From bugzilla at redhat.com Fri Feb 1 14:56:14 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Feb 2008 09:56:14 -0500 Subject: [RHSA-2008:0040-01] Moderate: postgresql security update Message-ID: <200802011456.m11EuE9s032633@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2008:0040-01 Product: Red Hat Application Stack Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0040.html Issue date: 2008-02-01 CVE Names: CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 ===================================================================== 1. Summary: Updated postgresql packages that fix several security issues are now available for Red Hat Application Stack v1 and v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64 3. Description: PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with "trust" or "ident" authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 8.1.11 and 8.2.6, and resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 309141 - CVE-2007-3278 dblink allows proxying of database connections via 127.0.0.1 315231 - CVE-2007-4769 postgresql integer overflow in regex code 316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code 400931 - CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup 427127 - CVE-2007-6600 PostgreSQL privilege escalation 427128 - CVE-2007-6601 PostgreSQL privilege escalation via dblink 6. Package List: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): Source: ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/postgresql-8.1.11-1.el4s1.1.src.rpm i386: postgresql-8.1.11-1.el4s1.1.i386.rpm postgresql-contrib-8.1.11-1.el4s1.1.i386.rpm postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm postgresql-devel-8.1.11-1.el4s1.1.i386.rpm postgresql-docs-8.1.11-1.el4s1.1.i386.rpm postgresql-libs-8.1.11-1.el4s1.1.i386.rpm postgresql-pl-8.1.11-1.el4s1.1.i386.rpm postgresql-python-8.1.11-1.el4s1.1.i386.rpm postgresql-server-8.1.11-1.el4s1.1.i386.rpm postgresql-tcl-8.1.11-1.el4s1.1.i386.rpm postgresql-test-8.1.11-1.el4s1.1.i386.rpm x86_64: postgresql-8.1.11-1.el4s1.1.x86_64.rpm postgresql-contrib-8.1.11-1.el4s1.1.x86_64.rpm postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm postgresql-debuginfo-8.1.11-1.el4s1.1.x86_64.rpm postgresql-devel-8.1.11-1.el4s1.1.x86_64.rpm postgresql-docs-8.1.11-1.el4s1.1.x86_64.rpm postgresql-libs-8.1.11-1.el4s1.1.i386.rpm postgresql-libs-8.1.11-1.el4s1.1.x86_64.rpm postgresql-pl-8.1.11-1.el4s1.1.x86_64.rpm postgresql-python-8.1.11-1.el4s1.1.x86_64.rpm postgresql-server-8.1.11-1.el4s1.1.x86_64.rpm postgresql-tcl-8.1.11-1.el4s1.1.x86_64.rpm postgresql-test-8.1.11-1.el4s1.1.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): Source: ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/postgresql-8.1.11-1.el4s1.1.src.rpm i386: postgresql-8.1.11-1.el4s1.1.i386.rpm postgresql-contrib-8.1.11-1.el4s1.1.i386.rpm postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm postgresql-devel-8.1.11-1.el4s1.1.i386.rpm postgresql-docs-8.1.11-1.el4s1.1.i386.rpm postgresql-libs-8.1.11-1.el4s1.1.i386.rpm postgresql-pl-8.1.11-1.el4s1.1.i386.rpm postgresql-python-8.1.11-1.el4s1.1.i386.rpm postgresql-server-8.1.11-1.el4s1.1.i386.rpm postgresql-tcl-8.1.11-1.el4s1.1.i386.rpm postgresql-test-8.1.11-1.el4s1.1.i386.rpm x86_64: postgresql-8.1.11-1.el4s1.1.x86_64.rpm postgresql-contrib-8.1.11-1.el4s1.1.x86_64.rpm postgresql-debuginfo-8.1.11-1.el4s1.1.i386.rpm postgresql-debuginfo-8.1.11-1.el4s1.1.x86_64.rpm postgresql-devel-8.1.11-1.el4s1.1.x86_64.rpm postgresql-docs-8.1.11-1.el4s1.1.x86_64.rpm postgresql-libs-8.1.11-1.el4s1.1.i386.rpm postgresql-libs-8.1.11-1.el4s1.1.x86_64.rpm postgresql-pl-8.1.11-1.el4s1.1.x86_64.rpm postgresql-python-8.1.11-1.el4s1.1.x86_64.rpm postgresql-server-8.1.11-1.el4s1.1.x86_64.rpm postgresql-tcl-8.1.11-1.el4s1.1.x86_64.rpm postgresql-test-8.1.11-1.el4s1.1.x86_64.rpm Red Hat Application Stack v2 for Enterprise Linux (v.5): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/postgresql-8.2.6-1.el5s2.src.rpm i386: postgresql-8.2.6-1.el5s2.i386.rpm postgresql-contrib-8.2.6-1.el5s2.i386.rpm postgresql-debuginfo-8.2.6-1.el5s2.i386.rpm postgresql-devel-8.2.6-1.el5s2.i386.rpm postgresql-docs-8.2.6-1.el5s2.i386.rpm postgresql-libs-8.2.6-1.el5s2.i386.rpm postgresql-plperl-8.2.6-1.el5s2.i386.rpm postgresql-plpython-8.2.6-1.el5s2.i386.rpm postgresql-pltcl-8.2.6-1.el5s2.i386.rpm postgresql-python-8.2.6-1.el5s2.i386.rpm postgresql-server-8.2.6-1.el5s2.i386.rpm postgresql-tcl-8.2.6-1.el5s2.i386.rpm postgresql-test-8.2.6-1.el5s2.i386.rpm x86_64: postgresql-8.2.6-1.el5s2.x86_64.rpm postgresql-contrib-8.2.6-1.el5s2.x86_64.rpm postgresql-debuginfo-8.2.6-1.el5s2.i386.rpm postgresql-debuginfo-8.2.6-1.el5s2.x86_64.rpm postgresql-devel-8.2.6-1.el5s2.i386.rpm postgresql-devel-8.2.6-1.el5s2.x86_64.rpm postgresql-docs-8.2.6-1.el5s2.x86_64.rpm postgresql-libs-8.2.6-1.el5s2.i386.rpm postgresql-libs-8.2.6-1.el5s2.x86_64.rpm postgresql-plperl-8.2.6-1.el5s2.x86_64.rpm postgresql-plpython-8.2.6-1.el5s2.x86_64.rpm postgresql-pltcl-8.2.6-1.el5s2.x86_64.rpm postgresql-python-8.2.6-1.el5s2.x86_64.rpm postgresql-server-8.2.6-1.el5s2.x86_64.rpm postgresql-tcl-8.2.6-1.el5s2.x86_64.rpm postgresql-test-8.2.6-1.el5s2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHozLrXlSAg2UNWIIRAkUOAJ44ZnHt8hRTZ7OKYTdUXEiUxoJ1owCgn5CD Ex2ADzs5qG+899zj38WZl+M= =Vyfj -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 8 02:52:57 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Feb 2008 21:52:57 -0500 Subject: [RHSA-2008:0103-01] Critical: firefox security update Message-ID: <200802080252.m182qvhC006841@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2008:0103-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0103.html Issue date: 2008-02-07 CVE Names: CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type "plain/text", rather than "text/plain", Firefox will not show future "text/plain" content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431732 - CVE-2008-0412 Mozilla layout engine crashes 431733 - CVE-2008-0413 Mozilla javascript engine crashes 431739 - CVE-2008-0415 Mozilla arbitrary code execution 431742 - CVE-2008-0417 Mozilla arbitrary code execution 431748 - CVE-2008-0418 Mozilla chrome: directory traversal 431749 - CVE-2008-0419 Mozilla arbitrary code execution 431751 - CVE-2008-0591 Mozilla information disclosure flaw 431752 - CVE-2008-0592 Mozilla text file mishandling 431756 - CVE-2008-0593 Mozilla URL token stealing flaw 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm i386: firefox-1.5.0.12-0.10.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm ia64: firefox-1.5.0.12-0.10.el4.ia64.rpm firefox-debuginfo-1.5.0.12-0.10.el4.ia64.rpm ppc: firefox-1.5.0.12-0.10.el4.ppc.rpm firefox-debuginfo-1.5.0.12-0.10.el4.ppc.rpm s390: firefox-1.5.0.12-0.10.el4.s390.rpm firefox-debuginfo-1.5.0.12-0.10.el4.s390.rpm s390x: firefox-1.5.0.12-0.10.el4.s390x.rpm firefox-debuginfo-1.5.0.12-0.10.el4.s390x.rpm x86_64: firefox-1.5.0.12-0.10.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm i386: firefox-1.5.0.12-0.10.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm x86_64: firefox-1.5.0.12-0.10.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm i386: firefox-1.5.0.12-0.10.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm ia64: firefox-1.5.0.12-0.10.el4.ia64.rpm firefox-debuginfo-1.5.0.12-0.10.el4.ia64.rpm x86_64: firefox-1.5.0.12-0.10.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.12-0.10.el4.src.rpm i386: firefox-1.5.0.12-0.10.el4.i386.rpm firefox-debuginfo-1.5.0.12-0.10.el4.i386.rpm ia64: firefox-1.5.0.12-0.10.el4.ia64.rpm firefox-debuginfo-1.5.0.12-0.10.el4.ia64.rpm x86_64: firefox-1.5.0.12-0.10.el4.x86_64.rpm firefox-debuginfo-1.5.0.12-0.10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-9.el5.src.rpm i386: firefox-1.5.0.12-9.el5.i386.rpm firefox-debuginfo-1.5.0.12-9.el5.i386.rpm x86_64: firefox-1.5.0.12-9.el5.i386.rpm firefox-1.5.0.12-9.el5.x86_64.rpm firefox-debuginfo-1.5.0.12-9.el5.i386.rpm firefox-debuginfo-1.5.0.12-9.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.12-9.el5.src.rpm i386: firefox-debuginfo-1.5.0.12-9.el5.i386.rpm firefox-devel-1.5.0.12-9.el5.i386.rpm x86_64: firefox-debuginfo-1.5.0.12-9.el5.i386.rpm firefox-debuginfo-1.5.0.12-9.el5.x86_64.rpm firefox-devel-1.5.0.12-9.el5.i386.rpm firefox-devel-1.5.0.12-9.