From bugzilla at redhat.com Mon Aug 4 18:12:49 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Aug 2008 14:12:49 -0400 Subject: [RHSA-2008:0612-01] Important: kernel security and bug fix update Message-ID: <200808041812.m74ICn4M032083@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0612-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0612.html Issue date: 2008-08-04 CVE Names: CVE-2008-2136 CVE-2008-1294 CVE-2008-2812 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs: * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to "/dev/ttyS1" to hang. * a 50-75% drop in NFS server rewrite performance, compared to Red Hat Enterprise Linux 4.6, has been resolved. * due a bug in the fast userspace mutex code, while one thread fetched a pointer, another thread may have removed it, causing the first thread to fetch the wrong pointer, possibly causing a system crash. * on certain Hitachi hardware, removing the "uhci_hcd" module caused a kernel oops, and the following error: BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr() Even after the "uhci_hcd" module was reloaded, there was no access to USB devices. As well, on systems that have legacy interrupts, "acpi_unregister_gsi" incorrectly called "iosapci_unregister_intr()", causing warning messages to be logged. * when a page was mapped with mmap(), and "PROT_WRITE" was the only "prot" argument, the first read of that page caused a segmentation fault. If the page was read after it was written to, no fault occurred. This was incompatible with the Red Hat Enterprise Linux 4 behavior. * due to a NULL pointer dereference in powernowk8_init(), a panic may have occurred. * certain error conditions handled by the bonding sysfs interface could have left rtnl_lock() unbalanced, either by locking and returning without unlocking, or by unlocking when it did not lock, possibly causing a "kernel: RTNL: assertion failed at net/core/fib_rules.c" error. * the kernel currently expects a maximum of six Machine Check Exception (MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which may have caused the MCE to be incorrectly reported. * a race condition in UNIX domain sockets may have caused recv() to return zero. For clusters, this may have caused unexpected failovers. * msgrcv() frequently returned an incorrect "ERESTARTNOHAND (514)" error number. * on certain Intel Itanium-based systems, when kdump was configured to halt the system after a dump operation, after the "System halted." output, the kernel continued to output endless "soft lockup" messages. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 437114 - CVE-2008-1294 kernel: setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children 437121 - CVE-2008-1294 kernel: setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children [rhel-5.2.z] 443071 - [Stratus 5.2.z][1/2] ttyS1 lost interrupt and it stops transmitting [rhel-5.2.z] 446031 - CVE-2008-2136 kernel: sit memory leak 446038 - CVE-2008-2136 kernel: sit: exploitable remote memory leak [rhel-5.2.z] 448685 - 50-75 % drop in nfs-server rewrite performance compared to rhel 4.6+ [rhel-5.2.z] 450336 - Kernel crash on futex [rhel-5.2.z] 450337 - [RHEL5] BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregiste 450758 - mmap() with PROT_WRITE on RHEL5 incompatible with RHEL4. 450866 - RHEL 5.3 NULL pointer dereferenced in powernowk8_init 451939 - bonding driver can leave rtnl_lock unbalanced 451941 - RHEL 5.3 extend MCE banks support for Dunnington, Nehalem, and beyond 452231 - [RHEL5.1] In unix domain sockets, recv() may incorrectly return zero 452482 - CVE-2008-2826 kernel: sctp: sctp_getsockopt_local_addrs_old() potential overflow [rhel-5.2.z] 453419 - CVE-2008-2812 kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code 453425 - CVE-2008-2812 kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code [rhel-5.2.z] 454566 - kernel: randomize udp port allocation 454571 - kernel: randomize udp port allocation [rhel-5.2.z] 455256 - [Stratus 5.2.z][2/2] ttyS1 lost interrupt and it stops transmitting 455278 - The msgrcv() syscall fails with error number 514 (ERESTARTNOHAND). 456117 - [REG][5.3] Soft lockup is detected 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.10.el5.src.rpm i386: kernel-2.6.18-92.1.10.el5.i686.rpm kernel-PAE-2.6.18-92.1.10.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.10.el5.i686.rpm kernel-debug-2.6.18-92.1.10.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.10.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.10.el5.i686.rpm kernel-devel-2.6.18-92.1.10.el5.i686.rpm kernel-headers-2.6.18-92.1.10.el5.i386.rpm kernel-xen-2.6.18-92.1.10.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.10.el5.i686.rpm noarch: kernel-doc-2.6.18-92.1.10.el5.noarch.rpm x86_64: kernel-2.6.18-92.1.10.el5.x86_64.rpm kernel-debug-2.6.18-92.1.10.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.10.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.10.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.10.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.10.el5.x86_64.rpm kernel-devel-2.6.18-92.1.10.el5.x86_64.rpm kernel-headers-2.6.18-92.1.10.el5.x86_64.rpm kernel-xen-2.6.18-92.1.10.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.10.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.10.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.10.el5.src.rpm i386: kernel-2.6.18-92.1.10.el5.i686.rpm kernel-PAE-2.6.18-92.1.10.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.10.el5.i686.rpm kernel-debug-2.6.18-92.1.10.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.10.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.10.el5.i686.rpm kernel-devel-2.6.18-92.1.10.el5.i686.rpm kernel-headers-2.6.18-92.1.10.el5.i386.rpm kernel-xen-2.6.18-92.1.10.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.10.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.10.el5.i686.rpm ia64: kernel-2.6.18-92.1.10.el5.ia64.rpm kernel-debug-2.6.18-92.1.10.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.10.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.10.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.10.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.10.el5.ia64.rpm kernel-devel-2.6.18-92.1.10.el5.ia64.rpm kernel-headers-2.6.18-92.1.10.el5.ia64.rpm kernel-xen-2.6.18-92.1.10.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.10.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.10.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.10.el5.noarch.rpm ppc: kernel-2.6.18-92.1.10.el5.ppc64.rpm kernel-debug-2.6.18-92.1.10.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.10.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.10.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.10.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.10.el5.ppc64.rpm kernel-devel-2.6.18-92.1.10.el5.ppc64.rpm kernel-headers-2.6.18-92.1.10.el5.ppc.rpm kernel-headers-2.6.18-92.1.10.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.10.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.10.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.10.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.10.el5.s390x.rpm kernel-debug-2.6.18-92.1.10.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.10.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.10.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.10.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.10.el5.s390x.rpm kernel-devel-2.6.18-92.1.10.el5.s390x.rpm kernel-headers-2.6.18-92.1.10.el5.s390x.rpm kernel-kdump-2.6.18-92.1.10.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.10.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.10.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.10.el5.x86_64.rpm kernel-debug-2.6.18-92.1.10.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.10.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.10.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.10.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.10.el5.x86_64.rpm kernel-devel-2.6.18-92.1.10.el5.x86_64.rpm kernel-headers-2.6.18-92.1.10.el5.x86_64.rpm kernel-xen-2.6.18-92.1.10.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.10.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.10.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2812 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIl0acXlSAg2UNWIIRAmx7AJ9EqbxKVtyHNB6hgSwnNPJtlN/2TACeOrhL s93hx8mgC+E8SOSj99TwQKM= =hgzc -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 11 17:03:31 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Aug 2008 13:03:31 -0400 Subject: [RHSA-2008:0789-01] Moderate: dnsmasq security update Message-ID: <200808111703.m7BH3VQa026667@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security update Advisory ID: RHSA-2008:0789-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0789.html Issue date: 2008-08-11 CVE Names: CVE-2008-1447 ===================================================================== 1. Summary: An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 449345 - CVE-2008-1447 implement source UDP port randomization (CERT VU#800113) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dnsmasq-2.45-1.el5_2.1.src.rpm i386: dnsmasq-2.45-1.el5_2.1.i386.rpm dnsmasq-debuginfo-2.45-1.el5_2.1.i386.rpm x86_64: dnsmasq-2.45-1.el5_2.1.x86_64.rpm dnsmasq-debuginfo-2.45-1.el5_2.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dnsmasq-2.45-1.el5_2.1.src.rpm i386: dnsmasq-2.45-1.el5_2.1.i386.rpm dnsmasq-debuginfo-2.45-1.el5_2.1.i386.rpm ia64: dnsmasq-2.45-1.el5_2.1.ia64.rpm dnsmasq-debuginfo-2.45-1.el5_2.1.ia64.rpm ppc: dnsmasq-2.45-1.el5_2.1.ppc.rpm dnsmasq-debuginfo-2.45-1.el5_2.1.ppc.rpm s390x: dnsmasq-2.45-1.el5_2.1.s390x.rpm dnsmasq-debuginfo-2.45-1.el5_2.1.s390x.rpm x86_64: dnsmasq-2.45-1.el5_2.1.x86_64.rpm dnsmasq-debuginfo-2.45-1.el5_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://www.redhat.com/security/updates/classification/#moderate http://www.thekelleys.org.uk/dnsmasq/CHANGELOG 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIoHCZXlSAg2UNWIIRAus2AJ9jMmf+E9RFFrC5FfXhCdEpJpxRaQCeIHu3 eLCw8SUQ204PyZI8K02NTEk= =p1Ic -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 11 17:50:37 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Aug 2008 13:50:37 -0400 Subject: [RHSA-2008:0814-01] Moderate: condor security and bug fix update Message-ID: <200808111750.m7BHob7a001993@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: condor security and bug fix update Advisory ID: RHSA-2008:0814-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0814.html Issue date: 2008-08-11 CVE Names: CVE-2008-3424 ===================================================================== 1. Summary: Updated condor packages that fix a security issue and several bugs are now available for Red Hat Enterprise MRG. