ppc64.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.ppc.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.ppc64.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.ppc.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.ppc64.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.ppc.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.ppc64.rpm ImageMagick-perl-6.2.8.0-4.el5_1.1.ppc.rpm s390x: ImageMagick-6.2.8.0-4.el5_1.1.s390.rpm ImageMagick-6.2.8.0-4.el5_1.1.s390x.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.s390.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.s390x.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.s390.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.s390x.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.s390.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.s390x.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.s390.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.s390x.rpm ImageMagick-perl-6.2.8.0-4.el5_1.1.s390x.rpm x86_64: ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-c++-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-debuginfo-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm ImageMagick-devel-6.2.8.0-4.el5_1.1.x86_64.rpm ImageMagick-perl-6.2.8.0-4.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIBqvBXlSAg2UNWIIRAlWiAJ0XTtcfcFxNL6GWXQbsVDcX53PlPwCfX8oj xfBG7uWthWpzS3H+9kH8aq8= =x9+n -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 01:45:48 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Apr 2008 21:45:48 -0400 Subject: [RHSA-2008:0165-01] Moderate: ImageMagick security update Message-ID: <200804170145.m3H1jmLo006146@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ImageMagick security update Advisory ID: RHSA-2008:0165-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0165.html Issue date: 2008-04-16 Keywords: heap stack buffer integer overflow CVE Names: CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2008-1097 ===================================================================== 1. Summary: Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux version 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Description: ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially-crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim's machine. (CVE-2007-1797) Several denial of service flaws were found in ImageMagick's parsing of XCF and DCM files. Attempting to process a specially crafted input file in these formats could cause ImageMagick to enter an infinite loop. (CVE-2007-4985) Several integer overflow flaws were found in ImageMagick. If a victim opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4986) A heap-based buffer overflow flaw was found in ImageMagick's processing of certain malformed PCX images. If a victim opened a specially-crafted PCX file, an attacker could possibly execute arbitrary code with the privileges of the user running ImageMagick.. (CVE-2008-1097) All users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 235071 - CVE-2007-1797 Heap overflow in ImageMagick's DCM and XWD coders 285861 - CVE-2008-1097 Memory corruption in ImageMagick's PCX coder 310091 - CVE-2007-4985 Infinite loops in ImageMagick's XCF and DCM coders 310121 - CVE-2007-4986 Multiple integer overflows in ImageMagick 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-21.src.rpm i386: ImageMagick-5.3.8-21.i386.rpm ImageMagick-c++-5.3.8-21.i386.rpm ImageMagick-c++-devel-5.3.8-21.i386.rpm ImageMagick-devel-5.3.8-21.i386.rpm ImageMagick-perl-5.3.8-21.i386.rpm ia64: ImageMagick-5.3.8-21.ia64.rpm ImageMagick-c++-5.3.8-21.ia64.rpm ImageMagick-c++-devel-5.3.8-21.ia64.rpm ImageMagick-devel-5.3.8-21.ia64.rpm ImageMagick-perl-5.3.8-21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-21.src.rpm ia64: ImageMagick-5.3.8-21.ia64.rpm ImageMagick-c++-5.3.8-21.ia64.rpm ImageMagick-c++-devel-5.3.8-21.ia64.rpm ImageMagick-devel-5.3.8-21.ia64.rpm ImageMagick-perl-5.3.8-21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-21.src.rpm i386: ImageMagick-5.3.8-21.i386.rpm ImageMagick-c++-5.3.8-21.i386.rpm ImageMagick-c++-devel-5.3.8-21.i386.rpm ImageMagick-devel-5.3.8-21.i386.rpm ImageMagick-perl-5.3.8-21.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-21.src.rpm i386: ImageMagick-5.3.8-21.i386.rpm ImageMagick-c++-5.3.8-21.i386.rpm ImageMagick-c++-devel-5.3.8-21.i386.rpm ImageMagick-devel-5.3.8-21.i386.rpm ImageMagick-perl-5.3.8-21.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1097 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIBqvJXlSAg2UNWIIRAkoHAKC1HZiQLqsXQet7yBIiEdcI+1IgmQCfXkX7 km6xcRXUuiZIUDvLFcP3BlM= =zzG4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 01:47:26 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Apr 2008 21:47:26 -0400 Subject: [RHSA-2008:0222-02] Critical: firefox security update Message-ID: <200804170147.m3H1lQ53006247@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2008:0222-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0222.html Issue date: 2008-04-16 CVE Names: CVE-2008-1380 ===================================================================== 1. Summary: Updated firefox packages that fix a security bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 440518 - CVE-2008-1380 Firefox JavaScript garbage collection crash 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm i386: firefox-1.5.0.12-0.15.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm ia64: firefox-1.5.0.12-0.15.el4.ia64.rpm firefox-debuginfo-1.5.0.12-0.15.el4.ia64.rpm ppc: firefox-1.5.0.12-0.15.el4.ppc.rpm firefox-debuginfo-1.5.0.12-0.15.el4.ppc.rpm s390: firefox-1.5.0.12-0.15.el4.s390.rpm firefox-debuginfo-1.5.0.12-0.15.el4.s390.rpm s390x: firefox-1.5.0.12-0.15.el4.s390x.rpm firefox-debuginfo-1.5.0.12-0.15.el4.s390x.rpm x86_64: firefox-1.5.0.12-0.15.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm i386: firefox-1.5.0.12-0.15.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm x86_64: firefox-1.5.0.12-0.15.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm i386: firefox-1.5.0.12-0.15.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm ia64: firefox-1.5.0.12-0.15.el4.ia64.rpm firefox-debuginfo-1.5.0.12-0.15.el4.ia64.rpm x86_64: firefox-1.5.0.12-0.15.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.15.el4.src.rpm i386: firefox-1.5.0.12-0.15.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.15.el4.i386.rpm ia64: firefox-1.5.0.12-0.15.el4.ia64.rpm firefox-debuginfo-1.5.0.12-0.15.el4.ia64.rpm x86_64: firefox-1.5.0.12-0.15.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.15.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-15.el5_1.src.rpm i386: firefox-1.5.0.12-15.el5_1.i386.rpm firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm x86_64: firefox-1.5.0.12-15.el5_1.i386.rpm firefox-1.5.0.12-15.el5_1.x86_64.rpm firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm firefox-debuginfo-1.5.0.12-15.el5_1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-15.el5_1.src.rpm i386: firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm firefox-devel-1.5.0.12-15.el5_1.i386.rpm x86_64: firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm firefox-debuginfo-1.5.0.12-15.el5_1.x86_64.rpm firefox-devel-1.5.0.12-15.el5_1.i386.rpm firefox-devel-1.5.0.12-15.el5_1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-15.el5_1.src.rpm i386: firefox-1.5.0.12-15.el5_1.i386.rpm firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm firefox-devel-1.5.0.12-15.el5_1.i386.rpm ia64: firefox-1.5.0.12-15.el5_1.ia64.rpm firefox-debuginfo-1.5.0.12-15.el5_1.ia64.rpm firefox-devel-1.5.0.12-15.el5_1.ia64.rpm ppc: firefox-1.5.0.12-15.el5_1.ppc.rpm firefox-debuginfo-1.5.0.12-15.el5_1.ppc.rpm firefox-devel-1.5.0.12-15.el5_1.ppc.rpm s390x: firefox-1.5.0.12-15.el5_1.s390.rpm firefox-1.5.0.12-15.el5_1.s390x.rpm firefox-debuginfo-1.5.0.12-15.el5_1.s390.rpm firefox-debuginfo-1.5.0.12-15.el5_1.s390x.rpm firefox-devel-1.5.0.12-15.el5_1.s390.rpm firefox-devel-1.5.0.12-15.el5_1.s390x.rpm x86_64: firefox-1.5.0.12-15.el5_1.i386.rpm firefox-1.5.0.12-15.el5_1.x86_64.rpm firefox-debuginfo-1.5.0.12-15.el5_1.i386.rpm firefox-debuginfo-1.5.0.12-15.el5_1.x86_64.rpm firefox-devel-1.5.0.12-15.el5_1.i386.rpm firefox-devel-1.5.0.12-15.el5_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIBqwsXlSAg2UNWIIRAsMaAKCawB0j7Jc0BCb2rBM0/UAy526ehgCgvq8G 3Qe8sAws3CKuKIJ3xGhijRU= =CYe7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 01:47:33 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Apr 2008 21:47:33 -0400 Subject: [RHSA-2008:0223-02] Critical: seamonkey security update Message-ID: <200804170147.m3H1lXqG006252@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2008:0223-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0223.html Issue date: 2008-04-16 CVE Names: CVE-2008-1380 ===================================================================== 1. Summary: Updated seamonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1380) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 440518 - CVE-2008-1380 Firefox JavaScript garbage collection crash 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.9-0.15.el2.src.rpm i386: seamonkey-1.0.9-0.15.el2.i386.rpm seamonkey-chat-1.0.9-0.15.el2.i386.rpm seamonkey-devel-1.0.9-0.15.