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.12-9.el5.src.rpm i386: firefox-1.5.0.12-9.el5.i386.rpm firefox-debuginfo-1.5.0.12-9.el5.i386.rpm firefox-devel-1.5.0.12-9.el5.i386.rpm ia64: firefox-1.5.0.12-9.el5.ia64.rpm firefox-debuginfo-1.5.0.12-9.el5.ia64.rpm firefox-devel-1.5.0.12-9.el5.ia64.rpm ppc: firefox-1.5.0.12-9.el5.ppc.rpm firefox-debuginfo-1.5.0.12-9.el5.ppc.rpm firefox-devel-1.5.0.12-9.el5.ppc.rpm s390x: firefox-1.5.0.12-9.el5.s390.rpm firefox-1.5.0.12-9.el5.s390x.rpm firefox-debuginfo-1.5.0.12-9.el5.s390.rpm firefox-debuginfo-1.5.0.12-9.el5.s390x.rpm firefox-devel-1.5.0.12-9.el5.s390.rpm firefox-devel-1.5.0.12-9.el5.s390x.rpm x86_64: firefox-1.5.0.12-9.el5.i386.rpm firefox-1.5.0.12-9.el5.x86_64.rpm firefox-debuginfo-1.5.0.12-9.el5.i386.rpm firefox-debuginfo-1.5.0.12-9.el5.x86_64.rpm firefox-devel-1.5.0.12-9.el5.i386.rpm firefox-devel-1.5.0.12-9.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHq8P3XlSAg2UNWIIRAiwUAKDEhVOF1MaHoBHoxZJfkm1to0LjHQCfe3tz YXAwimdo3jkWcuehgg5OTRc= =DP8X -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 8 02:53:27 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Feb 2008 21:53:27 -0500 Subject: [RHSA-2008:0104-01] Critical: seamonkey security update Message-ID: <200802080253.m182rRgQ006855@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2008:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0104.html Issue date: 2008-02-07 CVE Names: CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type "plain/text", rather than "text/plain", SeaMonkey will not show future "text/plain" content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431732 - CVE-2008-0412 Mozilla layout engine crashes 431733 - CVE-2008-0413 Mozilla javascript engine crashes 431739 - CVE-2008-0415 Mozilla arbitrary code execution 431742 - CVE-2008-0417 Mozilla arbitrary code execution 431748 - CVE-2008-0418 Mozilla chrome: directory traversal 431749 - CVE-2008-0419 Mozilla arbitrary code execution 431751 - CVE-2008-0591 Mozilla information disclosure flaw 431752 - CVE-2008-0592 Mozilla text file mishandling 431756 - CVE-2008-0593 Mozilla URL token stealing flaw 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.9-0.9.el2.src.rpm i386: seamonkey-1.0.9-0.9.el2.i386.rpm seamonkey-chat-1.0.9-0.9.el2.i386.rpm seamonkey-devel-1.0.9-0.9.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.9.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.9.el2.i386.rpm seamonkey-mail-1.0.9-0.9.el2.i386.rpm seamonkey-nspr-1.0.9-0.9.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.9.el2.i386.rpm seamonkey-nss-1.0.9-0.9.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.9.el2.i386.rpm ia64: seamonkey-1.0.9-0.9.el2.ia64.rpm seamonkey-chat-1.0.9-0.9.el2.ia64.rpm seamonkey-devel-1.0.9-0.9.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.9.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.9.el2.ia64.rpm seamonkey-mail-1.0.9-0.9.el2.ia64.rpm seamonkey-nspr-1.0.9-0.9.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.9.el2.ia64.rpm seamonkey-nss-1.0.9-0.9.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.9.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.9-0.9.el2.src.rpm ia64: seamonkey-1.0.9-0.9.el2.ia64.rpm seamonkey-chat-1.0.9-0.9.el2.ia64.rpm seamonkey-devel-1.0.9-0.9.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.9.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.9.el2.ia64.rpm seamonkey-mail-1.0.9-0.9.el2.ia64.rpm seamonkey-nspr-1.0.9-0.9.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.9.el2.ia64.rpm seamonkey-nss-1.0.9-0.9.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.9.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.9-0.9.el2.src.rpm i386: seamonkey-1.0.9-0.9.el2.i386.rpm seamonkey-chat-1.0.9-0.9.el2.i386.rpm seamonkey-devel-1.0.9-0.9.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.9.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.9.el2.i386.rpm seamonkey-mail-1.0.9-0.9.el2.i386.rpm seamonkey-nspr-1.0.9-0.9.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.9.el2.i386.rpm seamonkey-nss-1.0.9-0.9.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.9.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.9-0.9.el2.src.rpm i386: seamonkey-1.0.9-0.9.el2.i386.rpm seamonkey-chat-1.0.9-0.9.el2.i386.rpm seamonkey-devel-1.0.9-0.9.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.9.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.9.el2.i386.rpm seamonkey-mail-1.0.9-0.9.el2.i386.rpm seamonkey-nspr-1.0.9-0.9.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.9.el2.i386.rpm seamonkey-nss-1.0.9-0.9.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.9.el2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.9.el3.src.rpm i386: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-chat-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-devel-1.0.9-0.9.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.9.el3.i386.rpm seamonkey-mail-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.9.el3.i386.rpm ia64: seamonkey-1.0.9-0.9.el3.ia64.rpm seamonkey-chat-1.0.9-0.9.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.ia64.rpm seamonkey-devel-1.0.9-0.9.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.9.el3.ia64.rpm seamonkey-mail-1.0.9-0.9.el3.ia64.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.ia64.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.9.el3.ia64.rpm ppc: seamonkey-1.0.9-0.9.el3.ppc.rpm seamonkey-chat-1.0.9-0.9.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.9.el3.ppc.rpm seamonkey-devel-1.0.9-0.9.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.9.el3.ppc.rpm seamonkey-mail-1.0.9-0.9.el3.ppc.rpm seamonkey-nspr-1.0.9-0.9.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.ppc.rpm seamonkey-nss-1.0.9-0.9.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.9.el3.ppc.rpm s390: seamonkey-1.0.9-0.9.el3.s390.rpm seamonkey-chat-1.0.9-0.9.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.9.el3.s390.rpm seamonkey-devel-1.0.9-0.9.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.9.el3.s390.rpm seamonkey-mail-1.0.9-0.9.el3.s390.rpm seamonkey-nspr-1.0.9-0.9.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.s390.rpm seamonkey-nss-1.0.9-0.9.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.9.el3.s390.rpm s390x: seamonkey-1.0.9-0.9.el3.s390x.rpm seamonkey-chat-1.0.9-0.9.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.9.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.9.el3.s390x.rpm seamonkey-devel-1.0.9-0.9.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.9.el3.s390x.rpm seamonkey-mail-1.0.9-0.9.el3.s390x.rpm seamonkey-nspr-1.0.9-0.9.el3.s390.rpm seamonkey-nspr-1.0.9-0.9.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.s390x.rpm seamonkey-nss-1.0.9-0.9.el3.s390.rpm seamonkey-nss-1.0.9-0.9.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.9.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-1.0.9-0.9.el3.x86_64.rpm seamonkey-chat-1.0.9-0.9.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.x86_64.rpm seamonkey-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.9.el3.x86_64.rpm seamonkey-mail-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.9.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.9.el3.src.rpm i386: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-chat-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-devel-1.0.9-0.9.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.9.el3.i386.rpm seamonkey-mail-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.9.el3.i386.rpm x86_64: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-1.0.9-0.9.el3.x86_64.rpm seamonkey-chat-1.0.9-0.9.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.x86_64.rpm seamonkey-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.9.el3.x86_64.rpm seamonkey-mail-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.9.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.9.el3.src.rpm i386: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-chat-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-devel-1.0.9-0.9.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.9.el3.i386.rpm seamonkey-mail-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.9.el3.i386.rpm ia64: seamonkey-1.0.9-0.9.el3.ia64.rpm seamonkey-chat-1.0.9-0.9.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.ia64.rpm seamonkey-devel-1.0.9-0.9.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.9.el3.ia64.rpm seamonkey-mail-1.0.9-0.9.el3.ia64.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.ia64.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.9.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-1.0.9-0.9.el3.x86_64.rpm seamonkey-chat-1.0.9-0.9.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.x86_64.rpm seamonkey-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.9.el3.x86_64.rpm seamonkey-mail-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.9.