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: MRG Grid for RHEL 5 Server - i386, x86_64 3. Description: Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs, even when such access should have been denied. (CVE-2008-3424) Bug fixes: * the /etc/condor/condor_config file started with "What machine is your central manager?". The following line was blank, instead of having the "CONDOR_HOST" option, causing confusion. The "What machine..." text is now removed. * condor_config.local defined "LOCK = /tmp/[lock file]". This is no longer explicitly defined; however, lock files may be in "/tmp/", and could be removed by tmpwatch. A "LOCK_FILE_UPDATE_INTERVAL" option, which defaults to eight hours, has been added. This updates the timestamps on lock files, preventing them from being removed by tools such as tmpwatch. * when a "SCHEDD_NAME" name in condor_config ended with an "@", the system's hostname was appended. For example, if "SCHEDD_NAME = test@" was configured, "condor_q -name test@" failed with an "Collector has no record of schedd/submitter" error. Now, the hostname is not appended when a name ends with an "@". In High Availability (HA) Schedd deployments, this allows a name to be shared by multiple Schedds. * when too few arguments were passed to "condor_qedit", such as "condor_qedit -constraint TRUE", a segfault occurred. Better argument handling has been added to resolve this. * due to missing common_createddl.sql and pgsql_createddl.sql files, it was not possible to use Quill. Now, these files are included in "/usr/share/condor/sql/". * "condor_submit -dump ad [file-name]" caused a segfault if the [file-name] job contained "universe = grid". * previously, a condor user and group were created if they did not exist, without specifying a specific UID and GID. Now, UID and GID 64 are used. The effect of this change is non-existent if upgrading the condor packages. If an existing condor user and group are manually changed, problems with file ownership will occur. Configuration changes (from the Condor release notes - see link below): * a new CKPT_SERVER_CHECK_PARENT_INTERVAL variable sets the time interval between a checkpoint server checking if its parent is running. If the parent server has died, the checkpoint server is shut down. * a new CKPT_PROBE variable to define an executable for the helper process Condor uses for information about the CheckpointPlatform attribute. * STARTER_UPLOAD_TIMEOUT now defaults to 300 seconds. * new variables (booleans) PREEMPTION_REQUIREMENTS_STABLE and PREEMPTION_RANK_STABLE, configure whether attributes used in PREEMPTION_REQUIREMENTS and PREEMPTION_RANK change during negotiation cycles. * a new GRIDMANAGER_MAX_WS_DESTROYS_PER_RESOURCE variable, with a default value of 5, defines the number of simultaneous WS destroy commands that can be sent to a server for type gt4 grid universe jobs. * now, VALID_SPOOL_FILES automatically includes the "SCHEDD.lock" lock file for condor_schedd HA failover. * the default value for SEC_DEFAULT_SESSION_DURATION has been changed from 8640000 seconds (100 days) to 86400 seconds (one day). Important: these updated packages upgrade Condor to version 7.0.4. For a full list of changes, refer to the Condor release notes: www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html condor users should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 447830 - /etc/condor/condor_config file missing CONDOR_HOST = option 449043 - condor_config.local sets up LOCK in /tmp 452512 - SCHEDD_NAME always appends @$(FULL_HOSTNAME) 452515 - condor_qedit segfault with too few arguments 455338 - Necessary Quill setup files? 456080 - Red Hat RPMs should identify their buildid, differentiate from UW's builds 456478 - condor_submit -dump segfaults when universe = grid 457141 - Rebase on Condor 7.0.4 457372 - CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists 458157 - Add newly assigned UID/GID for condor to product 6. Package List: MRG Grid for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.0.4-4.el5.src.rpm i386: condor-7.0.4-4.el5.i386.rpm condor-debuginfo-7.0.4-4.el5.i386.rpm condor-static-7.0.4-4.el5.i386.rpm condor-test-7.0.4-4.el5.i386.rpm x86_64: condor-7.0.4-4.el5.x86_64.rpm condor-debuginfo-7.0.4-4.el5.x86_64.rpm condor-static-7.0.4-4.el5.x86_64.rpm condor-test-7.0.4-4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIoHt2XlSAg2UNWIIRAqp3AJ4j4V/E1WktkqBJXTFz08HwpgP5GgCgqZZW quNQO5n62XBjUhTJowt4Rv4= =jMrF -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 11 17:55:34 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Aug 2008 13:55:34 -0400 Subject: [RHSA-2008:0816-01] Moderate: condor security and bug fix update Message-ID: <200808111755.m7BHtbUf002765@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: condor security and bug fix update Advisory ID: RHSA-2008:0816-01 Product: Red Hat Enterprise MRG for RHEL-4 Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0816.html Issue date: 2008-08-11 CVE Names: CVE-2008-3424 ===================================================================== 1. Summary: Updated condor packages that fix a security issue and several bugs are now available for Red Hat Enterprise MRG. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat MRG Grid for RHEL-4 AS - i386, x86_64 Red Hat MRG Grid for RHEL-4 ES - i386, x86_64 3. Description: Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs, even when such access should have been denied. (CVE-2008-3424) Bug fixes: * the /etc/condor/condor_config file started with "What machine is your central manager?". The following line was blank, instead of having the "CONDOR_HOST" option, causing confusion. The "What machine..." text is now removed. * condor_config.local defined "LOCK = /tmp/[lock file]". This is no longer explicitly defined; however, lock files may be in "/tmp/", and could be removed by tmpwatch. A "LOCK_FILE_UPDATE_INTERVAL" option, which defaults to eight hours, has been added. This updates the timestamps on lock files, preventing them from being removed by tools such as tmpwatch. * when a "SCHEDD_NAME" name in condor_config ended with an "@", the system's hostname was appended. For example, if "SCHEDD_NAME = test@" was configured, "condor_q -name test@" failed with an "Collector has no record of schedd/submitter" error. Now, the hostname is not appended when a name ends with an "@". In High Availability (HA) Schedd deployments, this allows a name to be shared by multiple Schedds. * when too few arguments were passed to "condor_qedit", such as "condor_qedit -constraint TRUE", a segfault occurred. Better argument handling has been added to resolve this. * due to missing common_createddl.sql and pgsql_createddl.sql files, it was not possible to use Quill. Now, these files are included in "/usr/share/condor/sql/". * "condor_submit -dump ad [file-name]" caused a segfault if the [file-name] job contained "universe = grid". * previously, a condor user and group were created if they did not exist, without specifying a specific UID and GID. Now, UID and GID 64 are used. The effect of this change is non-existent if upgrading the condor packages. If an existing condor user and group are manually changed, problems with file ownership will occur. Configuration changes (from the Condor release notes - see link below): * a new CKPT_SERVER_CHECK_PARENT_INTERVAL variable sets the time interval between a checkpoint server checking if its parent is running. If the parent server has died, the checkpoint server is shut down. * a new CKPT_PROBE variable to define an executable for the helper process Condor uses for information about the CheckpointPlatform attribute. * STARTER_UPLOAD_TIMEOUT now defaults to 300 seconds. * new variables (booleans) PREEMPTION_REQUIREMENTS_STABLE and PREEMPTION_RANK_STABLE, configure whether attributes used in PREEMPTION_REQUIREMENTS and PREEMPTION_RANK change during negotiation cycles. * a new GRIDMANAGER_MAX_WS_DESTROYS_PER_RESOURCE variable, with a default value of 5, defines the number of simultaneous WS destroy commands that can be sent to a server for type gt4 grid universe jobs. * now, VALID_SPOOL_FILES automatically includes the "SCHEDD.lock" lock file for condor_schedd HA failover. * the default value for SEC_DEFAULT_SESSION_DURATION has been changed from 8640000 seconds (100 days) to 86400 seconds (one day). Important: these updated packages upgrade Condor to version 7.0.4. For a full list of changes, refer to the Condor release notes: www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html condor users should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 457265 - Rebase on Condor 7.0.4 457266 - condor_submit -dump segfaults when universe = grid 457267 - Red Hat RPMs should identify their buildid, differentiate from UW's builds 457268 - Necessary Quill setup files? 