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.15.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.15.el2.i386.rpm seamonkey-mail-1.0.9-0.15.el2.i386.rpm seamonkey-nspr-1.0.9-0.15.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.15.el2.i386.rpm seamonkey-nss-1.0.9-0.15.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.15.el2.i386.rpm ia64: seamonkey-1.0.9-0.15.el2.ia64.rpm seamonkey-chat-1.0.9-0.15.el2.ia64.rpm seamonkey-devel-1.0.9-0.15.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.15.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.15.el2.ia64.rpm seamonkey-mail-1.0.9-0.15.el2.ia64.rpm seamonkey-nspr-1.0.9-0.15.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.15.el2.ia64.rpm seamonkey-nss-1.0.9-0.15.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.15.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.9-0.15.el2.src.rpm ia64: seamonkey-1.0.9-0.15.el2.ia64.rpm seamonkey-chat-1.0.9-0.15.el2.ia64.rpm seamonkey-devel-1.0.9-0.15.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.15.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.15.el2.ia64.rpm seamonkey-mail-1.0.9-0.15.el2.ia64.rpm seamonkey-nspr-1.0.9-0.15.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.15.el2.ia64.rpm seamonkey-nss-1.0.9-0.15.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.15.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.9-0.15.el2.src.rpm i386: seamonkey-1.0.9-0.15.el2.i386.rpm seamonkey-chat-1.0.9-0.15.el2.i386.rpm seamonkey-devel-1.0.9-0.15.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.15.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.15.el2.i386.rpm seamonkey-mail-1.0.9-0.15.el2.i386.rpm seamonkey-nspr-1.0.9-0.15.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.15.el2.i386.rpm seamonkey-nss-1.0.9-0.15.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.15.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.9-0.15.el2.src.rpm i386: seamonkey-1.0.9-0.15.el2.i386.rpm seamonkey-chat-1.0.9-0.15.el2.i386.rpm seamonkey-devel-1.0.9-0.15.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.15.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.15.el2.i386.rpm seamonkey-mail-1.0.9-0.15.el2.i386.rpm seamonkey-nspr-1.0.9-0.15.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.15.el2.i386.rpm seamonkey-nss-1.0.9-0.15.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.15.el2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.17.el3.src.rpm i386: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-chat-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-devel-1.0.9-0.17.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.17.el3.i386.rpm seamonkey-mail-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.17.el3.i386.rpm ia64: seamonkey-1.0.9-0.17.el3.ia64.rpm seamonkey-chat-1.0.9-0.17.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.ia64.rpm seamonkey-devel-1.0.9-0.17.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.17.el3.ia64.rpm seamonkey-mail-1.0.9-0.17.el3.ia64.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.ia64.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.17.el3.ia64.rpm ppc: seamonkey-1.0.9-0.17.el3.ppc.rpm seamonkey-chat-1.0.9-0.17.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.17.el3.ppc.rpm seamonkey-devel-1.0.9-0.17.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.17.el3.ppc.rpm seamonkey-mail-1.0.9-0.17.el3.ppc.rpm seamonkey-nspr-1.0.9-0.17.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.ppc.rpm seamonkey-nss-1.0.9-0.17.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.17.el3.ppc.rpm s390: seamonkey-1.0.9-0.17.el3.s390.rpm seamonkey-chat-1.0.9-0.17.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.17.el3.s390.rpm seamonkey-devel-1.0.9-0.17.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.17.el3.s390.rpm seamonkey-mail-1.0.9-0.17.el3.s390.rpm seamonkey-nspr-1.0.9-0.17.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.s390.rpm seamonkey-nss-1.0.9-0.17.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.17.el3.s390.rpm s390x: seamonkey-1.0.9-0.17.el3.s390x.rpm seamonkey-chat-1.0.9-0.17.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.17.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.17.el3.s390x.rpm seamonkey-devel-1.0.9-0.17.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.17.el3.s390x.rpm seamonkey-mail-1.0.9-0.17.el3.s390x.rpm seamonkey-nspr-1.0.9-0.17.el3.s390.rpm seamonkey-nspr-1.0.9-0.17.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.s390x.rpm seamonkey-nss-1.0.9-0.17.el3.s390.rpm seamonkey-nss-1.0.9-0.17.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.17.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-1.0.9-0.17.el3.x86_64.rpm seamonkey-chat-1.0.9-0.17.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.x86_64.rpm seamonkey-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.17.el3.x86_64.rpm seamonkey-mail-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.17.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.17.el3.src.rpm i386: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-chat-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-devel-1.0.9-0.17.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.17.el3.i386.rpm seamonkey-mail-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.17.el3.i386.rpm x86_64: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-1.0.9-0.17.el3.x86_64.rpm seamonkey-chat-1.0.9-0.17.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.x86_64.rpm seamonkey-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.17.el3.x86_64.rpm seamonkey-mail-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.17.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.17.el3.src.rpm i386: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-chat-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-devel-1.0.9-0.17.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.17.el3.i386.rpm seamonkey-mail-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.17.el3.i386.rpm ia64: seamonkey-1.0.9-0.17.el3.ia64.rpm seamonkey-chat-1.0.9-0.17.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.ia64.rpm seamonkey-devel-1.0.9-0.17.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.17.el3.ia64.rpm seamonkey-mail-1.0.9-0.17.el3.ia64.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.ia64.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.17.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-1.0.9-0.17.el3.x86_64.rpm seamonkey-chat-1.0.9-0.17.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.x86_64.rpm seamonkey-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.17.el3.x86_64.rpm seamonkey-mail-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.17.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.17.el3.src.rpm i386: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-chat-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-devel-1.0.9-0.17.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.17.el3.i386.rpm seamonkey-mail-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.17.el3.i386.rpm ia64: seamonkey-1.0.9-0.17.el3.ia64.rpm seamonkey-chat-1.0.9-0.17.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.ia64.rpm seamonkey-devel-1.0.9-0.17.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.17.el3.ia64.rpm seamonkey-mail-1.0.9-0.17.el3.ia64.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.ia64.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.17.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.17.el3.i386.rpm seamonkey-1.0.9-0.17.el3.x86_64.rpm seamonkey-chat-1.0.9-0.17.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.17.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.17.el3.x86_64.rpm seamonkey-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.17.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.17.el3.x86_64.rpm seamonkey-mail-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.17.el3.i386.rpm seamonkey-nspr-1.0.9-0.17.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-1.0.9-0.17.el3.i386.rpm seamonkey-nss-1.0.9-0.17.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.17.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-16.el4.src.rpm i386: seamonkey-1.0.9-16.el4.i386.rpm seamonkey-chat-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-devel-1.0.9-16.el4.i386.rpm seamonkey-dom-inspector-1.0.9-16.el4.i386.rpm seamonkey-js-debugger-1.0.9-16.el4.i386.rpm seamonkey-mail-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-devel-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-devel-1.0.9-16.el4.i386.rpm ia64: seamonkey-1.0.9-16.el4.ia64.rpm seamonkey-chat-1.0.9-16.el4.ia64.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.ia64.rpm seamonkey-devel-1.0.9-16.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-16.el4.ia64.rpm seamonkey-js-debugger-1.0.9-16.el4.ia64.rpm seamonkey-mail-1.0.9-16.el4.ia64.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.ia64.rpm seamonkey-nspr-devel-1.0.9-16.el4.ia64.