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.9.el3.src.rpm i386: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-chat-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-devel-1.0.9-0.9.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.9.el3.i386.rpm seamonkey-mail-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.9.el3.i386.rpm ia64: seamonkey-1.0.9-0.9.el3.ia64.rpm seamonkey-chat-1.0.9-0.9.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.ia64.rpm seamonkey-devel-1.0.9-0.9.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.9.el3.ia64.rpm seamonkey-mail-1.0.9-0.9.el3.ia64.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.ia64.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.9.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.9.el3.i386.rpm seamonkey-1.0.9-0.9.el3.x86_64.rpm seamonkey-chat-1.0.9-0.9.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.9.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.9.el3.x86_64.rpm seamonkey-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.9.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.9.el3.x86_64.rpm seamonkey-mail-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.9.el3.i386.rpm seamonkey-nspr-1.0.9-0.9.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-1.0.9-0.9.el3.i386.rpm seamonkey-nss-1.0.9-0.9.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.9.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-9.el4.src.rpm i386: seamonkey-1.0.9-9.el4.i386.rpm seamonkey-chat-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-devel-1.0.9-9.el4.i386.rpm seamonkey-dom-inspector-1.0.9-9.el4.i386.rpm seamonkey-js-debugger-1.0.9-9.el4.i386.rpm seamonkey-mail-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-devel-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-devel-1.0.9-9.el4.i386.rpm ia64: seamonkey-1.0.9-9.el4.ia64.rpm seamonkey-chat-1.0.9-9.el4.ia64.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.ia64.rpm seamonkey-devel-1.0.9-9.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-9.el4.ia64.rpm seamonkey-js-debugger-1.0.9-9.el4.ia64.rpm seamonkey-mail-1.0.9-9.el4.ia64.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.ia64.rpm seamonkey-nspr-devel-1.0.9-9.el4.ia64.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.ia64.rpm seamonkey-nss-devel-1.0.9-9.el4.ia64.rpm ppc: seamonkey-1.0.9-9.el4.ppc.rpm seamonkey-chat-1.0.9-9.el4.ppc.rpm seamonkey-debuginfo-1.0.9-9.el4.ppc.rpm seamonkey-devel-1.0.9-9.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-9.el4.ppc.rpm seamonkey-js-debugger-1.0.9-9.el4.ppc.rpm seamonkey-mail-1.0.9-9.el4.ppc.rpm seamonkey-nspr-1.0.9-9.el4.ppc.rpm seamonkey-nspr-devel-1.0.9-9.el4.ppc.rpm seamonkey-nss-1.0.9-9.el4.ppc.rpm seamonkey-nss-devel-1.0.9-9.el4.ppc.rpm s390: seamonkey-1.0.9-9.el4.s390.rpm seamonkey-chat-1.0.9-9.el4.s390.rpm seamonkey-debuginfo-1.0.9-9.el4.s390.rpm seamonkey-devel-1.0.9-9.el4.s390.rpm seamonkey-dom-inspector-1.0.9-9.el4.s390.rpm seamonkey-js-debugger-1.0.9-9.el4.s390.rpm seamonkey-mail-1.0.9-9.el4.s390.rpm seamonkey-nspr-1.0.9-9.el4.s390.rpm seamonkey-nspr-devel-1.0.9-9.el4.s390.rpm seamonkey-nss-1.0.9-9.el4.s390.rpm seamonkey-nss-devel-1.0.9-9.el4.s390.rpm s390x: seamonkey-1.0.9-9.el4.s390x.rpm seamonkey-chat-1.0.9-9.el4.s390x.rpm seamonkey-debuginfo-1.0.9-9.el4.s390.rpm seamonkey-debuginfo-1.0.9-9.el4.s390x.rpm seamonkey-devel-1.0.9-9.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-9.el4.s390x.rpm seamonkey-js-debugger-1.0.9-9.el4.s390x.rpm seamonkey-mail-1.0.9-9.el4.s390x.rpm seamonkey-nspr-1.0.9-9.el4.s390.rpm seamonkey-nspr-1.0.9-9.el4.s390x.rpm seamonkey-nspr-devel-1.0.9-9.el4.s390x.rpm seamonkey-nss-1.0.9-9.el4.s390.rpm seamonkey-nss-1.0.9-9.el4.s390x.rpm seamonkey-nss-devel-1.0.9-9.el4.s390x.rpm x86_64: seamonkey-1.0.9-9.el4.x86_64.rpm seamonkey-chat-1.0.9-9.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.x86_64.rpm seamonkey-devel-1.0.9-9.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-9.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-9.el4.x86_64.rpm seamonkey-mail-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-9.el4.x86_64.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-9.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-9.el4.src.rpm i386: seamonkey-1.0.9-9.el4.i386.rpm seamonkey-chat-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-devel-1.0.9-9.el4.i386.rpm seamonkey-dom-inspector-1.0.9-9.el4.i386.rpm seamonkey-js-debugger-1.0.9-9.el4.i386.rpm seamonkey-mail-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-devel-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-devel-1.0.9-9.el4.i386.rpm x86_64: seamonkey-1.0.9-9.el4.x86_64.rpm seamonkey-chat-1.0.9-9.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.x86_64.rpm seamonkey-devel-1.0.9-9.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-9.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-9.el4.x86_64.rpm seamonkey-mail-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-9.el4.x86_64.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-9.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-9.el4.src.rpm i386: seamonkey-1.0.9-9.el4.i386.rpm seamonkey-chat-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-devel-1.0.9-9.el4.i386.rpm seamonkey-dom-inspector-1.0.9-9.el4.i386.rpm seamonkey-js-debugger-1.0.9-9.el4.i386.rpm seamonkey-mail-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-devel-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-devel-1.0.9-9.el4.i386.rpm ia64: seamonkey-1.0.9-9.el4.ia64.rpm seamonkey-chat-1.0.9-9.el4.ia64.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.ia64.rpm seamonkey-devel-1.0.9-9.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-9.el4.ia64.rpm seamonkey-js-debugger-1.0.9-9.el4.ia64.rpm seamonkey-mail-1.0.9-9.el4.ia64.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.ia64.rpm seamonkey-nspr-devel-1.0.9-9.el4.ia64.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.ia64.rpm seamonkey-nss-devel-1.0.9-9.el4.ia64.rpm x86_64: seamonkey-1.0.9-9.el4.x86_64.rpm seamonkey-chat-1.0.9-9.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.x86_64.rpm seamonkey-devel-1.0.9-9.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-9.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-9.el4.x86_64.rpm seamonkey-mail-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-9.el4.x86_64.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-9.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-9.el4.src.rpm i386: seamonkey-1.0.9-9.el4.i386.rpm seamonkey-chat-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-devel-1.0.9-9.el4.i386.rpm seamonkey-dom-inspector-1.0.9-9.el4.i386.rpm seamonkey-js-debugger-1.0.9-9.el4.i386.rpm seamonkey-mail-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-devel-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-devel-1.0.9-9.el4.i386.rpm ia64: seamonkey-1.0.9-9.el4.ia64.rpm seamonkey-chat-1.0.9-9.el4.ia64.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.ia64.rpm seamonkey-devel-1.0.9-9.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-9.el4.ia64.rpm seamonkey-js-debugger-1.0.9-9.el4.ia64.rpm seamonkey-mail-1.0.9-9.el4.ia64.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.ia64.rpm seamonkey-nspr-devel-1.0.9-9.el4.ia64.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.ia64.rpm seamonkey-nss-devel-1.0.9-9.el4.ia64.rpm x86_64: seamonkey-1.0.9-9.el4.x86_64.rpm seamonkey-chat-1.0.9-9.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-9.el4.i386.rpm seamonkey-debuginfo-1.0.9-9.el4.x86_64.rpm seamonkey-devel-1.0.9-9.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-9.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-9.el4.x86_64.rpm seamonkey-mail-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-1.0.9-9.el4.i386.rpm seamonkey-nspr-1.0.9-9.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-9.el4.x86_64.rpm seamonkey-nss-1.0.9-9.el4.i386.rpm seamonkey-nss-1.0.9-9.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-9.