457269 - condor_qedit segfault with too few arguments 457270 - SCHEDD_NAME always appends @$(FULL_HOSTNAME) 457271 - condor_config.local sets up LOCK in /tmp 457272 - /etc/condor/condor_config file missing CONDOR_HOST = option 457372 - CVE-2008-3424 condor: incorrect handling of wild cards in authorization lists 458069 - Add newly assigned UID/GID for condor to product 6. Package List: Red Hat MRG Grid for RHEL-4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/condor-7.0.4-4.el4.src.rpm i386: condor-7.0.4-4.el4.i386.rpm condor-debuginfo-7.0.4-4.el4.i386.rpm condor-static-7.0.4-4.el4.i386.rpm condor-test-7.0.4-4.el4.i386.rpm x86_64: condor-7.0.4-4.el4.x86_64.rpm condor-debuginfo-7.0.4-4.el4.x86_64.rpm condor-static-7.0.4-4.el4.x86_64.rpm condor-test-7.0.4-4.el4.x86_64.rpm Red Hat MRG Grid for RHEL-4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/condor-7.0.4-4.el4.src.rpm i386: condor-7.0.4-4.el4.i386.rpm condor-debuginfo-7.0.4-4.el4.i386.rpm condor-static-7.0.4-4.el4.i386.rpm condor-test-7.0.4-4.el4.i386.rpm x86_64: condor-7.0.4-4.el4.x86_64.rpm condor-debuginfo-7.0.4-4.el4.x86_64.rpm condor-static-7.0.4-4.el4.x86_64.rpm condor-test-7.0.4-4.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIoH0LXlSAg2UNWIIRAqtfAKCFx1dfxoxCvtl0lqLciN84KKDmCgCeKINd ZLZ4OZWqrHEI1YjkjWLnVZM= =qa+O -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 12 20:33:21 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Aug 2008 16:33:21 -0400 Subject: [RHSA-2008:0818-02] Moderate: hplip security update Message-ID: <200808122033.m7CKXLre017827@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: hplip security update Advisory ID: RHSA-2008:0818-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0818.html Issue date: 2008-08-12 CVE Names: CVE-2008-2940 CVE-2008-2941 ===================================================================== 1. Summary: Updated hplip packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide drivers for Hewlett-Packard printers and multifunction peripherals. A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. (CVE-2008-2940) A flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a denial of service, stopping the hpssd process. (CVE-2008-2941) Users of hplip should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 455235 - CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail 457052 - CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hplip-1.6.7-4.1.el5_2.4.src.rpm i386: hpijs-1.6.7-4.1.el5_2.4.i386.rpm hplip-1.6.7-4.1.el5_2.4.i386.rpm hplip-debuginfo-1.6.7-4.1.el5_2.4.i386.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.i386.rpm x86_64: hpijs-1.6.7-4.1.el5_2.4.x86_64.rpm hplip-1.6.7-4.1.el5_2.4.x86_64.rpm hplip-debuginfo-1.6.7-4.1.el5_2.4.x86_64.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hplip-1.6.7-4.1.el5_2.4.src.rpm i386: hpijs-1.6.7-4.1.el5_2.4.i386.rpm hplip-1.6.7-4.1.el5_2.4.i386.rpm hplip-debuginfo-1.6.7-4.1.el5_2.4.i386.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.i386.rpm ia64: hpijs-1.6.7-4.1.el5_2.4.ia64.rpm hplip-1.6.7-4.1.el5_2.4.ia64.rpm hplip-debuginfo-1.6.7-4.1.el5_2.4.ia64.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.ia64.rpm ppc: hpijs-1.6.7-4.1.el5_2.4.ppc.rpm hplip-1.6.7-4.1.el5_2.4.ppc.rpm hplip-debuginfo-1.6.7-4.1.el5_2.4.ppc.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.ppc.rpm x86_64: hpijs-1.6.7-4.1.el5_2.4.x86_64.rpm hplip-1.6.7-4.1.el5_2.4.x86_64.rpm hplip-debuginfo-1.6.7-4.1.el5_2.4.x86_64.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIofOQXlSAg2UNWIIRAqXKAJ4iigauXU0ZjPYqPCqADyWPTSvTZACeMaZR 8jPq/RtcvqiyLAFJV1UgCVY= =1TTR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 14 13:14:54 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Aug 2008 09:14:54 -0400 Subject: [RHSA-2008:0815-01] Moderate: yum-rhn-plugin security update Message-ID: <200808141314.m7EDEsX9029310@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: yum-rhn-plugin security update Advisory ID: RHSA-2008:0815-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0815.html Issue date: 2008-08-14 CVE Names: CVE-2008-3270 ===================================================================== 1. Summary: Updated yum-rhn-plugin packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - noarch Red Hat Enterprise Linux (v. 5 server) - noarch 3. Description: The yum-rhn-plugin provides support for yum to securely access a Red Hat Network (RHN) server for software updates. It was discovered that yum-rhn-plugin did not verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates. (CVE-2008-3270) This flaw did not allow an attacker to install malicious packages. Package signatures were verified and only packages signed with a trusted Red Hat GPG key were installed. Red Hat would like to thank Justin Samuel for discussing various package update mechanism flaws which led to our discovery of this issue. Users of yum-rhn-plugin are advised to upgrade to this updated packages, which resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 457113 - CVE-2008-3270 yum-rhn-plugin: does not verify SSL certificate for all communication with RHN server 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yum-rhn-plugin-0.5.3-12.el5_2.9.src.rpm noarch: yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yum-rhn-plugin-0.5.3-12.el5_2.9.src.rpm noarch: yum-rhn-plugin-0.5.3-12.el5_2.9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3270 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIpC+/XlSAg2UNWIIRAoUYAKCGobj2QZPsan8y923FKa6Xj09s6QCguzg5 r9vMKJPOIeTB54ICxsJwrIM= =dy9t -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 14 19:42:44 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Aug 2008 15:42:44 -0400 Subject: [RHSA-2008:0839-01] Moderate: postfix security update Message-ID: <200808141942.m7EJgiKO031827@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postfix security update Advisory ID: RHSA-2008:0839-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0839.html Issue date: 2008-08-14 CVE Names: CVE-2008-2936 ===================================================================== 1. Summary: Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. (CVE-2008-2936) Red Hat would like to thank Sebastian Krahmer for responsibly disclosing this issue. All users of postfix should upgrade to these updated packages, which contain a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 456314 - CVE-2008-2936 postfix privilege escalation flaw 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/postfix-2.0.16-14.1.RHEL3.src.rpm i386: postfix-2.0.16-14.1.RHEL3.i386.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.i386.rpm ia64: postfix-2.0.16-14.1.RHEL3.ia64.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.ia64.rpm ppc: postfix-2.0.16-14.1.RHEL3.ppc.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.ppc.rpm s390: postfix-2.0.16-14.1.RHEL3.s390.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.s390.rpm s390x: postfix-2.0.16-14.1.RHEL3.s390x.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.s390x.rpm x86_64: postfix-2.0.16-14.1.RHEL3.x86_64.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/postfix-2.0.16-14.1.RHEL3.src.rpm i386: postfix-2.0.16-14.1.RHEL3.i386.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.i386.rpm x86_64: postfix-2.0.16-14.1.RHEL3.x86_64.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/postfix-2.0.16-14.1.RHEL3.src.rpm i386: postfix-2.0.16-14.1.RHEL3.i386.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.i386.rpm ia64: postfix-2.0.16-14.1.RHEL3.ia64.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.ia64.rpm x86_64: postfix-2.0.16-14.1.RHEL3.x86_64.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/postfix-2.0.16-14.1.RHEL3.src.rpm i386: postfix-2.0.16-14.1.RHEL3.i386.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.i386.rpm ia64: postfix-2.0.16-14.1.RHEL3.ia64.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.ia64.rpm x86_64: postfix-2.0.16-14.1.RHEL3.x86_64.rpm postfix-debuginfo-2.0.16-14.1.RHEL3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postfix-2.2.10-1.2.1.el4_7.src.rpm i386: postfix-2.2.10-1.2.1.el4_7.i386.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.i386.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm ia64: postfix-2.2.10-1.2.1.el4_7.ia64.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.ia64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm ppc: postfix-2.2.10-1.2.1.el4_7.ppc.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.ppc.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.ppc.rpm s390: postfix-2.2.10-1.2.1.el4_7.s390.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.s390.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390.rpm s390x: postfix-2.2.10-1.2.1.el4_7.s390x.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.s390x.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390x.rpm x86_64: postfix-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postfix-2.2.10-1.2.1.el4_7.src.rpm i386: postfix-2.2.10-1.2.1.el4_7.i386.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.i386.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm x86_64: postfix-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postfix-2.2.10-1.2.1.el4_7.src.rpm i386: postfix-2.2.10-1.2.1.el4_7.i386.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.i386.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm ia64: postfix-2.2.10-1.2.1.el4_7.ia64.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.ia64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm x86_64: postfix-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postfix-2.2.10-1.2.1.el4_7.src.rpm i386: postfix-2.2.10-1.2.1.el4_7.i386.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.i386.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm ia64: postfix-2.2.10-1.2.1.el4_7.ia64.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.ia64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm x86_64: postfix-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-debuginfo-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm i386: postfix-2.3.3-2.1.el5_2.i386.rpm postfix-debuginfo-2.3.3-2.1.el5_2.i386.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm x86_64: postfix-2.3.3-2.1.el5_2.x86_64.rpm postfix-debuginfo-2.3.3-2.1.el5_2.x86_64.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm i386: postfix-2.3.3-2.1.el5_2.i386.rpm postfix-debuginfo-2.3.3-2.1.el5_2.i386.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm ia64: postfix-2.3.3-2.1.el5_2.ia64.rpm postfix-debuginfo-2.3.3-2.1.el5_2.ia64.