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.ia64.rpm seamonkey-nss-devel-1.0.9-16.el4.ia64.rpm ppc: seamonkey-1.0.9-16.el4.ppc.rpm seamonkey-chat-1.0.9-16.el4.ppc.rpm seamonkey-debuginfo-1.0.9-16.el4.ppc.rpm seamonkey-devel-1.0.9-16.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-16.el4.ppc.rpm seamonkey-js-debugger-1.0.9-16.el4.ppc.rpm seamonkey-mail-1.0.9-16.el4.ppc.rpm seamonkey-nspr-1.0.9-16.el4.ppc.rpm seamonkey-nspr-devel-1.0.9-16.el4.ppc.rpm seamonkey-nss-1.0.9-16.el4.ppc.rpm seamonkey-nss-devel-1.0.9-16.el4.ppc.rpm s390: seamonkey-1.0.9-16.el4.s390.rpm seamonkey-chat-1.0.9-16.el4.s390.rpm seamonkey-debuginfo-1.0.9-16.el4.s390.rpm seamonkey-devel-1.0.9-16.el4.s390.rpm seamonkey-dom-inspector-1.0.9-16.el4.s390.rpm seamonkey-js-debugger-1.0.9-16.el4.s390.rpm seamonkey-mail-1.0.9-16.el4.s390.rpm seamonkey-nspr-1.0.9-16.el4.s390.rpm seamonkey-nspr-devel-1.0.9-16.el4.s390.rpm seamonkey-nss-1.0.9-16.el4.s390.rpm seamonkey-nss-devel-1.0.9-16.el4.s390.rpm s390x: seamonkey-1.0.9-16.el4.s390x.rpm seamonkey-chat-1.0.9-16.el4.s390x.rpm seamonkey-debuginfo-1.0.9-16.el4.s390.rpm seamonkey-debuginfo-1.0.9-16.el4.s390x.rpm seamonkey-devel-1.0.9-16.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-16.el4.s390x.rpm seamonkey-js-debugger-1.0.9-16.el4.s390x.rpm seamonkey-mail-1.0.9-16.el4.s390x.rpm seamonkey-nspr-1.0.9-16.el4.s390.rpm seamonkey-nspr-1.0.9-16.el4.s390x.rpm seamonkey-nspr-devel-1.0.9-16.el4.s390x.rpm seamonkey-nss-1.0.9-16.el4.s390.rpm seamonkey-nss-1.0.9-16.el4.s390x.rpm seamonkey-nss-devel-1.0.9-16.el4.s390x.rpm x86_64: seamonkey-1.0.9-16.el4.x86_64.rpm seamonkey-chat-1.0.9-16.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.x86_64.rpm seamonkey-devel-1.0.9-16.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-16.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-16.el4.x86_64.rpm seamonkey-mail-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-16.el4.x86_64.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-16.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-16.el4.src.rpm i386: seamonkey-1.0.9-16.el4.i386.rpm seamonkey-chat-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-devel-1.0.9-16.el4.i386.rpm seamonkey-dom-inspector-1.0.9-16.el4.i386.rpm seamonkey-js-debugger-1.0.9-16.el4.i386.rpm seamonkey-mail-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-devel-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-devel-1.0.9-16.el4.i386.rpm x86_64: seamonkey-1.0.9-16.el4.x86_64.rpm seamonkey-chat-1.0.9-16.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.x86_64.rpm seamonkey-devel-1.0.9-16.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-16.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-16.el4.x86_64.rpm seamonkey-mail-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-16.el4.x86_64.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-16.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-16.el4.src.rpm i386: seamonkey-1.0.9-16.el4.i386.rpm seamonkey-chat-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-devel-1.0.9-16.el4.i386.rpm seamonkey-dom-inspector-1.0.9-16.el4.i386.rpm seamonkey-js-debugger-1.0.9-16.el4.i386.rpm seamonkey-mail-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-devel-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-devel-1.0.9-16.el4.i386.rpm ia64: seamonkey-1.0.9-16.el4.ia64.rpm seamonkey-chat-1.0.9-16.el4.ia64.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.ia64.rpm seamonkey-devel-1.0.9-16.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-16.el4.ia64.rpm seamonkey-js-debugger-1.0.9-16.el4.ia64.rpm seamonkey-mail-1.0.9-16.el4.ia64.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.ia64.rpm seamonkey-nspr-devel-1.0.9-16.el4.ia64.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.ia64.rpm seamonkey-nss-devel-1.0.9-16.el4.ia64.rpm x86_64: seamonkey-1.0.9-16.el4.x86_64.rpm seamonkey-chat-1.0.9-16.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.x86_64.rpm seamonkey-devel-1.0.9-16.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-16.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-16.el4.x86_64.rpm seamonkey-mail-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-16.el4.x86_64.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-16.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-16.el4.src.rpm i386: seamonkey-1.0.9-16.el4.i386.rpm seamonkey-chat-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-devel-1.0.9-16.el4.i386.rpm seamonkey-dom-inspector-1.0.9-16.el4.i386.rpm seamonkey-js-debugger-1.0.9-16.el4.i386.rpm seamonkey-mail-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-devel-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-devel-1.0.9-16.el4.i386.rpm ia64: seamonkey-1.0.9-16.el4.ia64.rpm seamonkey-chat-1.0.9-16.el4.ia64.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.ia64.rpm seamonkey-devel-1.0.9-16.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-16.el4.ia64.rpm seamonkey-js-debugger-1.0.9-16.el4.ia64.rpm seamonkey-mail-1.0.9-16.el4.ia64.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.ia64.rpm seamonkey-nspr-devel-1.0.9-16.el4.ia64.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.ia64.rpm seamonkey-nss-devel-1.0.9-16.el4.ia64.rpm x86_64: seamonkey-1.0.9-16.el4.x86_64.rpm seamonkey-chat-1.0.9-16.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-16.el4.i386.rpm seamonkey-debuginfo-1.0.9-16.el4.x86_64.rpm seamonkey-devel-1.0.9-16.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-16.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-16.el4.x86_64.rpm seamonkey-mail-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-1.0.9-16.el4.i386.rpm seamonkey-nspr-1.0.9-16.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-16.el4.x86_64.rpm seamonkey-nss-1.0.9-16.el4.i386.rpm seamonkey-nss-1.0.9-16.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-16.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIBqw0XlSAg2UNWIIRAt6kAJ97Y7bukfgmjr5STgqgNQ53GPXetACgsCyW MwKJKAh/ZUj2eWrrjDMmQfQ= =eUWZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 01:47:40 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Apr 2008 21:47:40 -0400 Subject: [RHSA-2008:0235-01] Important: speex security update Message-ID: <200804170147.m3H1leb5006256@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: speex security update Advisory ID: RHSA-2008:0235-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0235.html Issue date: 2008-04-16 CVE Names: CVE-2008-1686 ===================================================================== 1. Summary: Updated speex packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Speex is a patent-free compression format designed especially for speech. The Speex package contains a library for handling Speex files and sample encoder and decoder implementations using this library. The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686) All users of speex are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 441239 - CVE-2008-1686 speex, libfishsound: insufficient boundary checks 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/speex-1.0.4-4.el4_6.1.src.rpm i386: speex-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-devel-1.0.4-4.el4_6.1.i386.rpm ia64: speex-1.0.4-4.el4_6.1.i386.rpm speex-1.0.4-4.el4_6.1.ia64.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.ia64.rpm speex-devel-1.0.4-4.el4_6.1.ia64.rpm ppc: speex-1.0.4-4.el4_6.1.ppc.rpm speex-1.0.4-4.el4_6.1.ppc64.rpm speex-debuginfo-1.0.4-4.el4_6.1.ppc.rpm speex-debuginfo-1.0.4-4.el4_6.1.ppc64.rpm speex-devel-1.0.4-4.el4_6.1.ppc.rpm s390: speex-1.0.4-4.el4_6.1.s390.rpm speex-debuginfo-1.0.4-4.el4_6.1.s390.rpm speex-devel-1.0.4-4.el4_6.1.s390.rpm s390x: speex-1.0.4-4.el4_6.1.s390.rpm speex-1.0.4-4.el4_6.1.s390x.rpm speex-debuginfo-1.0.4-4.el4_6.1.s390.rpm speex-debuginfo-1.0.4-4.el4_6.1.s390x.rpm speex-devel-1.0.4-4.el4_6.1.s390x.rpm x86_64: speex-1.0.4-4.el4_6.1.i386.rpm speex-1.0.4-4.el4_6.1.x86_64.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.x86_64.rpm speex-devel-1.0.4-4.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/speex-1.0.4-4.el4_6.1.src.rpm i386: speex-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-devel-1.0.4-4.el4_6.1.i386.rpm x86_64: speex-1.0.4-4.el4_6.1.i386.rpm speex-1.0.4-4.el4_6.1.x86_64.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.x86_64.rpm speex-devel-1.0.4-4.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/speex-1.0.4-4.el4_6.1.src.rpm i386: speex-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-devel-1.0.4-4.el4_6.1.i386.rpm ia64: speex-1.0.4-4.el4_6.1.i386.rpm speex-1.0.4-4.el4_6.1.ia64.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.ia64.rpm speex-devel-1.0.4-4.el4_6.1.ia64.rpm x86_64: speex-1.0.4-4.el4_6.1.i386.rpm speex-1.0.4-4.el4_6.1.x86_64.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.x86_64.rpm speex-devel-1.0.4-4.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/speex-1.0.4-4.el4_6.1.src.rpm i386: speex-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-devel-1.0.4-4.el4_6.1.i386.rpm ia64: speex-1.0.4-4.el4_6.1.i386.rpm speex-1.0.4-4.el4_6.1.ia64.