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHq8QQXlSAg2UNWIIRAguvAJ0W4TQeH0tr1Ppyh0jn8dbQNl/RSACcCEi+ z+KHxfs4nlnSQ0OtHfIB6HE= =84Ju -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 8 02:53:55 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Feb 2008 21:53:55 -0500 Subject: [RHSA-2008:0105-01] Moderate: thunderbird security update Message-ID: <200802080253.m182rt6s006869@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2008:0105-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0105.html Issue date: 2008-02-07 CVE Names: CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 ===================================================================== 1. Summary: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type "plain/text", rather than "text/plain", Thunderbird will not show future "text/plain" content to the user, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431732 - CVE-2008-0412 Mozilla layout engine crashes 431733 - CVE-2008-0413 Mozilla javascript engine crashes 431739 - CVE-2008-0415 Mozilla arbitrary code execution 431748 - CVE-2008-0418 Mozilla chrome: directory traversal 431749 - CVE-2008-0419 Mozilla arbitrary code execution 431751 - CVE-2008-0591 Mozilla information disclosure flaw 431752 - CVE-2008-0592 Mozilla text file mishandling 431756 - CVE-2008-0593 Mozilla URL token stealing flaw 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm ia64: thunderbird-1.5.0.12-8.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ia64.rpm ppc: thunderbird-1.5.0.12-8.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ppc.rpm s390: thunderbird-1.5.0.12-8.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-8.el4.s390.rpm s390x: thunderbird-1.5.0.12-8.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-8.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm ia64: thunderbird-1.5.0.12-8.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm ia64: thunderbird-1.5.0.12-8.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-1.5.0.12-8.el5.src.rpm i386: thunderbird-1.5.0.12-8.el5.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el5.i386.rpm x86_64: thunderbird-1.5.0.12-8.el5.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-1.5.0.12-8.el5.src.rpm i386: thunderbird-1.5.0.12-8.el5.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el5.i386.rpm x86_64: thunderbird-1.5.0.12-8.el5.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHq8QqXlSAg2UNWIIRAkeSAKCb0Z6TlRf+Lc+gLbAmnPIxfZzH8QCeNSAd gw1nkQjp37VBpoKHN40PdcE= =Qqed -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 12 09:21:36 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Feb 2008 04:21:36 -0500 Subject: [RHSA-2008:0123-01] Critical: java-1.5.0-sun security update Message-ID: <200802120922.m1C9LadW030753@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-sun security update Advisory ID: RHSA-2008:0123-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0123.html Issue date: 2008-02-12 CVE Names: CVE-2008-0657 ===================================================================== 1. Summary: Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. These updated java-1.5.0-sun packages resolve the following security issues: Two vulnerabilities in the Java Runtime Environment allowed an untrusted application or applet to elevate the assigned privileges. This could be misused by a malicious website to read and write local files or execute local applications in the context of the user running the Java process. (CVE-2008-0657) Users of java-1.5.0-sun should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431861 - CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el4.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.5.0-sun-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el5.i586.rpm x86_64: java-1.5.0-sun-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-sun-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el5.i586.rpm x86_64: java-1.5.0-sun-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-demo-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-devel-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.14-1jpp.2.el5.x86_64.rpm java-1.5.0-sun-plugin-1.5.0.14-1jpp.2.el5.i586.rpm java-1.5.0-sun-src-1.5.0.14-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0657 http://www.redhat.com/security/updates/classification/#critical http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHsWUOXlSAg2UNWIIRAvg7AKCSvNPwBxhxAlH++PWk4sq17OpwjgCeM9PD kFRFOGR1VcWMYtb14U2pUmM= =T6PF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 12 16:54:40 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Feb 2008 11:54:40 -0500 Subject: [RHSA-2008:0129-01] Important: kernel security update Message-ID: <200802121654.m1CGse3w008379@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2008:0129-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0129.html Issue date: 2008-02-12 CVE Names: CVE-2008-0600 ===================================================================== 1. Summary: Updated kernel packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in vmsplice. An unprivileged local user could use this flaw to gain root privileges. (CVE-2008-0600) Red Hat is aware that a public exploit for this issue is available. This issue did not affect the Linux kernels distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 432251 - CVE-2008-0600 kernel vmsplice_to_pipe flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-53.1.13.el5.src.rpm i386: kernel-2.6.18-53.1.13.el5.i686.rpm kernel-PAE-2.6.18-53.1.13.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.13.el5.i686.rpm kernel-debug-2.6.18-53.1.13.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.13.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.13.el5.i686.rpm kernel-devel-2.6.18-53.1.13.el5.i686.rpm kernel-headers-2.6.18-53.1.13.el5.i386.rpm kernel-xen-2.6.18-53.1.13.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.13.el5.i686.rpm noarch: kernel-doc-2.6.18-53.1.13.el5.noarch.rpm x86_64: kernel-2.6.18-53.1.13.el5.x86_64.rpm kernel-debug-2.6.18-53.1.13.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.13.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.13.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.13.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.13.el5.x86_64.rpm kernel-devel-2.6.18-53.1.13.el5.x86_64.rpm kernel-headers-2.6.18-53.1.13.el5.x86_64.rpm kernel-xen-2.6.18-53.1.13.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.13.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.13.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-53.1.13.el5.src.rpm i386: kernel-2.6.18-53.1.13.el5.i686.rpm kernel-PAE-2.6.18-53.1.13.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.13.el5.i686.rpm kernel-debug-2.6.18-53.1.13.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.13.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.13.el5.i686.rpm kernel-devel-2.6.18-53.1.13.el5.i686.rpm kernel-headers-2.6.18-53.1.13.el5.i386.rpm kernel-xen-2.6.18-53.1.13.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.13.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.13.el5.i686.rpm ia64: kernel-2.6.18-53.1.13.el5.ia64.rpm kernel-debug-2.6.18-53.1.13.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-53.1.13.el5.ia64.rpm kernel-debug-devel-2.6.18-53.1.13.el5.ia64.rpm kernel-debuginfo-2.6.18-53.1.13.el5.ia64.rpm kernel-debuginfo-common-2.6.18-53.1.13.el5.ia64.rpm kernel-devel-2.6.18-53.1.13.el5.ia64.rpm kernel-headers-2.6.18-53.1.13.el5.ia64.rpm kernel-xen-2.6.18-53.1.13.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-53.1.13.el5.ia64.rpm kernel-xen-devel-2.6.18-53.1.13.el5.ia64.rpm noarch: kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ppc: kernel-2.6.18-53.1.13.el5.ppc64.rpm kernel-debug-2.6.18-53.1.13.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-53.1.13.el5.ppc64.rpm kernel-debug-devel-2.6.18-53.1.13.el5.ppc64.rpm kernel-debuginfo-2.6.18-53.1.13.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-53.1.13.el5.ppc64.rpm kernel-devel-2.6.18-53.1.13.el5.ppc64.rpm kernel-headers-2.6.18-53.1.13.el5.ppc.rpm kernel-headers-2.6.18-53.1.13.el5.ppc64.rpm kernel-kdump-2.6.18-53.1.13.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-53.1.13.el5.ppc64.rpm kernel-kdump-devel-2.6.18-53.1.13.el5.ppc64.rpm s390x: kernel-2.6.18-53.1.13.el5.s390x.rpm kernel-debug-2.6.18-53.1.13.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-53.1.13.el5.s390x.rpm kernel-debug-devel-2.6.18-53.1.13.el5.s390x.rpm kernel-debuginfo-2.6.18-53.1.13.el5.s390x.rpm kernel-debuginfo-common-2.6.18-53.1.13.el5.s390x.rpm kernel-devel-2.6.18-53.1.13.el5.s390x.rpm kernel-headers-2.6.18-53.1.13.el5.s390x.rpm x86_64: kernel-2.6.18-53.1.13.el5.x86_64.rpm kernel-debug-2.6.18-53.1.13.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.13.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.13.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.13.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.13.el5.x86_64.rpm kernel-devel-2.6.18-53.1.13.el5.x86_64.rpm kernel-headers-2.6.18-53.1.13.el5.x86_64.rpm kernel-xen-2.6.18-53.1.13.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.13.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.13.