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.ia64.rpm ppc: postfix-2.3.3-2.1.el5_2.ppc.rpm postfix-debuginfo-2.3.3-2.1.el5_2.ppc.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.ppc.rpm s390x: postfix-2.3.3-2.1.el5_2.s390x.rpm postfix-debuginfo-2.3.3-2.1.el5_2.s390x.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.s390x.rpm x86_64: postfix-2.3.3-2.1.el5_2.x86_64.rpm postfix-debuginfo-2.3.3-2.1.el5_2.x86_64.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIpIqhXlSAg2UNWIIRAs70AJwKRjy+3XP/HDBfbozWQZQ9d+6RnQCgv8n6 Uj1O1J2ynPkcwteKIBDCPi4= =fM3b -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 21 17:14:29 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Aug 2008 13:14:29 -0400 Subject: [RHSA-2008:0836-02] Moderate: libxml2 security update Message-ID: <200808211714.m7LHETw9002146@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2008:0836-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0836.html Issue date: 2008-08-21 CVE Names: CVE-2008-3281 ===================================================================== 1. Summary: Updated libxml2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. (CVE-2008-3281) Red Hat would like to thank Andreas Solberg for responsibly disclosing this issue. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458086 - CVE-2008-3281 libxml2 denial of service 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-9.ent.src.rpm i386: libxml2-2.4.19-9.ent.i386.rpm libxml2-devel-2.4.19-9.ent.i386.rpm libxml2-python-2.4.19-9.ent.i386.rpm ia64: libxml2-2.4.19-9.ent.ia64.rpm libxml2-devel-2.4.19-9.ent.ia64.rpm libxml2-python-2.4.19-9.ent.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-9.ent.src.rpm ia64: libxml2-2.4.19-9.ent.ia64.rpm libxml2-devel-2.4.19-9.ent.ia64.rpm libxml2-python-2.4.19-9.ent.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-9.ent.src.rpm i386: libxml2-2.4.19-9.ent.i386.rpm libxml2-devel-2.4.19-9.ent.i386.rpm libxml2-python-2.4.19-9.ent.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-9.ent.src.rpm i386: libxml2-2.4.19-9.ent.i386.rpm libxml2-devel-2.4.19-9.ent.i386.rpm libxml2-python-2.4.19-9.ent.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libxml2-2.5.10-10.src.rpm i386: libxml2-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-devel-2.5.10-10.i386.rpm libxml2-python-2.5.10-10.i386.rpm ia64: libxml2-2.5.10-10.i386.rpm libxml2-2.5.10-10.ia64.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.ia64.rpm libxml2-devel-2.5.10-10.ia64.rpm libxml2-python-2.5.10-10.ia64.rpm ppc: libxml2-2.5.10-10.ppc.rpm libxml2-2.5.10-10.ppc64.rpm libxml2-debuginfo-2.5.10-10.ppc.rpm libxml2-debuginfo-2.5.10-10.ppc64.rpm libxml2-devel-2.5.10-10.ppc.rpm libxml2-python-2.5.10-10.ppc.rpm s390: libxml2-2.5.10-10.s390.rpm libxml2-debuginfo-2.5.10-10.s390.rpm libxml2-devel-2.5.10-10.s390.rpm libxml2-python-2.5.10-10.s390.rpm s390x: libxml2-2.5.10-10.s390.rpm libxml2-2.5.10-10.s390x.rpm libxml2-debuginfo-2.5.10-10.s390.rpm libxml2-debuginfo-2.5.10-10.s390x.rpm libxml2-devel-2.5.10-10.s390x.rpm libxml2-python-2.5.10-10.s390x.rpm x86_64: libxml2-2.5.10-10.i386.rpm libxml2-2.5.10-10.x86_64.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.x86_64.rpm libxml2-devel-2.5.10-10.x86_64.rpm libxml2-python-2.5.10-10.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libxml2-2.5.10-10.src.rpm i386: libxml2-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-devel-2.5.10-10.i386.rpm libxml2-python-2.5.10-10.i386.rpm x86_64: libxml2-2.5.10-10.i386.rpm libxml2-2.5.10-10.x86_64.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.x86_64.rpm libxml2-devel-2.5.10-10.x86_64.rpm libxml2-python-2.5.10-10.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libxml2-2.5.10-10.src.rpm i386: libxml2-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-devel-2.5.10-10.i386.rpm libxml2-python-2.5.10-10.i386.rpm ia64: libxml2-2.5.10-10.i386.rpm libxml2-2.5.10-10.ia64.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.ia64.rpm libxml2-devel-2.5.10-10.ia64.rpm libxml2-python-2.5.10-10.ia64.rpm x86_64: libxml2-2.5.10-10.i386.rpm libxml2-2.5.10-10.x86_64.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.x86_64.rpm libxml2-devel-2.5.10-10.x86_64.rpm libxml2-python-2.5.10-10.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libxml2-2.5.10-10.src.rpm i386: libxml2-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-devel-2.5.10-10.i386.rpm libxml2-python-2.5.10-10.i386.rpm ia64: libxml2-2.5.10-10.i386.rpm libxml2-2.5.10-10.ia64.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.ia64.rpm libxml2-devel-2.5.10-10.ia64.rpm libxml2-python-2.5.10-10.ia64.rpm x86_64: libxml2-2.5.10-10.i386.rpm libxml2-2.5.10-10.x86_64.rpm libxml2-debuginfo-2.5.10-10.i386.rpm libxml2-debuginfo-2.5.10-10.x86_64.rpm libxml2-devel-2.5.10-10.x86_64.rpm libxml2-python-2.5.10-10.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libxml2-2.6.16-12.2.src.rpm i386: libxml2-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-devel-2.6.16-12.2.i386.rpm libxml2-python-2.6.16-12.2.i386.rpm ia64: libxml2-2.6.16-12.2.i386.rpm libxml2-2.6.16-12.2.ia64.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.ia64.rpm libxml2-devel-2.6.16-12.2.ia64.rpm libxml2-python-2.6.16-12.2.ia64.rpm ppc: libxml2-2.6.16-12.2.ppc.rpm libxml2-2.6.16-12.2.ppc64.rpm libxml2-debuginfo-2.6.16-12.2.ppc.rpm libxml2-debuginfo-2.6.16-12.2.ppc64.rpm libxml2-devel-2.6.16-12.2.ppc.rpm libxml2-python-2.6.16-12.2.ppc.rpm s390: libxml2-2.6.16-12.2.s390.rpm libxml2-debuginfo-2.6.16-12.2.s390.rpm libxml2-devel-2.6.16-12.2.s390.rpm libxml2-python-2.6.16-12.2.s390.rpm s390x: libxml2-2.6.16-12.2.s390.rpm libxml2-2.6.16-12.2.s390x.rpm libxml2-debuginfo-2.6.16-12.2.s390.rpm libxml2-debuginfo-2.6.16-12.2.s390x.rpm libxml2-devel-2.6.16-12.2.s390x.rpm libxml2-python-2.6.16-12.2.s390x.rpm x86_64: libxml2-2.6.16-12.2.i386.rpm libxml2-2.6.16-12.2.x86_64.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.x86_64.rpm libxml2-devel-2.6.16-12.2.x86_64.rpm libxml2-python-2.6.16-12.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libxml2-2.6.16-12.2.src.rpm i386: libxml2-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-devel-2.6.16-12.2.i386.rpm libxml2-python-2.6.16-12.2.i386.rpm x86_64: libxml2-2.6.16-12.2.i386.rpm libxml2-2.6.16-12.2.x86_64.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.x86_64.rpm libxml2-devel-2.6.16-12.2.x86_64.rpm libxml2-python-2.6.16-12.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libxml2-2.6.16-12.2.src.rpm i386: libxml2-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-devel-2.6.16-12.2.i386.rpm libxml2-python-2.6.16-12.2.i386.rpm ia64: libxml2-2.6.16-12.2.i386.rpm libxml2-2.6.16-12.2.ia64.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.ia64.rpm libxml2-devel-2.6.16-12.2.ia64.rpm libxml2-python-2.6.16-12.2.ia64.rpm x86_64: libxml2-2.6.16-12.2.i386.rpm libxml2-2.6.16-12.2.x86_64.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.x86_64.rpm libxml2-devel-2.6.16-12.2.x86_64.rpm libxml2-python-2.6.16-12.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libxml2-2.6.16-12.2.src.rpm i386: libxml2-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-devel-2.6.16-12.2.i386.rpm libxml2-python-2.6.16-12.2.i386.rpm ia64: libxml2-2.6.16-12.2.i386.rpm libxml2-2.6.16-12.2.ia64.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.ia64.rpm libxml2-devel-2.6.16-12.2.ia64.rpm libxml2-python-2.6.16-12.2.ia64.rpm x86_64: libxml2-2.6.16-12.2.i386.rpm libxml2-2.6.16-12.2.x86_64.rpm libxml2-debuginfo-2.6.16-12.2.i386.rpm libxml2-debuginfo-2.6.16-12.2.x86_64.rpm libxml2-devel-2.6.16-12.2.x86_64.rpm libxml2-python-2.6.16-12.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.2.3.src.rpm i386: libxml2-2.6.26-2.1.2.3.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.3.i386.rpm libxml2-python-2.6.26-2.1.2.3.i386.rpm x86_64: libxml2-2.6.26-2.1.2.3.i386.rpm libxml2-2.6.26-2.1.2.3.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.2.3.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.3.x86_64.rpm libxml2-python-2.6.26-2.1.2.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.2.3.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.2.3.i386.rpm libxml2-devel-2.6.26-2.1.2.3.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.2.3.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.3.x86_64.rpm libxml2-devel-2.6.26-2.1.2.3.i386.rpm libxml2-devel-2.6.26-2.1.2.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.2.3.src.rpm i386: libxml2-2.6.26-2.1.2.3.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.3.i386.rpm libxml2-devel-2.6.26-2.1.2.3.i386.rpm libxml2-python-2.6.26-2.1.2.3.i386.rpm ia64: libxml2-2.6.26-2.1.2.3.i386.rpm libxml2-2.6.26-2.1.2.3.ia64.rpm libxml2-debuginfo-2.6.26-2.1.2.3.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.3.ia64.rpm libxml2-devel-2.6.26-2.1.2.3.ia64.rpm libxml2-python-2.6.26-2.1.2.3.ia64.rpm ppc: libxml2-2.6.26-2.1.2.3.ppc.rpm libxml2-2.6.26-2.1.2.3.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.2.3.ppc.rpm libxml2-debuginfo-2.6.26-2.1.2.3.ppc64.rpm libxml2-devel-2.6.26-2.1.2.3.ppc.rpm libxml2-devel-2.6.26-2.1.2.3.ppc64.rpm libxml2-python-2.6.26-2.1.2.3.ppc.rpm s390x: libxml2-2.6.26-2.1.2.3.s390.rpm libxml2-2.6.26-2.1.2.3.s390x.rpm libxml2-debuginfo-2.6.26-2.1.2.3.s390.rpm libxml2-debuginfo-2.6.26-2.1.2.3.s390x.rpm libxml2-devel-2.6.26-2.1.2.3.s390.rpm libxml2-devel-2.6.26-2.1.2.3.s390x.rpm libxml2-python-2.6.26-2.1.2.3.s390x.rpm x86_64: libxml2-2.6.26-2.1.2.3.i386.rpm libxml2-2.6.26-2.1.2.3.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.2.3.