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.ia64.rpm speex-devel-1.0.4-4.el4_6.1.ia64.rpm x86_64: speex-1.0.4-4.el4_6.1.i386.rpm speex-1.0.4-4.el4_6.1.x86_64.rpm speex-debuginfo-1.0.4-4.el4_6.1.i386.rpm speex-debuginfo-1.0.4-4.el4_6.1.x86_64.rpm speex-devel-1.0.4-4.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/speex-1.0.5-4.el5_1.1.src.rpm i386: speex-1.0.5-4.el5_1.1.i386.rpm speex-debuginfo-1.0.5-4.el5_1.1.i386.rpm x86_64: speex-1.0.5-4.el5_1.1.i386.rpm speex-1.0.5-4.el5_1.1.x86_64.rpm speex-debuginfo-1.0.5-4.el5_1.1.i386.rpm speex-debuginfo-1.0.5-4.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/speex-1.0.5-4.el5_1.1.src.rpm i386: speex-debuginfo-1.0.5-4.el5_1.1.i386.rpm speex-devel-1.0.5-4.el5_1.1.i386.rpm x86_64: speex-debuginfo-1.0.5-4.el5_1.1.i386.rpm speex-debuginfo-1.0.5-4.el5_1.1.x86_64.rpm speex-devel-1.0.5-4.el5_1.1.i386.rpm speex-devel-1.0.5-4.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/speex-1.0.5-4.el5_1.1.src.rpm i386: speex-1.0.5-4.el5_1.1.i386.rpm speex-debuginfo-1.0.5-4.el5_1.1.i386.rpm speex-devel-1.0.5-4.el5_1.1.i386.rpm ia64: speex-1.0.5-4.el5_1.1.ia64.rpm speex-debuginfo-1.0.5-4.el5_1.1.ia64.rpm speex-devel-1.0.5-4.el5_1.1.ia64.rpm ppc: speex-1.0.5-4.el5_1.1.ppc.rpm speex-1.0.5-4.el5_1.1.ppc64.rpm speex-debuginfo-1.0.5-4.el5_1.1.ppc.rpm speex-debuginfo-1.0.5-4.el5_1.1.ppc64.rpm speex-devel-1.0.5-4.el5_1.1.ppc.rpm speex-devel-1.0.5-4.el5_1.1.ppc64.rpm s390x: speex-1.0.5-4.el5_1.1.s390.rpm speex-1.0.5-4.el5_1.1.s390x.rpm speex-debuginfo-1.0.5-4.el5_1.1.s390.rpm speex-debuginfo-1.0.5-4.el5_1.1.s390x.rpm speex-devel-1.0.5-4.el5_1.1.s390.rpm speex-devel-1.0.5-4.el5_1.1.s390x.rpm x86_64: speex-1.0.5-4.el5_1.1.i386.rpm speex-1.0.5-4.el5_1.1.x86_64.rpm speex-debuginfo-1.0.5-4.el5_1.1.i386.rpm speex-debuginfo-1.0.5-4.el5_1.1.x86_64.rpm speex-devel-1.0.5-4.el5_1.1.i386.rpm speex-devel-1.0.5-4.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIBqw7XlSAg2UNWIIRAsJDAJ4sU533kOdChePFLZ227aOvXwxbngCdHmjW MLTP4d80DkxRHV0Ytb9nG/I= =ANwH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 18:27:51 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Apr 2008 14:27:51 -0400 Subject: [RHSA-2008:0175-01] Important: openoffice.org security update Message-ID: <200804171827.m3HIRpfd002771@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2008:0175-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0175.html Issue date: 2008-04-17 CVE Names: CVE-2007-5746 CVE-2008-0320 CVE-2007-5745 CVE-2007-5747 ===================================================================== 1. Summary: Updated openoffice.org 2.x packages to correct multiple security issues are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Multiple heap overflows and an integer underflow were found in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-5745, CVE-2007-5747) A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 435675 - CVE-2007-5746 openoffice.org: EMF files parsing EMR_BITBLT record heap overflows 435676 - CVE-2008-0320 openoffice.org: OLE files parsing heap overflows 435678 - CVE-2007-5745 openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records 435681 - CVE-2007-5747 openoffice.org: Quattro Pro files parsing integer underflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.4.0.src.rpm i386: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm ppc: openoffice.org2-base-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.ppc.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.ppc.rpm x86_64: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.4.0.src.rpm i386: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm x86_64: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.4.0.src.rpm i386: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm x86_64: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.4.0.src.rpm i386: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm x86_64: openoffice.org2-base-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.4.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.4.0.i386.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.0.4-5.4.26.src.rpm i386: openoffice.org-base-2.0.4-5.4.26.i386.rpm openoffice.org-calc-2.0.4-5.4.26.i386.rpm openoffice.org-core-2.0.4-5.4.26.i386.rpm openoffice.org-debuginfo-2.0.4-5.4.26.i386.rpm openoffice.org-draw-2.0.4-5.4.26.i386.rpm openoffice.org-emailmerge-2.0.4-5.4.26.i386.rpm openoffice.org-graphicfilter-2.0.4-5.4.26.i386.rpm openoffice.org-impress-2.0.4-5.4.26.i386.rpm openoffice.org-javafilter-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-af_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ar-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-as_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-bg_BG-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-bn-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ca_ES-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-cs_CZ-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-cy_GB-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-da_DK-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-de-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-el_GR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-es-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-et_EE-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-eu_ES-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-fi_FI-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-fr-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ga_IE-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-gl_ES-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-gu_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-he_IL-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-hi_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-hr_HR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-hu_HU-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-it-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ja_JP-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-kn_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ko_KR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-lt_LT-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ml_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-mr_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ms_MY-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nb_NO-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nl-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nn_NO-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nr_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nso_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-or_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pa_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pl_PL-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pt_BR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pt_PT-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ru-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sk_SK-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sl_SI-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sr_CS-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ss_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-st_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sv-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ta_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-te_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-th_TH-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-tn_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-tr_TR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ts_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ur-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ve_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-xh_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-zh_CN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-zh_TW-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-zu_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-math-2.0.4-5.4.26.i386.rpm openoffice.org-pyuno-2.0.4-5.4.26.i386.rpm openoffice.org-testtools-2.0.4-5.4.26.i386.rpm openoffice.org-writer-2.0.4-5.4.26.i386.rpm openoffice.org-xsltfilter-2.0.4-5.4.26.i386.rpm x86_64: openoffice.org-base-2.0.4-5.4.26.x86_64.rpm openoffice.org-calc-2.0.4-5.4.26.x86_64.rpm openoffice.org-core-2.0.4-5.4.26.x86_64.rpm openoffice.org-debuginfo-2.0.4-5.4.26.x86_64.rpm openoffice.org-draw-2.0.4-5.4.26.x86_64.rpm openoffice.org-emailmerge-2.0.4-5.4.26.x86_64.rpm openoffice.org-graphicfilter-2.0.4-5.4.26.x86_64.rpm openoffice.org-impress-2.0.4-5.4.26.x86_64.rpm