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHsc9OXlSAg2UNWIIRAuWNAJ0YlHdfbriXZB+KGjWCgicLT7wK7ACeNPvl QL+4M4FsPFc12XcLomhIqdg= =E28c -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 14 14:49:07 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Feb 2008 09:49:07 -0500 Subject: [RHSA-2008:0132-01] Critical: java-1.4.2-ibm security update Message-ID: <200802141449.m1EEn7h2007225@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2008:0132-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0132.html Issue date: 2008-02-14 Keywords: Security CVE Names: CVE-2007-3698 CVE-2007-4381 CVE-2007-5232 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: IBM's 1.4.2 SR10 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. The Java Secure Socket Extension (JSSE) component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processes font data. An untrusted applet could elevate its privileges, allowing the applet to perform actions with the same permissions as the logged in user. It may also be possible to crash a server application which processes untrusted font information from a third party. (CVE-2007-4381) The applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Multiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238) Untrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached malicious Applet could create network connections to services on other machines. (CVE-2007-5274) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, that contain IBM's 1.4.2 SR10 Java release which resolves these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 249539 - CVE-2007-3698 Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition 253488 - CVE-2007-4381 java: Vulnerability in the font parsing code 321951 - CVE-2007-5232 Security Vulnerability in Java Runtime Environment With Applet Caching 321961 - CVE-2007-5238 Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache 321981 - CVE-2007-5239 Untrusted Application or Applet May Move or Copy Arbitrary Files 321991 - CVE-2007-5240 Applets or Applications are allowed to display an oversized window 324351 - CVE-2007-5273 Anti-DNS Pinning and Java Applets with HTTP proxy 324361 - CVE-2007-5274 Anti-DNS Pinning and Java Applets with Opera and Firefox 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.ppc.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.ppc.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el3.ppc.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.ppc.rpm s390: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.s390.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.s390.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el3.s390.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.s390.rpm s390x: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.s390x.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.s390x.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.s390x.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.ppc.rpm s390: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.ppc.rpm s390x: java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.s390.rpm java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.10-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.10-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHtFTJXlSAg2UNWIIRAne9AJ0VRcyeI6TGgwZD0lha9JXYilLszACeP6k/ Tkxb4W9ZVzipjLP9oW6mdjc= =McE5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 21:17:54 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2008 16:17:54 -0500 Subject: [RHSA-2008:0110-01] Moderate: openldap security update Message-ID: <200802212117.m1LLHsZF028962@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security update Advisory ID: RHSA-2008:0110-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0110.html Issue date: 2008-02-21 CVE Names: CVE-2007-6698 CVE-2008-0658 ===================================================================== 1. Summary: Updated openldap packages that fix security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431203 - CVE-2007-6698 openldap: slapd crash on NOOP control operation on entry in bdb storage 432008 - CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openldap-2.2.13-8.el4_6.4.src.rpm i386: compat-openldap-2.1.30-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-clients-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-devel-2.2.13-8.el4_6.4.i386.rpm openldap-servers-2.2.13-8.el4_6.4.i386.rpm openldap-servers-sql-2.2.13-8.el4_6.4.i386.rpm ia64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.ia64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.ia64.rpm openldap-clients-2.2.13-8.el4_6.4.ia64.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.ia64.rpm openldap-devel-2.2.13-8.el4_6.4.ia64.rpm openldap-servers-2.2.13-8.el4_6.4.ia64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.ia64.rpm ppc: compat-openldap-2.1.30-8.el4_6.4.ppc.rpm compat-openldap-2.1.30-8.el4_6.4.ppc64.rpm openldap-2.2.13-8.el4_6.4.ppc.rpm openldap-2.2.13-8.el4_6.4.ppc64.rpm openldap-clients-2.2.13-8.el4_6.4.ppc.rpm openldap-debuginfo-2.2.13-8.el4_6.4.ppc.rpm openldap-debuginfo-2.2.13-8.el4_6.4.ppc64.rpm openldap-devel-2.2.13-8.el4_6.4.ppc.rpm openldap-servers-2.2.13-8.el4_6.4.ppc.rpm openldap-servers-sql-2.2.13-8.el4_6.4.ppc.rpm s390: compat-openldap-2.1.30-8.el4_6.4.s390.rpm openldap-2.2.13-8.el4_6.4.s390.rpm openldap-clients-2.2.13-8.el4_6.4.s390.rpm openldap-debuginfo-2.2.13-8.el4_6.4.s390.rpm openldap-devel-2.2.13-8.el4_6.4.s390.rpm openldap-servers-2.2.13-8.el4_6.4.s390.rpm openldap-servers-sql-2.2.13-8.el4_6.4.s390.rpm s390x: compat-openldap-2.1.30-8.el4_6.4.s390.rpm compat-openldap-2.1.30-8.el4_6.4.s390x.rpm openldap-2.2.13-8.el4_6.4.s390.rpm openldap-2.2.13-8.el4_6.4.s390x.rpm openldap-clients-2.2.13-8.el4_6.4.s390x.rpm openldap-debuginfo-2.2.13-8.el4_6.4.s390.rpm openldap-debuginfo-2.2.13-8.el4_6.4.s390x.rpm openldap-devel-2.2.13-8.el4_6.4.s390x.rpm openldap-servers-2.2.13-8.el4_6.4.s390x.rpm openldap-servers-sql-2.2.13-8.el4_6.4.s390x.rpm x86_64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.x86_64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.x86_64.rpm openldap-clients-2.2.13-8.el4_6.4.x86_64.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.x86_64.rpm openldap-devel-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openldap-2.2.13-8.el4_6.4.src.rpm i386: compat-openldap-2.1.30-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-clients-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-devel-2.2.13-8.el4_6.4.i386.rpm openldap-servers-2.2.13-8.el4_6.4.i386.rpm openldap-servers-sql-2.2.13-8.el4_6.4.i386.rpm x86_64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.x86_64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.x86_64.rpm openldap-clients-2.2.13-8.el4_6.4.x86_64.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.x86_64.rpm openldap-devel-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openldap-2.2.13-8.el4_6.4.src.rpm i386: compat-openldap-2.1.30-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-clients-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-devel-2.2.13-8.el4_6.4.i386.rpm openldap-servers-2.2.13-8.el4_6.4.i386.rpm openldap-servers-sql-2.2.13-8.el4_6.4.i386.rpm ia64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.ia64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.ia64.rpm openldap-clients-2.2.13-8.el4_6.4.ia64.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.ia64.rpm openldap-devel-2.2.13-8.el4_6.4.ia64.rpm openldap-servers-2.2.13-8.el4_6.4.ia64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.ia64.rpm x86_64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.x86_64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.x86_64.rpm openldap-clients-2.2.13-8.el4_6.4.x86_64.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.x86_64.rpm openldap-devel-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openldap-2.2.13-8.el4_6.4.src.rpm i386: compat-openldap-2.1.30-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-clients-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-devel-2.2.13-8.el4_6.4.i386.rpm openldap-servers-2.2.13-8.el4_6.4.i386.rpm openldap-servers-sql-2.2.13-8.el4_6.4.i386.rpm ia64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.ia64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.ia64.rpm openldap-clients-2.2.13-8.el4_6.4.ia64.