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.3.x86_64.rpm libxml2-devel-2.6.26-2.1.2.3.i386.rpm libxml2-devel-2.6.26-2.1.2.3.x86_64.rpm libxml2-python-2.6.26-2.1.2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIraIKXlSAg2UNWIIRAvlJAJ0YPjxstlxnrpkBiBPHIw+sWiPs8ACgv6Z8 ZGdKfZLN7ihuc9m7tBbZm8g= =hBs1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 22 12:15:54 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Aug 2008 08:15:54 -0400 Subject: [RHSA-2008:0855-01] Critical: openssh security update Message-ID: <200808221215.m7MCFs6f005212@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: openssh security update Advisory ID: RHSA-2008:0855-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0855.html Issue date: 2008-08-22 CVE Names: CVE-2007-4752 ===================================================================== 1. Summary: Updated openssh packages are now available for Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. While the investigation into the intrusion is on-going, our initial focus was to review and test the distribution channel we use with our customers, Red Hat Network (RHN) and its associated security measures. Based on these efforts, we remain highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk. We are issuing this alert primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers. In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them at http://www.redhat.com/security/data/openssh-blacklist.html To reiterate, our processes and efforts to date indicate that packages obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are not at risk. These packages also fix a low severity flaw in the way ssh handles X11 cookies when creating X11 forwarding connections. When ssh was unable to create untrusted cookie, ssh used a trusted cookie instead, possibly allowing the administrative user of a untrusted remote server, or untrusted application run on the remote server, to gain unintended access to a users local X server. (CVE-2007-4752) 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 280361 - CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm i386: openssh-3.9p1-11.el4_7.i386.rpm openssh-askpass-3.9p1-11.el4_7.i386.rpm openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm openssh-clients-3.9p1-11.el4_7.i386.rpm openssh-debuginfo-3.9p1-11.el4_7.i386.rpm openssh-server-3.9p1-11.el4_7.i386.rpm ia64: openssh-3.9p1-11.el4_7.ia64.rpm openssh-askpass-3.9p1-11.el4_7.ia64.rpm openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm openssh-clients-3.9p1-11.el4_7.ia64.rpm openssh-debuginfo-3.9p1-11.el4_7.ia64.rpm openssh-server-3.9p1-11.el4_7.ia64.rpm ppc: openssh-3.9p1-11.el4_7.ppc.rpm openssh-askpass-3.9p1-11.el4_7.ppc.rpm openssh-askpass-gnome-3.9p1-11.el4_7.ppc.rpm openssh-clients-3.9p1-11.el4_7.ppc.rpm openssh-debuginfo-3.9p1-11.el4_7.ppc.rpm openssh-server-3.9p1-11.el4_7.ppc.rpm s390: openssh-3.9p1-11.el4_7.s390.rpm openssh-askpass-3.9p1-11.el4_7.s390.rpm openssh-askpass-gnome-3.9p1-11.el4_7.s390.rpm openssh-clients-3.9p1-11.el4_7.s390.rpm openssh-debuginfo-3.9p1-11.el4_7.s390.rpm openssh-server-3.9p1-11.el4_7.s390.rpm s390x: openssh-3.9p1-11.el4_7.s390x.rpm openssh-askpass-3.9p1-11.el4_7.s390x.rpm openssh-askpass-gnome-3.9p1-11.el4_7.s390x.rpm openssh-clients-3.9p1-11.el4_7.s390x.rpm openssh-debuginfo-3.9p1-11.el4_7.s390x.rpm openssh-server-3.9p1-11.el4_7.s390x.rpm x86_64: openssh-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm openssh-clients-3.9p1-11.el4_7.x86_64.rpm openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm openssh-server-3.9p1-11.el4_7.x86_64.rpm Red Hat Enterprise Linux AS version 4.5.z: Source: ftp://updates.redhat.com/enterprise/4AS-4.5.z/en/os/SRPMS/openssh-3.9p1-10.RHEL4.20.src.rpm i386: openssh-3.9p1-10.RHEL4.20.i386.rpm openssh-askpass-3.9p1-10.RHEL4.20.i386.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.i386.rpm openssh-clients-3.9p1-10.RHEL4.20.i386.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.i386.rpm openssh-server-3.9p1-10.RHEL4.20.i386.rpm ia64: openssh-3.9p1-10.RHEL4.20.ia64.rpm openssh-askpass-3.9p1-10.RHEL4.20.ia64.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.ia64.rpm openssh-clients-3.9p1-10.RHEL4.20.ia64.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.ia64.rpm openssh-server-3.9p1-10.RHEL4.20.ia64.rpm ppc: openssh-3.9p1-10.RHEL4.20.ppc.rpm openssh-askpass-3.9p1-10.RHEL4.20.ppc.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.ppc.rpm openssh-clients-3.9p1-10.RHEL4.20.ppc.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.ppc.rpm openssh-server-3.9p1-10.RHEL4.20.ppc.rpm s390: openssh-3.9p1-10.RHEL4.20.s390x.rpm openssh-askpass-3.9p1-10.RHEL4.20.s390x.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.s390x.rpm openssh-clients-3.9p1-10.RHEL4.20.s390x.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.s390x.rpm openssh-server-3.9p1-10.RHEL4.20.s390x.rpm s390x: openssh-3.9p1-10.RHEL4.20.s390x.rpm openssh-askpass-3.9p1-10.RHEL4.20.s390x.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.s390x.rpm openssh-clients-3.9p1-10.RHEL4.20.s390x.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.s390x.rpm openssh-server-3.9p1-10.RHEL4.20.s390x.rpm x86_64: openssh-3.9p1-10.RHEL4.20.x86_64.rpm openssh-askpass-3.9p1-10.RHEL4.20.x86_64.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.x86_64.rpm openssh-clients-3.9p1-10.RHEL4.20.x86_64.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.x86_64.rpm openssh-server-3.9p1-10.RHEL4.20.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm i386: openssh-3.9p1-11.el4_7.i386.rpm openssh-askpass-3.9p1-11.el4_7.i386.rpm openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm openssh-clients-3.9p1-11.el4_7.i386.rpm openssh-debuginfo-3.9p1-11.el4_7.i386.rpm openssh-server-3.9p1-11.el4_7.i386.rpm x86_64: openssh-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm openssh-clients-3.9p1-11.el4_7.x86_64.rpm openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm openssh-server-3.9p1-11.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm i386: openssh-3.9p1-11.el4_7.i386.rpm openssh-askpass-3.9p1-11.el4_7.i386.rpm openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm openssh-clients-3.9p1-11.el4_7.i386.rpm openssh-debuginfo-3.9p1-11.el4_7.i386.rpm openssh-server-3.9p1-11.el4_7.i386.rpm ia64: openssh-3.9p1-11.el4_7.ia64.rpm openssh-askpass-3.9p1-11.el4_7.ia64.rpm openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm openssh-clients-3.9p1-11.el4_7.ia64.rpm openssh-debuginfo-3.9p1-11.el4_7.ia64.rpm openssh-server-3.9p1-11.el4_7.ia64.rpm x86_64: openssh-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm openssh-clients-3.9p1-11.el4_7.x86_64.rpm openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm openssh-server-3.9p1-11.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version 4.5.z: Source: ftp://updates.redhat.com/enterprise/4ES-4.5.z/en/os/SRPMS/openssh-3.9p1-10.RHEL4.20.src.rpm i386: openssh-3.9p1-10.RHEL4.20.i386.rpm openssh-askpass-3.9p1-10.RHEL4.20.i386.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.i386.rpm openssh-clients-3.9p1-10.RHEL4.20.i386.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.i386.rpm openssh-server-3.9p1-10.RHEL4.20.i386.rpm ia64: openssh-3.9p1-10.RHEL4.20.ia64.rpm openssh-askpass-3.9p1-10.RHEL4.20.ia64.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.ia64.rpm openssh-clients-3.9p1-10.RHEL4.20.ia64.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.ia64.rpm openssh-server-3.9p1-10.RHEL4.20.ia64.rpm x86_64: openssh-3.9p1-10.RHEL4.20.x86_64.rpm openssh-askpass-3.9p1-10.RHEL4.20.x86_64.rpm openssh-askpass-gnome-3.9p1-10.RHEL4.20.x86_64.rpm openssh-clients-3.9p1-10.RHEL4.20.x86_64.rpm openssh-debuginfo-3.9p1-10.RHEL4.20.x86_64.rpm openssh-server-3.9p1-10.RHEL4.20.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm i386: openssh-3.9p1-11.el4_7.i386.rpm openssh-askpass-3.9p1-11.el4_7.i386.rpm openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm openssh-clients-3.9p1-11.el4_7.i386.rpm openssh-debuginfo-3.9p1-11.el4_7.i386.rpm openssh-server-3.9p1-11.el4_7.i386.rpm ia64: openssh-3.9p1-11.el4_7.ia64.rpm openssh-askpass-3.9p1-11.el4_7.ia64.rpm openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm openssh-clients-3.9p1-11.el4_7.ia64.rpm openssh-debuginfo-3.9p1-11.el4_7.ia64.rpm openssh-server-3.9p1-11.el4_7.ia64.rpm x86_64: openssh-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-3.9p1-11.el4_7.x86_64.rpm openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm openssh-clients-3.9p1-11.el4_7.x86_64.rpm openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm openssh-server-3.9p1-11.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssh-4.3p2-26.el5_2.1.src.rpm i386: openssh-4.3p2-26.el5_2.1.i386.rpm openssh-askpass-4.3p2-26.el5_2.1.i386.rpm openssh-clients-4.3p2-26.el5_2.1.i386.rpm openssh-debuginfo-4.3p2-26.el5_2.1.i386.rpm openssh-server-4.3p2-26.el5_2.1.i386.rpm x86_64: openssh-4.3p2-26.el5_2.1.x86_64.rpm openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm openssh-debuginfo-4.3p2-26.el5_2.1.x86_64.rpm openssh-server-4.3p2-26.el5_2.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssh-4.3p2-26.el5_2.1.src.rpm i386: openssh-4.3p2-26.el5_2.1.i386.rpm openssh-askpass-4.3p2-26.el5_2.1.i386.rpm openssh-clients-4.3p2-26.el5_2.1.i386.rpm openssh-debuginfo-4.3p2-26.el5_2.1.i386.rpm openssh-server-4.3p2-26.el5_2.1.i386.rpm ia64: openssh-4.3p2-26.el5_2.1.ia64.rpm openssh-askpass-4.3p2-26.el5_2.1.ia64.rpm openssh-clients-4.3p2-26.el5_2.1.ia64.rpm openssh-debuginfo-4.3p2-26.el5_2.1.ia64.rpm openssh-server-4.3p2-26.el5_2.1.ia64.rpm ppc: openssh-4.3p2-26.el5_2.1.ppc.rpm openssh-askpass-4.3p2-26.el5_2.1.ppc.rpm openssh-clients-4.3p2-26.el5_2.1.ppc.rpm openssh-debuginfo-4.3p2-26.el5_2.1.ppc.rpm openssh-server-4.3p2-26.el5_2.1.ppc.rpm s390x: openssh-4.3p2-26.el5_2.1.s390x.rpm openssh-askpass-4.3p2-26.el5_2.1.s390x.rpm openssh-clients-4.3p2-26.el5_2.1.s390x.rpm openssh-debuginfo-4.3p2-26.el5_2.1.s390x.rpm openssh-server-4.3p2-26.el5_2.1.s390x.rpm x86_64: openssh-4.3p2-26.el5_2.1.x86_64.rpm openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm openssh-debuginfo-4.3p2-26.el5_2.1.x86_64.rpm openssh-server-4.3p2-26.el5_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 http://www.redhat.com/security/data/openssh-blacklist.