openoffice.org-javafilter-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-af_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ar-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-as_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-bg_BG-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-bn-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ca_ES-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-cs_CZ-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-cy_GB-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-da_DK-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-de-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-el_GR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-es-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-et_EE-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-eu_ES-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-fi_FI-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-fr-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ga_IE-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-gl_ES-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-gu_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-he_IL-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-hi_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-hr_HR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-hu_HU-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-it-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ja_JP-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-kn_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ko_KR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-lt_LT-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ml_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-mr_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ms_MY-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nb_NO-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nl-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nn_NO-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nr_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nso_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-or_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pa_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pl_PL-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pt_BR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pt_PT-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ru-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sk_SK-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sl_SI-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sr_CS-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ss_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-st_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sv-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ta_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-te_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-th_TH-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-tn_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-tr_TR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ts_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ur-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ve_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-xh_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-zh_CN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-zh_TW-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-zu_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-math-2.0.4-5.4.26.x86_64.rpm openoffice.org-pyuno-2.0.4-5.4.26.x86_64.rpm openoffice.org-testtools-2.0.4-5.4.26.x86_64.rpm openoffice.org-writer-2.0.4-5.4.26.x86_64.rpm openoffice.org-xsltfilter-2.0.4-5.4.26.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-2.0.4-5.4.26.src.rpm i386: openoffice.org-base-2.0.4-5.4.26.i386.rpm openoffice.org-calc-2.0.4-5.4.26.i386.rpm openoffice.org-core-2.0.4-5.4.26.i386.rpm openoffice.org-debuginfo-2.0.4-5.4.26.i386.rpm openoffice.org-draw-2.0.4-5.4.26.i386.rpm openoffice.org-emailmerge-2.0.4-5.4.26.i386.rpm openoffice.org-graphicfilter-2.0.4-5.4.26.i386.rpm openoffice.org-impress-2.0.4-5.4.26.i386.rpm openoffice.org-javafilter-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-af_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ar-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-as_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-bg_BG-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-bn-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ca_ES-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-cs_CZ-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-cy_GB-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-da_DK-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-de-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-el_GR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-es-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-et_EE-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-eu_ES-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-fi_FI-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-fr-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ga_IE-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-gl_ES-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-gu_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-he_IL-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-hi_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-hr_HR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-hu_HU-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-it-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ja_JP-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-kn_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ko_KR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-lt_LT-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ml_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-mr_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ms_MY-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nb_NO-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nl-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nn_NO-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nr_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-nso_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-or_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pa_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pl_PL-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pt_BR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-pt_PT-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ru-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sk_SK-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sl_SI-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sr_CS-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ss_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-st_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-sv-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ta_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-te_IN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-th_TH-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-tn_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-tr_TR-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ts_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ur-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-ve_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-xh_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-zh_CN-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-zh_TW-2.0.4-5.4.26.i386.rpm openoffice.org-langpack-zu_ZA-2.0.4-5.4.26.i386.rpm openoffice.org-math-2.0.4-5.4.26.i386.rpm openoffice.org-pyuno-2.0.4-5.4.26.i386.rpm openoffice.org-testtools-2.0.4-5.4.26.i386.rpm openoffice.org-writer-2.0.4-5.4.26.i386.rpm openoffice.org-xsltfilter-2.0.4-5.4.26.i386.rpm x86_64: openoffice.org-base-2.0.4-5.4.26.x86_64.rpm openoffice.org-calc-2.0.4-5.4.26.x86_64.rpm openoffice.org-core-2.0.4-5.4.26.x86_64.rpm openoffice.org-debuginfo-2.0.4-5.4.26.x86_64.rpm openoffice.org-draw-2.0.4-5.4.26.x86_64.rpm openoffice.org-emailmerge-2.0.4-5.4.26.x86_64.rpm openoffice.org-graphicfilter-2.0.4-5.4.26.x86_64.rpm openoffice.org-impress-2.0.4-5.4.26.x86_64.rpm