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.ia64.rpm openldap-devel-2.2.13-8.el4_6.4.ia64.rpm openldap-servers-2.2.13-8.el4_6.4.ia64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.ia64.rpm x86_64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.x86_64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.x86_64.rpm openldap-clients-2.2.13-8.el4_6.4.x86_64.rpm openldap-debuginfo-2.2.13-8.el4_6.4.i386.rpm openldap-debuginfo-2.2.13-8.el4_6.4.x86_64.rpm openldap-devel-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.27-8.el5_1.3.src.rpm i386: compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm openldap-2.3.27-8.el5_1.3.i386.rpm openldap-clients-2.3.27-8.el5_1.3.i386.rpm openldap-debuginfo-2.3.27-8.el5_1.3.i386.rpm x86_64: compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm compat-openldap-2.3.27_2.2.29-8.el5_1.3.x86_64.rpm openldap-2.3.27-8.el5_1.3.i386.rpm openldap-2.3.27-8.el5_1.3.x86_64.rpm openldap-clients-2.3.27-8.el5_1.3.x86_64.rpm openldap-debuginfo-2.3.27-8.el5_1.3.i386.rpm openldap-debuginfo-2.3.27-8.el5_1.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.27-8.el5_1.3.src.rpm i386: openldap-debuginfo-2.3.27-8.el5_1.3.i386.rpm openldap-devel-2.3.27-8.el5_1.3.i386.rpm openldap-servers-2.3.27-8.el5_1.3.i386.rpm openldap-servers-sql-2.3.27-8.el5_1.3.i386.rpm x86_64: openldap-debuginfo-2.3.27-8.el5_1.3.i386.rpm openldap-debuginfo-2.3.27-8.el5_1.3.x86_64.rpm openldap-devel-2.3.27-8.el5_1.3.i386.rpm openldap-devel-2.3.27-8.el5_1.3.x86_64.rpm openldap-servers-2.3.27-8.el5_1.3.x86_64.rpm openldap-servers-sql-2.3.27-8.el5_1.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openldap-2.3.27-8.el5_1.3.src.rpm i386: compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm openldap-2.3.27-8.el5_1.3.i386.rpm openldap-clients-2.3.27-8.el5_1.3.i386.rpm openldap-debuginfo-2.3.27-8.el5_1.3.i386.rpm openldap-devel-2.3.27-8.el5_1.3.i386.rpm openldap-servers-2.3.27-8.el5_1.3.i386.rpm openldap-servers-sql-2.3.27-8.el5_1.3.i386.rpm ia64: compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm compat-openldap-2.3.27_2.2.29-8.el5_1.3.ia64.rpm openldap-2.3.27-8.el5_1.3.i386.rpm openldap-2.3.27-8.el5_1.3.ia64.rpm openldap-clients-2.3.27-8.el5_1.3.ia64.rpm openldap-debuginfo-2.3.27-8.el5_1.3.i386.rpm openldap-debuginfo-2.3.27-8.el5_1.3.ia64.rpm openldap-devel-2.3.27-8.el5_1.3.ia64.rpm openldap-servers-2.3.27-8.el5_1.3.ia64.rpm openldap-servers-sql-2.3.27-8.el5_1.3.ia64.rpm ppc: compat-openldap-2.3.27_2.2.29-8.el5_1.3.ppc.rpm compat-openldap-2.3.27_2.2.29-8.el5_1.3.ppc64.rpm openldap-2.3.27-8.el5_1.3.ppc.rpm openldap-2.3.27-8.el5_1.3.ppc64.rpm openldap-clients-2.3.27-8.el5_1.3.ppc.rpm openldap-debuginfo-2.3.27-8.el5_1.3.ppc.rpm openldap-debuginfo-2.3.27-8.el5_1.3.ppc64.rpm openldap-devel-2.3.27-8.el5_1.3.ppc.rpm openldap-devel-2.3.27-8.el5_1.3.ppc64.rpm openldap-servers-2.3.27-8.el5_1.3.ppc.rpm openldap-servers-sql-2.3.27-8.el5_1.3.ppc.rpm s390x: compat-openldap-2.3.27_2.2.29-8.el5_1.3.s390.rpm compat-openldap-2.3.27_2.2.29-8.el5_1.3.s390x.rpm openldap-2.3.27-8.el5_1.3.s390.rpm openldap-2.3.27-8.el5_1.3.s390x.rpm openldap-clients-2.3.27-8.el5_1.3.s390x.rpm openldap-debuginfo-2.3.27-8.el5_1.3.s390.rpm openldap-debuginfo-2.3.27-8.el5_1.3.s390x.rpm openldap-devel-2.3.27-8.el5_1.3.s390.rpm openldap-devel-2.3.27-8.el5_1.3.s390x.rpm openldap-servers-2.3.27-8.el5_1.3.s390x.rpm openldap-servers-sql-2.3.27-8.el5_1.3.s390x.rpm x86_64: compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm compat-openldap-2.3.27_2.2.29-8.el5_1.3.x86_64.rpm openldap-2.3.27-8.el5_1.3.i386.rpm openldap-2.3.27-8.el5_1.3.x86_64.rpm openldap-clients-2.3.27-8.el5_1.3.x86_64.rpm openldap-debuginfo-2.3.27-8.el5_1.3.i386.rpm openldap-debuginfo-2.3.27-8.el5_1.3.x86_64.rpm openldap-devel-2.3.27-8.el5_1.3.i386.rpm openldap-devel-2.3.27-8.el5_1.3.x86_64.rpm openldap-servers-2.3.27-8.el5_1.3.x86_64.rpm openldap-servers-sql-2.3.27-8.el5_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHvepsXlSAg2UNWIIRAvUcAJ4x+cPmnK6QWQEbF8/ork+eoNLhywCggkSj YyOZ8RsS6dQeAF5CA9gO4HI= =f310 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 21:19:21 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2008 16:19:21 -0500 Subject: [RHSA-2008:0134-01] Moderate: tcltk security update Message-ID: <200802212119.m1LLJLDR029073@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tcltk security update Advisory ID: RHSA-2008:0134-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0134.html Issue date: 2008-02-21 CVE Names: CVE-2008-0553 CVE-2007-5378 CVE-2007-4772 ===================================================================== 1. Summary: Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Tcl is a scripting language designed for embedding into other applications and for use with Tk, a widget set. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) A flaw in the Tcl regular expression handling engine was discovered by Will Drewry. This flaw, first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. (CVE-2007-4772) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code 332021 - CVE-2007-5378 Tk GIF processing buffer overflow 431518 - CVE-2008-0553 tk: GIF handling buffer overflow 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tcltk-8.3.3-75.src.rpm i386: expect-5.38.0-75.i386.rpm itcl-3.2-75.i386.rpm tcl-8.3.3-75.i386.rpm tcllib-1.0-75.i386.rpm tclx-8.3-75.i386.rpm tix-8.2.0b1-75.i386.rpm tk-8.3.3-75.i386.rpm ia64: expect-5.38.0-75.ia64.rpm itcl-3.2-75.ia64.rpm tcl-8.3.3-75.ia64.rpm tcllib-1.0-75.ia64.rpm tclx-8.3-75.ia64.rpm tix-8.2.0b1-75.ia64.rpm tk-8.3.3-75.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tcltk-8.3.3-75.src.rpm ia64: expect-5.38.0-75.ia64.rpm itcl-3.2-75.ia64.rpm tcl-8.3.3-75.ia64.rpm tcllib-1.0-75.ia64.rpm tclx-8.3-75.ia64.rpm tix-8.2.0b1-75.ia64.rpm tk-8.3.3-75.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tcltk-8.3.3-75.src.rpm i386: expect-5.38.0-75.i386.rpm itcl-3.2-75.i386.rpm tcl-8.3.3-75.i386.rpm tcllib-1.0-75.i386.rpm tclx-8.3-75.i386.rpm tix-8.2.0b1-75.i386.rpm tk-8.3.3-75.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tcltk-8.3.3-75.src.rpm i386: expect-5.38.0-75.i386.rpm itcl-3.2-75.i386.rpm tcl-8.3.3-75.i386.rpm tcllib-1.0-75.i386.rpm tclx-8.3-75.i386.rpm tix-8.2.0b1-75.i386.rpm tk-8.3.3-75.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm i386: expect-5.38.0-92.8.i386.rpm expect-devel-5.38.0-92.8.i386.rpm itcl-3.2-92.8.i386.rpm tcl-8.3.5-92.8.i386.rpm tcl-devel-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tclx-8.3-92.8.i386.rpm tix-8.1.4-92.8.i386.rpm tk-8.3.5-92.8.i386.rpm tk-devel-8.3.5-92.8.i386.rpm ia64: expect-5.38.0-92.8.ia64.rpm expect-devel-5.38.0-92.8.ia64.rpm itcl-3.2-92.8.ia64.rpm tcl-8.3.5-92.8.i386.rpm tcl-8.3.5-92.8.ia64.rpm tcl-devel-8.3.5-92.8.ia64.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.ia64.rpm tclx-8.3-92.8.i386.rpm tclx-8.3-92.8.ia64.rpm tix-8.1.4-92.8.ia64.rpm tk-8.3.5-92.8.i386.rpm tk-8.3.5-92.8.ia64.rpm tk-devel-8.3.5-92.8.ia64.rpm ppc: expect-5.38.0-92.8.ppc.rpm expect-devel-5.38.0-92.8.ppc.rpm itcl-3.2-92.8.ppc.rpm tcl-8.3.5-92.8.ppc.rpm tcl-8.3.5-92.8.ppc64.rpm tcl-devel-8.3.5-92.8.ppc.rpm tcltk-debuginfo-8.3.5-92.8.ppc.rpm tcltk-debuginfo-8.3.5-92.8.ppc64.rpm tclx-8.3-92.8.ppc.rpm tclx-8.3-92.8.ppc64.rpm tix-8.1.4-92.8.ppc.rpm tk-8.3.5-92.8.ppc.rpm tk-8.3.5-92.8.ppc64.rpm tk-devel-8.3.5-92.8.ppc.rpm s390: expect-5.38.0-92.8.s390.rpm expect-devel-5.38.0-92.8.s390.rpm itcl-3.2-92.8.s390.rpm tcl-8.3.5-92.8.s390.rpm tcl-devel-8.3.5-92.8.s390.rpm tcltk-debuginfo-8.3.5-92.8.s390.rpm tclx-8.3-92.8.s390.rpm tix-8.1.4-92.8.s390.rpm tk-8.3.5-92.8.s390.rpm tk-devel-8.3.5-92.8.s390.rpm s390x: expect-5.38.0-92.8.s390x.rpm expect-devel-5.38.0-92.8.s390x.rpm itcl-3.2-92.8.s390x.rpm tcl-8.3.5-92.8.s390.rpm tcl-8.3.5-92.8.s390x.rpm tcl-devel-8.3.5-92.8.s390x.rpm tcltk-debuginfo-8.3.5-92.8.s390.rpm tcltk-debuginfo-8.3.5-92.8.s390x.rpm tclx-8.3-92.8.s390.rpm tclx-8.3-92.8.s390x.rpm tix-8.1.4-92.8.s390x.rpm tk-8.3.5-92.8.s390.rpm tk-8.3.5-92.8.s390x.rpm tk-devel-8.3.5-92.8.s390x.rpm x86_64: expect-5.38.0-92.8.x86_64.rpm expect-devel-5.38.0-92.8.x86_64.rpm itcl-3.2-92.8.x86_64.rpm tcl-8.3.5-92.8.i386.rpm tcl-8.3.5-92.8.x86_64.rpm tcl-devel-8.3.5-92.8.x86_64.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.x86_64.rpm tclx-8.3-92.8.i386.rpm tclx-8.3-92.8.x86_64.rpm tix-8.1.4-92.8.x86_64.rpm tk-8.3.5-92.8.i386.rpm tk-8.3.5-92.8.x86_64.rpm tk-devel-8.3.5-92.8.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm i386: expect-5.38.0-92.8.i386.rpm expect-devel-5.38.0-92.8.i386.rpm itcl-3.2-92.8.i386.rpm tcl-8.3.5-92.8.i386.rpm tcl-devel-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tclx-8.3-92.8.i386.rpm tix-8.1.4-92.8.i386.rpm tk-8.3.5-92.8.i386.rpm tk-devel-8.3.5-92.8.i386.rpm x86_64: expect-5.38.0-92.8.x86_64.rpm expect-devel-5.38.0-92.8.x86_64.rpm itcl-3.2-92.8.x86_64.rpm tcl-8.3.5-92.8.i386.rpm tcl-8.3.5-92.8.x86_64.rpm tcl-devel-8.3.5-92.8.x86_64.