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIrq3zXlSAg2UNWIIRAgcPAJwNb6Y/Z/tvgWN37Yi0+44DDXGY2ACeMs33 ugQUQ4k+fg60FO59N2ZuDOY= =2Am+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 26 20:23:56 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Aug 2008 16:23:56 -0400 Subject: [RHSA-2008:0585-01] Important: kernel security and bug fix update Message-ID: <200808262023.m7QKNuHw006115@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0585-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0585.html Issue date: 2008-08-26 CVE Names: CVE-2007-5966 CVE-2007-6282 CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2148 CVE-2008-2372 CVE-2008-2729 CVE-2008-2826 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimer. This could allow a local unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * on 64-bit architectures, the possibility of a timer-expiration value overflow was found in the Linux kernel high-resolution timers functionality, hrtimer. This could allow a local unprivileged user to set up a large interval value, forcing the timer expiry value to become negative, causing a denial of service (kernel hang). (CVE-2007-6712, Important) * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel utimensat system call. File permissions were not checked when UTIME_NOW and UTIME_OMIT combinations were used. This could allow a local unprivileged user to modify file times of arbitrary files, possibly leading to a denial of service. (CVE-2008-2148, Important) * a security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 architectures. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Gabriel Campana discovered a possible integer overflow flaw in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. This deficiency could lead to privilege escalation. (CVE-2008-2826, Important) * a deficiency was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to make a large number of calls to the get_user_pages function, possibly causing a denial of service. (CVE-2008-2372, Low) Also, these updated packages fix the following bugs: * gdb set orig_rax to 0x00000000ffffffff, which is recognized by the upstream kernel as "-1", but not by the Red Hat Enterprise MRG kernel. * if the POSIX timer was programmed to fire immediately, the timer's signal was sometimes not delivered (timer does not fire). * rwlock caused crashes and application hangs. * running oprofile caused system panics. * threads releasing a mutex may have received an EPERM error. * booting the RT kernel with the "nmi_watchdog=2" kernel option caused a kernel panic, and an "Unable to handle kernel paging request" error. * "echo 0 > /sys/devices/system/cpu/cpu1/online" caused crashes. * a crash on a JTC machine. * added a new "FUTEX_WAIT_BITSET" system call, identical to FUTEX_WAIT, that accepts absolute time as a timeout. Red Hat Enterprise MRG 1.0 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 404291 - CVE-2007-6282 IPSec ESP kernel panics 429290 - provide a futex syscall command similiar to FUTEX_WAIT with takes absolute timeout 431430 - CVE-2008-1615 kernel: ptrace: Unprivileged crash on x86_64 %cs corruption 439999 - CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang) 446031 - CVE-2008-2136 kernel: sit memory leak 446060 - kernel: sched_fair.c simplify sched_slice() 446397 - java testcase hangs on 2.6.24.7-52ibmrt2.3 kernel 446777 - pthread_mutex_unlock returns EPERM due to earlier EFAULT from futex lock 449676 - Turning a CPU offline causes panic 451271 - CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception. 452478 - CVE-2008-2826 kernel: sctp: sctp_getsockopt_local_addrs_old() potential overflow 452666 - CVE-2008-2372 kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP 452692 - crash with 2.6.24.7-65.el5rt 452693 - POSIX timer set to fire immediately does not fire 452974 - [24][FOCUS] plist_add/del crash with 2.6.24.7-65ibmrt2.4 kernel 453135 - CVE-2007-5966 Non-root can trigger cpu_idle soft lockup (tickless kernel only) 453677 - nmi_watchdog=2 crashes the RT kernel on boot up 454913 - [Realtime][Kernel] LTP test failure in sched_rr_get_interval02 testcase 455275 - CVE-2008-2148 kernel: fix permission checking in sys_utimensat 455747 - Oops when running oprofile 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG-RHEL5/SRPMS/kernel-rt-2.6.24.7-74.el5rt.src.rpm i386: kernel-rt-2.6.24.7-74.el5rt.i686.rpm kernel-rt-debug-2.6.24.7-74.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.24.7-74.el5rt.i686.rpm kernel-rt-debug-devel-2.6.24.7-74.el5rt.i686.rpm kernel-rt-debuginfo-2.6.24.7-74.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.24.7-74.el5rt.i686.rpm kernel-rt-devel-2.6.24.7-74.el5rt.i686.rpm kernel-rt-trace-2.6.24.7-74.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.24.7-74.el5rt.i686.rpm kernel-rt-trace-devel-2.6.24.7-74.el5rt.i686.rpm kernel-rt-vanilla-2.6.24.7-74.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-74.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.24.7-74.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.24.7-74.el5rt.noarch.rpm x86_64: kernel-rt-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-debug-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-devel-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-trace-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.24.7-74.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2729 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFItGZbXlSAg2UNWIIRAtItAJ9AAQwwAD6x2JcydWHuRx/mUj7rzQCYjy+w gLRpblvLnYaY3nTIDePYRQ== =arLE -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 26 20:24:06 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Aug 2008 16:24:06 -0400 Subject: [RHSA-2008:0849-01] Important: ipsec-tools security update Message-ID: <200808262024.m7QKO6JF006132@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ipsec-tools security update Advisory ID: RHSA-2008:0849-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0849.html Issue date: 2008-08-26 CVE Names: CVE-2008-3651 CVE-2008-3652 ===================================================================== 1. Summary: An updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652) Users of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 456660 - CVE-2008-3651 ipsec-tools: racoon memory leak caused by invalid proposals 458846 - CVE-2008-3652 ipsec-tools: racoon orphaned ph1s memory leak 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm i386: ipsec-tools-0.2.5-0.7.rhel3.5.i386.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.i386.rpm ia64: ipsec-tools-0.2.5-0.7.rhel3.5.ia64.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.ia64.rpm ppc: ipsec-tools-0.2.5-0.7.rhel3.5.ppc.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.ppc.rpm s390: ipsec-tools-0.2.5-0.7.rhel3.5.s390.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.s390.rpm s390x: ipsec-tools-0.2.5-0.7.rhel3.5.s390x.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.s390x.rpm x86_64: ipsec-tools-0.2.5-0.7.rhel3.5.x86_64.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm i386: ipsec-tools-0.2.5-0.7.rhel3.5.i386.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.i386.rpm x86_64: ipsec-tools-0.2.5-0.7.rhel3.5.x86_64.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm i386: ipsec-tools-0.2.5-0.7.rhel3.5.i386.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.i386.rpm ia64: ipsec-tools-0.2.5-0.7.rhel3.5.ia64.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.ia64.rpm x86_64: ipsec-tools-0.2.5-0.7.rhel3.5.x86_64.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm i386: ipsec-tools-0.2.5-0.7.rhel3.5.i386.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.i386.rpm ia64: ipsec-tools-0.2.5-0.7.rhel3.5.ia64.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.ia64.rpm x86_64: ipsec-tools-0.2.5-0.7.rhel3.5.x86_64.rpm ipsec-tools-debuginfo-0.2.5-0.7.rhel3.5.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ipsec-tools-0.3.3-7.el4_7.src.rpm i386: ipsec-tools-0.3.3-7.el4_7.i386.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.i386.rpm ia64: ipsec-tools-0.3.3-7.el4_7.ia64.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.ia64.rpm ppc: ipsec-tools-0.3.3-7.el4_7.ppc.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.ppc.rpm s390: ipsec-tools-0.3.3-7.el4_7.s390.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.s390.rpm s390x: ipsec-tools-0.3.3-7.el4_7.s390x.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.s390x.rpm x86_64: ipsec-tools-0.3.3-7.el4_7.x86_64.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ipsec-tools-0.3.3-7.el4_7.src.rpm i386: ipsec-tools-0.3.3-7.el4_7.i386.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.i386.rpm x86_64: ipsec-tools-0.3.3-7.el4_7.x86_64.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ipsec-tools-0.3.3-7.el4_7.src.rpm i386: ipsec-tools-0.3.3-7.el4_7.i386.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.i386.rpm ia64: ipsec-tools-0.3.3-7.el4_7.ia64.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.ia64.rpm x86_64: ipsec-tools-0.3.3-7.el4_7.x86_64.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ipsec-tools-0.3.3-7.el4_7.src.rpm i386: ipsec-tools-0.3.3-7.el4_7.i386.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.i386.rpm ia64: ipsec-tools-0.3.3-7.el4_7.ia64.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.ia64.rpm x86_64: ipsec-tools-0.3.3-7.el4_7.x86_64.rpm ipsec-tools-debuginfo-0.3.3-7.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ipsec-tools-0.6.5-9.el5_2.3.src.rpm i386: ipsec-tools-0.6.5-9.el5_2.3.i386.rpm ipsec-tools-debuginfo-0.6.5-9.el5_2.3.i386.rpm x86_64: ipsec-tools-0.6.5-9.el5_2.3.x86_64.rpm ipsec-tools-debuginfo-0.6.5-9.el5_2.