openoffice.org-javafilter-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-af_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ar-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-as_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-bg_BG-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-bn-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ca_ES-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-cs_CZ-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-cy_GB-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-da_DK-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-de-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-el_GR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-es-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-et_EE-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-eu_ES-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-fi_FI-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-fr-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ga_IE-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-gl_ES-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-gu_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-he_IL-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-hi_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-hr_HR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-hu_HU-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-it-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ja_JP-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-kn_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ko_KR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-lt_LT-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ml_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-mr_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ms_MY-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nb_NO-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nl-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nn_NO-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nr_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-nso_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-or_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pa_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pl_PL-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pt_BR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-pt_PT-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ru-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sk_SK-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sl_SI-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sr_CS-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ss_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-st_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-sv-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ta_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-te_IN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-th_TH-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-tn_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-tr_TR-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ts_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ur-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-ve_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-xh_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-zh_CN-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-zh_TW-2.0.4-5.4.26.x86_64.rpm openoffice.org-langpack-zu_ZA-2.0.4-5.4.26.x86_64.rpm openoffice.org-math-2.0.4-5.4.26.x86_64.rpm openoffice.org-pyuno-2.0.4-5.4.26.x86_64.rpm openoffice.org-testtools-2.0.4-5.4.26.x86_64.rpm openoffice.org-writer-2.0.4-5.4.26.x86_64.rpm openoffice.org-xsltfilter-2.0.4-5.4.26.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIB5aNXlSAg2UNWIIRAiLdAJ9040/0e6Unc4Ke//xTquV7iCjW9ACfWLmp 0fQcpzak1t3YZjntmiVFS1Y= =ddmL -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 18:28:08 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Apr 2008 14:28:08 -0400 Subject: [RHSA-2008:0176-01] Important: openoffice.org security update Message-ID: <200804171828.m3HIS8WG002803@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2008:0176-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0176.html Issue date: 2008-04-17 CVE Names: CVE-2007-5746 CVE-2008-0320 ===================================================================== 1. Summary: Updated openoffice.org 1.x packages to correct multiple security issues are now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, x86_64 Red Hat Enterprise Linux WS version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 435675 - CVE-2007-5746 openoffice.org: EMF files parsing EMR_BITBLT record heap overflows 435676 - CVE-2008-0320 openoffice.org: OLE files parsing heap overflows 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-41.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-41.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-41.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-41.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm i386: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm ppc: openoffice.org-1.1.5-10.6.0.3.EL4.ppc.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.ppc.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.ppc.rpm openoffice.org-kde-1.1.5-10.6.0.3.EL4.ppc.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.ppc.rpm x86_64: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm i386: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm i386: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm i386: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIB5asXlSAg2UNWIIRArtjAKCLfxNANA9XUc8+jZhLILo0R7/+pACfd0b2 9ZxvrXyG03fazFKd2TNVr1Q= =lng4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 18:28:25 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Apr 2008 14:28:25 -0400 Subject: [RHSA-2008:0238-01] Important: kdegraphics security update Message-ID: <200804171828.m3HISPqM002829@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2008:0238-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0238.html Issue date: 2008-04-17 CVE Names: CVE-2008-1693 ===================================================================== 1. Summary: Updated kdegraphics packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The kdegraphics packages contain applications for the K Desktop Environment, including kpdf, a PDF file viewer. Kees Cook discovered a flaw in the way kpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-9.el4_6.src.rpm i386: kdegraphics-3.3.1-9.el4_6.i386.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.i386.rpm kdegraphics-devel-3.3.1-9.el4_6.i386.rpm ia64: kdegraphics-3.3.1-9.el4_6.ia64.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.ia64.rpm kdegraphics-devel-3.3.1-9.el4_6.ia64.rpm ppc: kdegraphics-3.3.1-9.el4_6.ppc.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.ppc.rpm kdegraphics-devel-3.3.1-9.el4_6.ppc.rpm s390: kdegraphics-3.3.1-9.el4_6.s390.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.s390.rpm kdegraphics-devel-3.3.1-9.el4_6.s390.rpm s390x: kdegraphics-3.3.1-9.el4_6.s390x.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.s390x.rpm kdegraphics-devel-3.3.1-9.el4_6.s390x.rpm x86_64: kdegraphics-3.3.1-9.el4_6.x86_64.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.x86_64.rpm kdegraphics-devel-3.3.1-9.el4_6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-9.el4_6.src.rpm i386: kdegraphics-3.3.1-9.el4_6.i386.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.i386.rpm kdegraphics-devel-3.3.1-9.el4_6.i386.rpm x86_64: kdegraphics-3.3.1-9.el4_6.x86_64.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.x86_64.rpm kdegraphics-devel-3.3.1-9.el4_6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-9.el4_6.src.rpm i386: kdegraphics-3.3.1-9.el4_6.i386.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.i386.rpm kdegraphics-devel-3.3.1-9.el4_6.i386.rpm ia64: kdegraphics-3.3.1-9.el4_6.ia64.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.ia64.rpm kdegraphics-devel-3.3.1-9.el4_6.ia64.rpm x86_64: kdegraphics-3.3.1-9.el4_6.x86_64.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.x86_64.rpm kdegraphics-devel-3.3.1-9.el4_6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-9.el4_6.src.rpm i386: kdegraphics-3.3.1-9.el4_6.i386.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.i386.rpm kdegraphics-devel-3.3.1-9.el4_6.i386.rpm ia64: kdegraphics-3.3.1-9.el4_6.ia64.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.ia64.rpm kdegraphics-devel-3.3.1-9.el4_6.ia64.rpm x86_64: kdegraphics-3.3.1-9.el4_6.x86_64.rpm kdegraphics-debuginfo-3.3.1-9.el4_6.x86_64.rpm kdegraphics-devel-3.3.1-9.el4_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIB5a/XlSAg2UNWIIRAn0mAJ0brvzSSEXpPOejAwfsS0pEL02U5QCghQh4 Tor1IWplMDxuAuZIqWinmvQ= =bD5e -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 18:28:39 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Apr 2008 14:28:39 -0400 Subject: [RHSA-2008:0239-01] Important: poppler security update Message-ID: <200804171828.m3HISdIu002846@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: poppler security update Advisory ID: RHSA-2008:0239-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0239.html Issue date: 2008-04-17 CVE Names: CVE-2008-1693 ===================================================================== 1. Summary: Updated poppler packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Poppler is a PDF rendering library, used by applications such as Evince. Kees Cook discovered a flaw in the way poppler displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications that use poppler -- such as Evince -- to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) Users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/poppler-0.5.4-4.4.el5_1.src.rpm i386: poppler-0.5.4-4.4.el5_1.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_1.i386.rpm poppler-utils-0.5.4-4.4.el5_1.i386.rpm x86_64: poppler-0.5.4-4.4.el5_1.i386.rpm poppler-0.5.4-4.4.el5_1.x86_64.rpm poppler-debuginfo-0.5.4-4.4.el5_1.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_1.x86_64.rpm poppler-utils-0.5.4-4.4.el5_1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/poppler-0.5.4-4.4.el5_1.src.rpm i386: poppler-debuginfo-0.5.4-4.4.el5_1.i386.rpm poppler-devel-0.5.4-4.4.el5_1.i386.rpm x86_64: poppler-debuginfo-0.5.4-4.4.el5_1.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_1.x86_64.rpm poppler-devel-0.5.4-4.4.el5_1.i386.rpm poppler-devel-0.5.4-4.4.el5_1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/poppler-0.5.4-4.4.el5_1.src.rpm i386: poppler-0.5.4-4.4.el5_1.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_1.i386.rpm poppler-devel-0.5.4-4.4.el5_1.i386.rpm poppler-utils-0.5.4-4.4.el5_1.i386.rpm ia64: poppler-0.5.4-4.4.el5_1.ia64.rpm poppler-debuginfo-0.5.4-4.4.el5_1.ia64.rpm poppler-devel-0.5.4-4.4.el5_1.ia64.rpm poppler-utils-0.5.4-4.4.el5_1.ia64.rpm ppc: poppler-0.5.4-4.4.el5_1.ppc.rpm poppler-0.5.4-4.4.el5_1.ppc64.rpm poppler-debuginfo-0.5.4-4.4.el5_1.ppc.rpm poppler-debuginfo-0.5.4-4.4.el5_1.ppc64.rpm poppler-devel-0.5.4-4.4.el5_1.ppc.rpm poppler-devel-0.5.4-4.4.el5_1.ppc64.rpm poppler-utils-0.5.4-4.4.el5_1.ppc.rpm s390x: poppler-0.5.4-4.4.el5_1.s390.rpm poppler-0.5.4-4.4.el5_1.s390x.rpm poppler-debuginfo-0.5.4-4.4.el5_1.s390.rpm poppler-debuginfo-0.5.4-4.4.el5_1.s390x.rpm poppler-devel-0.5.4-4.4.el5_1.s390.rpm poppler-devel-0.5.4-4.4.el5_1.s390x.rpm poppler-utils-0.5.4-4.4.el5_1.s390x.rpm x86_64: poppler-0.5.4-4.4.el5_1.i386.rpm poppler-0.5.4-4.4.el5_1.x86_64.rpm poppler-debuginfo-0.5.4-4.4.el5_1.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_1.x86_64.rpm poppler-devel-0.5.4-4.4.el5_1.i386.rpm poppler-devel-0.5.4-4.4.el5_1.x86_64.rpm poppler-utils-0.5.4-4.4.el5_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIB5bOXlSAg2UNWIIRAh06AKCxjDoSHPIZ7kfW5433YynAAmTvewCeMBHP RcNXmYle0yHw9sYZ9jwaN2g= =rkNa -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 17 18:28:48 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Apr 2008 14:28:48 -0400 Subject: [RHSA-2008:0240-01] Important: xpdf security update Message-ID: <200804171828.m3HISmM2002853@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xpdf security update Advisory ID: RHSA-2008:0240-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0240.html Issue date: 2008-04-17 CVE Names: CVE-2008-1693 ===================================================================== 1. Summary: Updated xpdf packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Kees Cook discovered a flaw in the way xpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause xpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) Users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-16.el4.src.rpm i386: xpdf-3.00-16.el4.i386.rpm xpdf-debuginfo-3.00-16.el4.i386.rpm ia64: xpdf-3.00-16.el4.ia64.rpm xpdf-debuginfo-3.00-16.el4.ia64.rpm ppc: xpdf-3.00-16.el4.ppc.rpm xpdf-debuginfo-3.00-16.el4.ppc.rpm s390: xpdf-3.00-16.el4.s390.rpm xpdf-debuginfo-3.00-16.el4.s390.rpm s390x: xpdf-3.00-16.el4.s390x.rpm xpdf-debuginfo-3.00-16.el4.s390x.rpm x86_64: xpdf-3.00-16.el4.x86_64.rpm xpdf-debuginfo-3.00-16.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-16.el4.src.rpm i386: xpdf-3.00-16.el4.i386.rpm xpdf-debuginfo-3.00-16.el4.i386.rpm x86_64: xpdf-3.00-16.el4.x86_64.rpm xpdf-debuginfo-3.00-16.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-16.el4.src.rpm i386: xpdf-3.00-16.el4.i386.rpm xpdf-debuginfo-3.00-16.el4.i386.rpm ia64: xpdf-3.00-16.el4.ia64.rpm xpdf-debuginfo-3.00-16.el4.ia64.rpm x86_64: xpdf-3.00-16.el4.x86_64.rpm xpdf-debuginfo-3.00-16.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-16.el4.src.rpm i386: xpdf-3.00-16.el4.i386.rpm xpdf-debuginfo-3.00-16.el4.i386.rpm ia64: xpdf-3.00-16.el4.ia64.rpm xpdf-debuginfo-3.00-16.el4.ia64.rpm x86_64: xpdf-3.00-16.el4.x86_64.rpm xpdf-debuginfo-3.00-16.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIB5beXlSAg2UNWIIRAozuAJoDjuVv2SbsFMb+TjUcF6jA9B9F7ACeIytJ 6chSxJpQR4R6zomrodgwHEg= =y7ls -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 28 09:24:56 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Apr 2008 05:24:56 -0400 Subject: [RHSA-2008:0195-01] Moderate: tomcat security update Message-ID: <200804280924.m3S9OuUG010215@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat security update Advisory ID: RHSA-2008:0195-01 Product: Red Hat Developer Suite v.3 Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0195.html Issue date: 2008-04-28 Keywords: Security CVE Names: CVE-2007-3382 CVE-2007-3385 CVE-2007-5342 CVE-2007-5461 ===================================================================== 1. Summary: Updated tomcat packages that fix multiple security issues are now available for Red Hat Developer Suite 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Developer Suite v.3 (AS v.4) - noarch 3. Description: Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. This allowed remote attackers to remote authenticated users to read accessible to the local user running the tomcat process (CVE-2007-5461). The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process (CVE-2007-5342). Users of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 247972 - CVE-2007-3382 tomcat handling of cookies 247976 - CVE-2007-3385 tomcat handling of cookie values 333791 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV 427216 - CVE-2007-5342 Apache Tomcat's default security policy is too open 6. Package List: Red Hat Developer Suite v.3 (AS v.4): Source: ftp://updates.redhat.com/enterprise/4AS/en/RHDS/SRPMS/tomcat5-5.5.23-0jpp_11rh.src.rpm noarch: tomcat5-5.5.23-0jpp_11rh.noarch.rpm tomcat5-common-lib-5.5.23-0jpp_11rh.noarch.rpm tomcat5-jasper-5.5.23-0jpp_11rh.noarch.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp_11rh.noarch.rpm tomcat5-server-lib-5.5.23-0jpp_11rh.noarch.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp_11rh.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://tomcat.apache.org/security-5.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIFZfUXlSAg2UNWIIRAo0IAJ9i0jZ4PyWJxB49+7p4iDkVM9jkZQCgtQxe 3xJwLBAQOo7iYmp9L89508g= =/+q9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 28 09:25:12 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Apr 2008 05:25:12 -0400 Subject: [RHSA-2008:0243-01] Moderate: java-1.4.2-bea security update Message-ID: <200804280925.m3S9PCjo010679@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.4.2-bea security update Advisory ID: RHSA-2008:0243-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0243.html Issue date: 2008-04-28 Keywords: Security CVE Names: CVE-2008-1187 ===================================================================== 1. Summary: Updated java-1.4.2-bea packages that fix a security issue are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, ia64 Red Hat Desktop version 3 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, x86_64 3. Description: The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard Edition, v1.4.2. A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) Please note: This vulnerability can only be triggered in java-1.4.2-bea by calling the "appletviewer" application. All java-1.4.2-bea users should upgrade to this updated package which addresses this vulnerability. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm ia64: java-1.4.2-bea-1.4.2.16-1jpp.2.el3.ia64.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.ia64.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.ia64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm ia64: java-1.4.2-bea-1.4.2.16-1jpp.2.el3.ia64.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.ia64.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.ia64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm ia64: java-1.4.2-bea-1.4.2.16-1jpp.2.el3.ia64.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.ia64.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.ia64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm ia64: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.ia64.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.ia64.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.ia64.rpm x86_64: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm x86_64: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm ia64: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.ia64.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.ia64.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.ia64.rpm x86_64: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm ia64: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.ia64.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.ia64.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.ia64.rpm x86_64: java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm x86_64: java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm ia64: java-1.4.2-bea-1.4.2.16-1jpp.2.el5.ia64.rpm java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.ia64.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.ia64.