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ipsec-tools-0.6.5-9.el5_2.3.src.rpm i386: ipsec-tools-0.6.5-9.el5_2.3.i386.rpm ipsec-tools-debuginfo-0.6.5-9.el5_2.3.i386.rpm ia64: ipsec-tools-0.6.5-9.el5_2.3.ia64.rpm ipsec-tools-debuginfo-0.6.5-9.el5_2.3.ia64.rpm ppc: ipsec-tools-0.6.5-9.el5_2.3.ppc.rpm ipsec-tools-debuginfo-0.6.5-9.el5_2.3.ppc.rpm s390x: ipsec-tools-0.6.5-9.el5_2.3.s390x.rpm ipsec-tools-debuginfo-0.6.5-9.el5_2.3.s390x.rpm x86_64: ipsec-tools-0.6.5-9.el5_2.3.x86_64.rpm ipsec-tools-debuginfo-0.6.5-9.el5_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFItGZkXlSAg2UNWIIRAi39AKDBxecf2zpIO0/xMtGI8yc8z+/7awCgq4Fp fMvAUZ+2Ou3OR9sJYlYWndA= =BlhE -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 27 17:21:44 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Aug 2008 13:21:44 -0400 Subject: [RHSA-2008:0648-01] Important: tomcat security update Message-ID: <200808271721.m7RHLiYm028403@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2008:0648-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0648.html Issue date: 2008-08-27 Keywords: Security CVE Names: CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2008-2938 ===================================================================== 1. Summary: Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially-crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the "allowLinking" and "URIencoding" settings were activated. A remote attacker could use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. (CVE-2008-2938) Users of tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 446393 - CVE-2008-1947 Tomcat host manager xss - name field 456120 - CVE-2008-2938 tomcat Unicode directory traversal vulnerability 457597 - CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call 457934 - CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.7.el5_2.1.src.rpm i386: tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.i386.rpm x86_64: tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.7.el5_2.1.src.rpm i386: tomcat5-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm x86_64: tomcat5-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.7.el5_2.1.src.rpm i386: tomcat5-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm ia64: tomcat5-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm ppc: tomcat5-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-5.5.23-0jpp.7.el5_2.1.ppc64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.ppc64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm s390x: tomcat5-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm x86_64: tomcat5-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFItY0XXlSAg2UNWIIRAsSyAJ48dqQxUH0GHlky6fngKEum1bOsLgCePfGn NC97TH95NkvQIDksXgx3M9o= =7xae -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 27 17:22:00 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Aug 2008 13:22:00 -0400 Subject: [RHSA-2008:0835-01] Important: openoffice.org security update Message-ID: <200808271722.m7RHM1AE028511@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2008:0835-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0835.html Issue date: 2008-08-27 CVE Names: CVE-2008-3282 ===================================================================== 1. Summary: Updated openoffice.org packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. A numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary code. (CVE-2008-3282) All users of openoffice.org are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458056 - CVE-2008-3282 openoffice.org: numeric truncation error in memory allocator (64bit) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.3.0-6.5.2.el5_2.src.rpm i386: openoffice.org-base-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-calc-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-core-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-debuginfo-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-draw-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-emailmerge-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-graphicfilter-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-headless-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-impress-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-javafilter-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ar-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-bn-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-de-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-es-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-fr-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-it-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nl-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ru-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sv-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ur-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-math-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-pyuno-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-testtools-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-writer-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-xsltfilter-2.3.0-6.5.2.el5_2.i386.rpm x86_64: openoffice.org-base-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-calc-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-core-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-debuginfo-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-draw-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-emailmerge-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-graphicfilter-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-headless-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-impress-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-javafilter-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ar-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-bn-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-de-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-es-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-fr-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-it-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nl-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ru-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sv-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ur-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-math-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-pyuno-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-testtools-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-writer-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-xsltfilter-2.3.0-6.5.2.el5_2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.3.0-6.5.2.el5_2.src.rpm i386: openoffice.org-debuginfo-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-sdk-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-sdk-doc-2.3.0-6.5.2.el5_2.i386.rpm x86_64: openoffice.org-debuginfo-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-sdk-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-sdk-doc-2.3.0-6.5.2.el5_2.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-2.3.0-6.5.2.el5_2.src.rpm i386: openoffice.org-base-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-calc-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-core-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-debuginfo-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-draw-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-emailmerge-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-graphicfilter-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-impress-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-javafilter-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ar-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-bn-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-de-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-es-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-fr-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-it-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nl-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ru-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-sv-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ur-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-math-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-pyuno-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-sdk-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-sdk-doc-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-testtools-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-writer-2.3.0-6.5.2.el5_2.i386.rpm openoffice.org-xsltfilter-2.3.0-6.5.2.el5_2.i386.rpm x86_64: openoffice.org-base-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-calc-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-core-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-debuginfo-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-draw-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-emailmerge-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-graphicfilter-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-impress-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-javafilter-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ar-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-bn-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-de-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-es-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-fr-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-it-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nl-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ru-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-sv-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ur-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-math-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-pyuno-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-sdk-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-sdk-doc-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-testtools-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-writer-2.3.0-6.5.2.el5_2.x86_64.rpm openoffice.org-xsltfilter-2.3.0-6.5.2.el5_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFItY0uXlSAg2UNWIIRAgWdAKC9FsMYuCAn5kV1iA4mRXujJB7EmACWMixg 5Ei0vPCWteRAlU4LE4QFtA== =acq4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 28 22:14:53 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Aug 2008 18:14:53 -0400 Subject: [RHSA-2008:0847-01] Important: libtiff security and bug fix update Message-ID: <200808282214.m7SMErW0011663@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security and bug fix update Advisory ID: RHSA-2008:0847-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0847.html Issue date: 2008-08-28 CVE Names: CVE-2008-2327 ===================================================================== 1. Summary: Updated libtiff packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Additionally, these updated packages fix the following bug: * the libtiff packages included manual pages for the sgi2tiff and tiffsv commands, which are not included in these packages. These extraneous manual pages were removed. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458674 - CVE-2008-2327 libtiff: use of uninitialized memory in LZW decoder 460120 - [RHEL5] libtiff has unnecessary man pages. 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_2.2.src.rpm i386: libtiff-3.8.2-7.el5_2.2.i386.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.i386.rpm x86_64: libtiff-3.8.2-7.el5_2.2.i386.rpm libtiff-3.8.2-7.el5_2.2.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.i386.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_2.2.src.rpm i386: libtiff-debuginfo-3.8.2-7.el5_2.2.i386.rpm libtiff-devel-3.8.2-7.el5_2.2.i386.rpm x86_64: libtiff-debuginfo-3.8.2-7.el5_2.2.i386.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.x86_64.rpm libtiff-devel-3.8.2-7.el5_2.2.i386.rpm libtiff-devel-3.8.2-7.el5_2.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtiff-3.8.2-7.el5_2.2.src.rpm i386: libtiff-3.8.2-7.el5_2.2.i386.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.i386.rpm libtiff-devel-3.8.2-7.el5_2.2.i386.rpm ia64: libtiff-3.8.2-7.el5_2.2.i386.rpm libtiff-3.8.2-7.el5_2.2.ia64.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.i386.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.ia64.rpm libtiff-devel-3.8.2-7.el5_2.2.ia64.rpm ppc: libtiff-3.8.2-7.el5_2.2.ppc.rpm libtiff-3.8.2-7.el5_2.2.ppc64.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.ppc.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.ppc64.rpm libtiff-devel-3.8.2-7.el5_2.2.ppc.rpm libtiff-devel-3.8.2-7.el5_2.2.ppc64.rpm s390x: libtiff-3.8.2-7.el5_2.2.s390.rpm libtiff-3.8.2-7.el5_2.2.s390x.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.s390.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.s390x.rpm libtiff-devel-3.8.2-7.el5_2.2.s390.rpm libtiff-devel-3.8.2-7.el5_2.2.s390x.rpm x86_64: libtiff-3.8.2-7.el5_2.2.i386.rpm libtiff-3.8.2-7.el5_2.2.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.i386.rpm libtiff-debuginfo-3.8.2-7.el5_2.2.x86_64.rpm libtiff-devel-3.8.2-7.el5_2.2.i386.rpm libtiff-devel-3.8.2-7.el5_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFItyM9XlSAg2UNWIIRAtnjAJsGWSVjZ/TXT/2RULdfEwE6WekuaACgi/4k Bmd7HnVuK5xn061br/ZLyKM= =e5l+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 28 22:24:31 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Aug 2008 18:24:31 -0400 Subject: [RHSA-2008:0848-01] Important: libtiff security and bug fix update Message-ID: <200808282224.m7SMOVOD015792@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security and bug fix update Advisory ID: RHSA-2008:0848-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0848.html Issue date: 2008-08-28 CVE Names: CVE-2008-2327 CVE-2006-2193 ===================================================================== 1. Summary: Updated libtiff packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. A buffer overflow flaw was discovered in the tiff2pdf conversion program distributed with libtiff. An attacker could create a TIFF file containing UTF-8 characters that would, when converted to PDF format, cause tiff2pdf to crash, or, possibly, execute arbitrary code. (CVE-2006-2193) Additionally, these updated packages fix the following bug: * the libtiff packages included manual pages for the sgi2tiff and tiffsv commands, which are not included in these packages. These extraneous manual pages were removed. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 194362 - CVE-2006-2193 tiff2pdf buffer overflow 458674 - CVE-2008-2327 libtiff: use of uninitialized memory in LZW decoder 459404 - [RHEL4] libtiff has unnecessary man pages. 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtiff-3.6.1-12.el4_7.2.src.rpm i386: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-devel-3.6.1-12.el4_7.2.i386.rpm ia64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.ia64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.ia64.rpm libtiff-devel-3.6.1-12.el4_7.2.ia64.rpm ppc: libtiff-3.6.1-12.el4_7.2.ppc.rpm libtiff-3.6.1-12.el4_7.2.ppc64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.ppc.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.ppc64.rpm libtiff-devel-3.6.1-12.el4_7.2.ppc.rpm s390: libtiff-3.6.1-12.el4_7.2.s390.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.s390.rpm libtiff-devel-3.6.1-12.el4_7.2.s390.rpm s390x: libtiff-3.6.1-12.el4_7.2.s390.rpm libtiff-3.6.1-12.el4_7.2.s390x.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.s390.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.s390x.rpm libtiff-devel-3.6.1-12.el4_7.2.s390x.rpm x86_64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.x86_64.rpm libtiff-devel-3.6.1-12.el4_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtiff-3.6.1-12.el4_7.2.src.rpm i386: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-devel-3.6.1-12.el4_7.2.i386.rpm x86_64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.x86_64.rpm libtiff-devel-3.6.1-12.el4_7.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtiff-3.6.1-12.el4_7.2.src.rpm i386: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-devel-3.6.1-12.el4_7.2.i386.rpm ia64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.ia64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.ia64.rpm libtiff-devel-3.6.1-12.el4_7.2.ia64.rpm x86_64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.x86_64.rpm libtiff-devel-3.6.1-12.el4_7.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtiff-3.6.1-12.el4_7.2.src.rpm i386: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-devel-3.6.1-12.el4_7.2.i386.rpm ia64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.ia64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.ia64.rpm libtiff-devel-3.6.1-12.el4_7.2.ia64.rpm x86_64: libtiff-3.6.1-12.el4_7.2.i386.rpm libtiff-3.6.1-12.el4_7.2.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.i386.rpm libtiff-debuginfo-3.6.1-12.el4_7.2.x86_64.rpm libtiff-devel-3.6.1-12.el4_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFItyWEXlSAg2UNWIIRArMaAJ0YXcMAEODIu30XdltQkYBN3q+B+QCeJoun UtrvZU2D+KIe1p9gd129KPg= =c7IW -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 28 22:32:59 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Aug 2008 18:32:59 -0400 Subject: [RHSA-2008:0863-01] Important: libtiff security update Message-ID: <200808282232.m7SMWxkE019232@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2008:0863-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0863.html Issue date: 2008-08-28 CVE Names: CVE-2008-2327 ===================================================================== 1. Summary: Updated libtiff packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458674 - CVE-2008-2327 libtiff: use of uninitialized memory in LZW decoder 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libtiff-3.5.7-31.el2.src.rpm i386: libtiff-3.5.7-31.el2.i386.rpm libtiff-devel-3.5.7-31.el2.i386.rpm ia64: libtiff-3.5.7-31.el2.ia64.rpm libtiff-devel-3.5.7-31.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libtiff-3.5.7-31.el2.src.rpm ia64: libtiff-3.5.7-31.el2.ia64.rpm libtiff-devel-3.5.7-31.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libtiff-3.5.7-31.el2.src.rpm i386: libtiff-3.5.7-31.el2.i386.rpm libtiff-devel-3.5.7-31.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libtiff-3.5.7-31.el2.src.rpm i386: libtiff-3.5.7-31.el2.i386.rpm libtiff-devel-3.5.7-31.el2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-31.el3.src.rpm i386: libtiff-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-devel-3.5.7-31.el3.i386.rpm ia64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.ia64.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.ia64.rpm libtiff-devel-3.5.7-31.el3.ia64.rpm ppc: libtiff-3.5.7-31.el3.ppc.rpm libtiff-3.5.7-31.el3.ppc64.rpm libtiff-debuginfo-3.5.7-31.el3.ppc.rpm libtiff-debuginfo-3.5.7-31.el3.ppc64.rpm libtiff-devel-3.5.7-31.el3.ppc.rpm s390: libtiff-3.5.7-31.el3.s390.rpm libtiff-debuginfo-3.5.7-31.el3.s390.rpm libtiff-devel-3.5.7-31.el3.s390.rpm s390x: libtiff-3.5.7-31.el3.s390.rpm libtiff-3.5.7-31.el3.s390x.rpm libtiff-debuginfo-3.5.7-31.el3.s390.rpm libtiff-debuginfo-3.5.7-31.el3.s390x.rpm libtiff-devel-3.5.7-31.el3.s390x.rpm x86_64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.x86_64.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.x86_64.rpm libtiff-devel-3.5.7-31.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-31.el3.src.rpm i386: libtiff-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-devel-3.5.7-31.el3.i386.rpm x86_64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.x86_64.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.x86_64.rpm libtiff-devel-3.5.7-31.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-31.el3.src.rpm i386: libtiff-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-devel-3.5.7-31.el3.i386.rpm ia64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.ia64.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.ia64.rpm libtiff-devel-3.5.7-31.el3.ia64.rpm x86_64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.x86_64.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.x86_64.rpm libtiff-devel-3.5.7-31.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-31.el3.src.rpm i386: libtiff-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-devel-3.5.7-31.el3.i386.rpm ia64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.ia64.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.ia64.rpm libtiff-devel-3.5.7-31.el3.ia64.rpm x86_64: libtiff-3.5.7-31.el3.i386.rpm libtiff-3.5.7-31.el3.x86_64.rpm libtiff-debuginfo-3.5.7-31.el3.i386.rpm libtiff-debuginfo-3.5.7-31.el3.x86_64.rpm libtiff-devel-3.5.7-31.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFItyd/XlSAg2UNWIIRAlcpAKCRV4zWDewE9e4LeyWl3/OluHqg3QCfWwIc D7OoU/txGOcQn0R2yeGp34U= =t0yk -----END PGP SIGNATURE-----