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.ia64.rpm java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.ia64.rpm x86_64: java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187 http://dev2dev.bea.com/pub/advisory/277 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIFZfvXlSAg2UNWIIRAqOOAKC3WZ9uHTYgBX1Ia6xuqOKNZVLoqwCfbaFd M2kvJZUYxpXflRE+6aIBi8Y= =h4vF -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 28 09:25:23 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Apr 2008 05:25:23 -0400 Subject: [RHSA-2008:0244-01] Moderate: java-1.5.0-bea security update Message-ID: <200804280925.m3S9PNDh010699@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.5.0-bea security update Advisory ID: RHSA-2008:0244-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0244.html Issue date: 2008-04-28 CVE Names: CVE-2008-1187 CVE-2008-1193 CVE-2008-1194 ===================================================================== 1. Summary: Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, x86_64 3. Description: The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_14, and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possibly execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The vulnerabilities concerning applets listed above can only be triggered in java-1.5.0-bea, by calling the "appletviewer" application. Users of java-1.5.0-bea are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation 436296 - CVE-2008-1193 JRE image parsing library allows privilege escalation (CVE-2008-1194) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.i686.rpm ia64: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.ia64.rpm x86_64: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.i686.rpm x86_64: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.i686.rpm ia64: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.ia64.rpm x86_64: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.i686.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.i686.rpm ia64: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.ia64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.ia64.rpm x86_64: java-1.5.0-bea-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-bea-1.5.0.14-1jpp.2.el5.i686.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.i686.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.i686.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.i686.rpm java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5.i686.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.i686.rpm ia64: java-1.5.0-bea-1.5.0.14-1jpp.2.el5.ia64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.ia64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.ia64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.ia64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.ia64.rpm x86_64: java-1.5.0-bea-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194 http://dev2dev.bea.com/pub/advisory/277 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIFZf8XlSAg2UNWIIRAkz/AKC6w8YIPxRJ9xhX9NIMHPd/BfGJAwCgiuAQ gIcLOYxJBLwWy5iF5OajrWQ= =UQQU -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 28 09:25:39 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Apr 2008 05:25:39 -0400 Subject: [RHSA-2008:0245-01] Moderate: java-1.6.0-bea security update Message-ID: <200804280925.m3S9Pd4o010715@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.6.0-bea security update Advisory ID: RHSA-2008:0245-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0245.html Issue date: 2008-04-28 CVE Names: CVE-2008-0628 CVE-2008-1187 CVE-2008-1193 CVE-2008-1194 ===================================================================== 1. Summary: Updated java-1.6.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.6.0_03, and are certified for the Java 6 Platform, Standard Edition, v1.6.0. The Java XML parsing code processed external entity references even when the "external general entities" property was set to "FALSE". This allowed remote attackers to conduct XML External Entity (XXE) attacks, possibly causing a denial of service, or gaining access to restricted resources. (CVE-2008-0628) A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possible execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The vulnerabilities concerning applets listed above can only be triggered in java-1.6.0-bea, by calling the "appletviewer" application. Users of java-1.6.0-bea are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431416 - CVE-2008-0628 java-1.6.0 default external entity processing 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation 436296 - CVE-2008-1193 JRE image parsing library allows privilege escalation (CVE-2008-1194) 6. Package List: RHEL Desktop Supplementary (v. 5 client): i386: java-1.6.0-bea-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-demo-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-devel-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-jdbc-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-missioncontrol-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-src-1.6.0.03-1jpp.2.el5.i686.rpm x86_64: java-1.6.0-bea-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-demo-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-devel-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-jdbc-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-missioncontrol-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-src-1.6.0.03-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.6.0-bea-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-demo-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-devel-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-jdbc-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-missioncontrol-1.6.0.03-1jpp.2.el5.i686.rpm java-1.6.0-bea-src-1.6.0.03-1jpp.2.el5.i686.rpm x86_64: java-1.6.0-bea-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-demo-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-devel-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-jdbc-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-missioncontrol-1.6.0.03-1jpp.2.el5.x86_64.rpm java-1.6.0-bea-src-1.6.0.03-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194 http://dev2dev.bea.com/pub/advisory/277 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIFZgGXlSAg2UNWIIRAljzAJ9b/NEo0bf+1bxKsFm79CHNk5OtZwCfcFUj HZ04LD4ChlB/vYjLcvcRZ5k= =xhXA -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 30 16:48:28 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Apr 2008 12:48:28 -0400 Subject: [RHSA-2008:0224-01] Moderate: thunderbird security update Message-ID: <200804301648.m3UGmSfj030880@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2008:0224-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0224.html Issue date: 2008-04-30 CVE Names: CVE-2008-1380 ===================================================================== 1. Summary: Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 440518 - CVE-2008-1380 Firefox JavaScript garbage collection crash 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-11.el4.src.rpm i386: thunderbird-1.5.0.12-11.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-11.el4.i386.rpm ia64: thunderbird-1.5.0.12-11.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-11.el4.ia64.rpm ppc: thunderbird-1.5.0.12-11.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-11.el4.ppc.rpm s390: thunderbird-1.5.0.12-11.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-11.el4.s390.rpm s390x: thunderbird-1.5.0.12-11.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-11.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-11.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-11.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-11.el4.src.rpm i386: thunderbird-1.5.0.12-11.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-11.el4.i386.rpm x86_64: thunderbird-1.5.0.12-11.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-11.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-11.el4.src.rpm i386: thunderbird-1.5.0.12-11.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-11.el4.i386.rpm ia64: thunderbird-1.5.0.12-11.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-11.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-11.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-11.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-11.el4.src.rpm i386: thunderbird-1.5.0.12-11.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-11.el4.i386.rpm ia64: thunderbird-1.5.0.12-11.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-11.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-11.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-11.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-1.5.0.12-12.el5_1.src.rpm i386: thunderbird-1.5.0.12-12.el5_1.i386.rpm thunderbird-debuginfo-1.5.0.12-12.el5_1.i386.rpm x86_64: thunderbird-1.5.0.12-12.el5_1.x86_64.rpm thunderbird-debuginfo-1.5.0.12-12.el5_1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-1.5.0.12-12.el5_1.src.rpm i386: thunderbird-1.5.0.12-12.el5_1.i386.rpm thunderbird-debuginfo-1.5.0.12-12.el5_1.i386.rpm x86_64: thunderbird-1.5.0.12-12.el5_1.x86_64.rpm thunderbird-debuginfo-1.5.0.12-12.el5_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIGKLHXlSAg2UNWIIRAiB6AKC3wktWvXMEOR0dLjpXTAOOwmBz1ACbBhaK riC9xpEQM/+6sksZXGy/1qE= =JXiO -----END PGP SIGNATURE-----