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.x86_64.rpm tclx-8.3-92.8.i386.rpm tclx-8.3-92.8.x86_64.rpm tix-8.1.4-92.8.x86_64.rpm tk-8.3.5-92.8.i386.rpm tk-8.3.5-92.8.x86_64.rpm tk-devel-8.3.5-92.8.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm i386: expect-5.38.0-92.8.i386.rpm expect-devel-5.38.0-92.8.i386.rpm itcl-3.2-92.8.i386.rpm tcl-8.3.5-92.8.i386.rpm tcl-devel-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tclx-8.3-92.8.i386.rpm tix-8.1.4-92.8.i386.rpm tk-8.3.5-92.8.i386.rpm tk-devel-8.3.5-92.8.i386.rpm ia64: expect-5.38.0-92.8.ia64.rpm expect-devel-5.38.0-92.8.ia64.rpm itcl-3.2-92.8.ia64.rpm tcl-8.3.5-92.8.i386.rpm tcl-8.3.5-92.8.ia64.rpm tcl-devel-8.3.5-92.8.ia64.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.ia64.rpm tclx-8.3-92.8.i386.rpm tclx-8.3-92.8.ia64.rpm tix-8.1.4-92.8.ia64.rpm tk-8.3.5-92.8.i386.rpm tk-8.3.5-92.8.ia64.rpm tk-devel-8.3.5-92.8.ia64.rpm x86_64: expect-5.38.0-92.8.x86_64.rpm expect-devel-5.38.0-92.8.x86_64.rpm itcl-3.2-92.8.x86_64.rpm tcl-8.3.5-92.8.i386.rpm tcl-8.3.5-92.8.x86_64.rpm tcl-devel-8.3.5-92.8.x86_64.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.x86_64.rpm tclx-8.3-92.8.i386.rpm tclx-8.3-92.8.x86_64.rpm tix-8.1.4-92.8.x86_64.rpm tk-8.3.5-92.8.i386.rpm tk-8.3.5-92.8.x86_64.rpm tk-devel-8.3.5-92.8.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tcltk-8.3.5-92.8.src.rpm i386: expect-5.38.0-92.8.i386.rpm expect-devel-5.38.0-92.8.i386.rpm itcl-3.2-92.8.i386.rpm tcl-8.3.5-92.8.i386.rpm tcl-devel-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tclx-8.3-92.8.i386.rpm tix-8.1.4-92.8.i386.rpm tk-8.3.5-92.8.i386.rpm tk-devel-8.3.5-92.8.i386.rpm ia64: expect-5.38.0-92.8.ia64.rpm expect-devel-5.38.0-92.8.ia64.rpm itcl-3.2-92.8.ia64.rpm tcl-8.3.5-92.8.i386.rpm tcl-8.3.5-92.8.ia64.rpm tcl-devel-8.3.5-92.8.ia64.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.ia64.rpm tclx-8.3-92.8.i386.rpm tclx-8.3-92.8.ia64.rpm tix-8.1.4-92.8.ia64.rpm tk-8.3.5-92.8.i386.rpm tk-8.3.5-92.8.ia64.rpm tk-devel-8.3.5-92.8.ia64.rpm x86_64: expect-5.38.0-92.8.x86_64.rpm expect-devel-5.38.0-92.8.x86_64.rpm itcl-3.2-92.8.x86_64.rpm tcl-8.3.5-92.8.i386.rpm tcl-8.3.5-92.8.x86_64.rpm tcl-devel-8.3.5-92.8.x86_64.rpm tcltk-debuginfo-8.3.5-92.8.i386.rpm tcltk-debuginfo-8.3.5-92.8.x86_64.rpm tclx-8.3-92.8.i386.rpm tclx-8.3-92.8.x86_64.rpm tix-8.1.4-92.8.x86_64.rpm tk-8.3.5-92.8.i386.rpm tk-8.3.5-92.8.x86_64.rpm tk-devel-8.3.5-92.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHveqJXlSAg2UNWIIRAuZNAJ9rwJhE+mNOpHRvlsN2IxtAcjLWuACgo6qj ryPjT1L0s/ng8+12m/viQBE= =iyZR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 21:20:40 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2008 16:20:40 -0500 Subject: [RHSA-2008:0135-01] Moderate: tk security update Message-ID: <200802212120.m1LLKe3A029632@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tk security update Advisory ID: RHSA-2008:0135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0135.html Issue date: 2008-02-21 CVE Names: CVE-2008-0553 CVE-2007-5378 ===================================================================== 1. Summary: Updated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64 3. Description: Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) All users are advised to upgrade to these updated packages which contain a backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 332021 - CVE-2007-5378 Tk GIF processing buffer overflow 431518 - CVE-2008-0553 tk: GIF handling buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4.5.z: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tk-8.4.7-3.el4_6.1.src.rpm i386: tk-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-devel-8.4.7-3.el4_6.1.i386.rpm ia64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.ia64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.ia64.rpm tk-devel-8.4.7-3.el4_6.1.ia64.rpm ppc: tk-8.4.7-3.el4_6.1.ppc.rpm tk-8.4.7-3.el4_6.1.ppc64.rpm tk-debuginfo-8.4.7-3.el4_6.1.ppc.rpm tk-debuginfo-8.4.7-3.el4_6.1.ppc64.rpm tk-devel-8.4.7-3.el4_6.1.ppc.rpm s390: tk-8.4.7-3.el4_6.1.s390.rpm tk-debuginfo-8.4.7-3.el4_6.1.s390.rpm tk-devel-8.4.7-3.el4_6.1.s390.rpm s390x: tk-8.4.7-3.el4_6.1.s390.rpm tk-8.4.7-3.el4_6.1.s390x.rpm tk-debuginfo-8.4.7-3.el4_6.1.s390.rpm tk-debuginfo-8.4.7-3.el4_6.1.s390x.rpm tk-devel-8.4.7-3.el4_6.1.s390x.rpm x86_64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.x86_64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.x86_64.rpm tk-devel-8.4.7-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4.5.z: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tk-8.4.7-3.el4_6.1.src.rpm i386: tk-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-devel-8.4.7-3.el4_6.1.i386.rpm ia64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.ia64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.ia64.rpm tk-devel-8.4.7-3.el4_6.1.ia64.rpm x86_64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.x86_64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.x86_64.rpm tk-devel-8.4.7-3.el4_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHvesdXlSAg2UNWIIRAr7aAJoDvi7NoF8Ik4VWVMXgbxcxImiBVwCgsbuo jl5islZc99C8pp2hh/gMCKw= =Zwth -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 21:23:04 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2008 16:23:04 -0500 Subject: [RHSA-2008:0136-01] Moderate: tk security update Message-ID: <200802212123.m1LLN4oa029792@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tk security update Advisory ID: RHSA-2008:0136-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0136.html Issue date: 2008-02-21 CVE Names: CVE-2008-0553 CVE-2007-5137 ===================================================================== 1. Summary: Updated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5137) All users are advised to upgrade to these updated packages which contain a backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 290991 - CVE-2007-5137 Tk GIF processing buffer overflow 431518 - CVE-2008-0553 tk: GIF handling buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tk-8.4.13-5.el5_1.1.src.rpm i386: tk-8.4.13-5.el5_1.1.i386.rpm tk-debuginfo-8.4.13-5.el5_1.1.i386.rpm x86_64: tk-8.4.13-5.el5_1.1.i386.rpm tk-8.4.13-5.el5_1.1.x86_64.rpm tk-debuginfo-8.4.13-5.el5_1.1.i386.rpm tk-debuginfo-8.4.13-5.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tk-8.4.13-5.el5_1.1.src.rpm i386: tk-debuginfo-8.4.13-5.el5_1.1.i386.rpm tk-devel-8.4.13-5.el5_1.1.i386.rpm x86_64: tk-debuginfo-8.4.13-5.el5_1.1.i386.rpm tk-debuginfo-8.4.13-5.el5_1.1.x86_64.rpm tk-devel-8.4.13-5.el5_1.1.i386.rpm tk-devel-8.4.13-5.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tk-8.4.13-5.el5_1.1.src.rpm i386: tk-8.4.13-5.el5_1.1.i386.rpm tk-debuginfo-8.4.13-5.el5_1.1.i386.rpm tk-devel-8.4.13-5.el5_1.1.i386.rpm ia64: tk-8.4.13-5.el5_1.1.ia64.rpm tk-debuginfo-8.4.13-5.el5_1.1.ia64.rpm tk-devel-8.4.13-5.el5_1.1.ia64.rpm ppc: tk-8.4.13-5.el5_1.1.ppc.rpm tk-8.4.13-5.el5_1.1.ppc64.rpm tk-debuginfo-8.4.13-5.el5_1.1.ppc.rpm tk-debuginfo-8.4.13-5.el5_1.1.ppc64.rpm tk-devel-8.4.13-5.el5_1.1.ppc.rpm tk-devel-8.4.13-5.el5_1.1.ppc64.rpm s390x: tk-8.4.13-5.el5_1.1.s390.rpm tk-8.4.13-5.el5_1.1.s390x.rpm tk-debuginfo-8.4.13-5.el5_1.1.s390.rpm tk-debuginfo-8.4.13-5.el5_1.1.s390x.rpm tk-devel-8.4.13-5.el5_1.1.s390.rpm tk-devel-8.4.13-5.el5_1.1.s390x.rpm x86_64: tk-8.4.13-5.el5_1.1.i386.rpm tk-8.4.13-5.el5_1.1.x86_64.rpm tk-debuginfo-8.4.13-5.el5_1.1.i386.rpm tk-debuginfo-8.4.13-5.el5_1.1.x86_64.rpm tk-devel-8.4.13-5.el5_1.1.i386.rpm tk-devel-8.4.13-5.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHveudXlSAg2UNWIIRAqAgAJ9wNvnYbegDRZL+kPlgQOLpum0kxgCfeZT6 sYXVuTqpnE8xnilbwP3GgQA= =QwuE -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 21:32:36 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2008 16:32:36 -0500 Subject: [RHSA-2008:0157-01] Important: cups security update Message-ID: <200802212132.m1LLWaIU031517@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2008:0157-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0157.html Issue date: 2008-02-21 CVE Names: CVE-2008-0882 ===================================================================== 1. Summary: Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. The Internet Printing Protocol (IPP) is a standard network protocol for remote printing, as well as managing print jobs. A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. (CVE-2008-0882) Note: the default configuration of CUPS on Red Hat Enterprise Linux 5 will only accept requests of this type from the local subnet. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. All cups users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 433758 - CVE-2008-0882 cups: double free vulnerability in process_browse_data() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.4.src.rpm i386: cups-1.2.4-11.14.el5_1.4.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.i386.rpm cups-libs-1.2.4-11.14.el5_1.4.i386.rpm cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm x86_64: cups-1.2.4-11.14.el5_1.4.x86_64.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.x86_64.rpm cups-libs-1.2.4-11.14.el5_1.4.i386.rpm cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.2.4-11.14.el5_1.4.src.rpm i386: cups-debuginfo-1.2.4-11.14.el5_1.4.i386.rpm cups-devel-1.2.4-11.14.el5_1.4.i386.rpm x86_64: cups-debuginfo-1.2.4-11.14.el5_1.4.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.x86_64.rpm cups-devel-1.2.4-11.14.el5_1.4.i386.rpm cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.2.4-11.14.el5_1.4.src.rpm i386: cups-1.2.4-11.14.el5_1.4.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.i386.rpm cups-devel-1.2.4-11.14.el5_1.4.i386.rpm cups-libs-1.2.4-11.14.el5_1.4.i386.rpm cups-lpd-1.2.4-11.14.el5_1.4.i386.rpm ia64: cups-1.2.4-11.14.el5_1.4.ia64.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.ia64.rpm cups-devel-1.2.4-11.14.el5_1.4.ia64.rpm cups-libs-1.2.4-11.14.el5_1.4.i386.rpm cups-libs-1.2.4-11.14.el5_1.4.ia64.rpm cups-lpd-1.2.4-11.14.el5_1.4.ia64.rpm ppc: cups-1.2.4-11.14.el5_1.4.ppc.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.ppc.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.ppc64.rpm cups-devel-1.2.4-11.14.el5_1.4.ppc.rpm cups-devel-1.2.4-11.14.el5_1.4.ppc64.rpm cups-libs-1.2.4-11.14.el5_1.4.ppc.rpm cups-libs-1.2.4-11.14.el5_1.4.ppc64.rpm cups-lpd-1.2.4-11.14.el5_1.4.ppc.rpm s390x: cups-1.2.4-11.14.el5_1.4.s390x.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.s390.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.s390x.rpm cups-devel-1.2.4-11.14.el5_1.4.s390.rpm cups-devel-1.2.4-11.14.el5_1.4.s390x.rpm cups-libs-1.2.4-11.14.el5_1.4.s390.rpm cups-libs-1.2.4-11.14.el5_1.4.s390x.rpm cups-lpd-1.2.4-11.14.el5_1.4.s390x.rpm x86_64: cups-1.2.4-11.14.el5_1.4.x86_64.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.i386.rpm cups-debuginfo-1.2.4-11.14.el5_1.4.x86_64.rpm cups-devel-1.2.4-11.14.el5_1.4.i386.rpm cups-devel-1.2.4-11.14.el5_1.4.x86_64.rpm cups-libs-1.2.4-11.14.el5_1.4.i386.rpm cups-libs-1.2.4-11.14.el5_1.4.x86_64.rpm cups-lpd-1.2.4-11.14.el5_1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHve3aXlSAg2UNWIIRAnUBAJ9ZBSk64eE+AhmxWYAKGqnnwEAGqQCgizza yQSL2XZhCSBRMdkQJzw9Pq4= =nzQJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 22 16:50:55 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Feb 2008 11:50:55 -0500 Subject: [RHSA-2008:0135-02] Moderate: tk security update Message-ID: <200802221650.m1MGotd4015402@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tk security update Advisory ID: RHSA-2008:0135-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0135.html Issue date: 2008-02-21 Updated on: 2008-02-22 CVE Names: CVE-2008-0553 CVE-2007-5378 ===================================================================== 1. Summary: Updated tk packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 22 February 2008] The packages in this errata were originally pushed to the wrong Red Hat Network channels and were not available to all users. We have updated this errata with the correct channels. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) All users are advised to upgrade to these updated packages which contain a backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 332021 - CVE-2007-5378 Tk GIF processing buffer overflow 431518 - CVE-2008-0553 tk: GIF handling buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tk-8.4.7-3.el4_6.1.src.rpm i386: tk-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-devel-8.4.7-3.el4_6.1.i386.rpm ia64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.ia64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.ia64.rpm tk-devel-8.4.7-3.el4_6.1.ia64.rpm ppc: tk-8.4.7-3.el4_6.1.ppc.rpm tk-8.4.7-3.el4_6.1.ppc64.rpm tk-debuginfo-8.4.7-3.el4_6.1.ppc.rpm tk-debuginfo-8.4.7-3.el4_6.1.ppc64.rpm tk-devel-8.4.7-3.el4_6.1.ppc.rpm s390: tk-8.4.7-3.el4_6.1.s390.rpm tk-debuginfo-8.4.7-3.el4_6.1.s390.rpm tk-devel-8.4.7-3.el4_6.1.s390.rpm s390x: tk-8.4.7-3.el4_6.1.s390.rpm tk-8.4.7-3.el4_6.1.s390x.rpm tk-debuginfo-8.4.7-3.el4_6.1.s390.rpm tk-debuginfo-8.4.7-3.el4_6.1.s390x.rpm tk-devel-8.4.7-3.el4_6.1.s390x.rpm x86_64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.x86_64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.x86_64.rpm tk-devel-8.4.7-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tk-8.4.7-3.el4_6.1.src.rpm i386: tk-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-devel-8.4.7-3.el4_6.1.i386.rpm x86_64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.x86_64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.x86_64.rpm tk-devel-8.4.7-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tk-8.4.7-3.el4_6.1.src.rpm i386: tk-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-devel-8.4.7-3.el4_6.1.i386.rpm ia64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.ia64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.ia64.rpm tk-devel-8.4.7-3.el4_6.1.ia64.rpm x86_64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.x86_64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.x86_64.rpm tk-devel-8.4.7-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tk-8.4.7-3.el4_6.1.src.rpm i386: tk-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-devel-8.4.7-3.el4_6.1.i386.rpm ia64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.ia64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.ia64.rpm tk-devel-8.4.7-3.el4_6.1.ia64.rpm x86_64: tk-8.4.7-3.el4_6.1.i386.rpm tk-8.4.7-3.el4_6.1.x86_64.rpm tk-debuginfo-8.4.7-3.el4_6.1.i386.rpm tk-debuginfo-8.4.7-3.el4_6.1.x86_64.rpm tk-devel-8.4.7-3.el4_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHvv1eXlSAg2UNWIIRApOwAJ9BD2SX0huPrh3pv5oTT7h0JffS0gCfQF65 85rttpQhbVbqFKQrhZL6jpo= =5Zpj -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 22 17:00:13 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Feb 2008 12:00:13 -0500 Subject: [RHSA-2008:0144-01] Critical: acroread security update Message-ID: <200802221700.m1MH0DaC017304@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2008:0144-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0144.html Issue date: 2008-02-22 CVE Names: CVE-2007-5659 CVE-2007-5663 CVE-2007-5666 CVE-2007-0044 CVE-2008-0655 CVE-2008-0667 CVE-2008-0726 ===================================================================== 1. Summary: Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: The Adobe Reader allows users to view and print documents in portable document format (PDF). Several flaws were found in the way Adobe Reader processed malformed PDF files. An attacker could create a malicious PDF file which could execute arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0726) A flaw was found in the way the Adobe Reader browser plug-in honored certain requests. A malicious PDF file could cause the browser to request an unauthorized URL, allowing for a cross-site request forgery attack. (CVE-2007-0044) A flaw was found in Adobe Reader's JavaScript API DOC.print function. A malicious PDF file could silently trigger non-interactive printing of the document, causing multiple copies to be printed without the users consent. (CVE-2008-0667) Additionally, this update fixes multiple unknown flaws in Adobe Reader. When the information regarding these flaws is made public by Adobe, it will be added to this advisory. (CVE-2008-0655) Note: Adobe have yet to release security fixed versions of Adobe 7. All users of Adobe Reader are, therefore, advised to install these updated packages. They contain Adobe Reader version 8.1.2, which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 223113 - CVE-2007-0044 Acrobat Reader Universal CSRF and session riding 431985 - CVE-2008-0655 acroread: unspecified vulnerabilities 432471 - CVE-2008-0667 acroread: silent print vulnerability 432629 - CVE-2007-5659 acroread Multiple buffer overflows 432630 - CVE-2007-5663 acroread JavaScript Insecure Method Exposure 432632 - CVE-2007-5666 acroread JavaScript Insecure Libary Search Path 432757 - CVE-2008-0726 Acroread memory corruption 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: acroread-8.1.2-1.el3.6.i386.rpm acroread-plugin-8.1.2-1.el3.6.i386.rpm x86_64: acroread-8.1.2-1.el3.6.i386.rpm Red Hat Desktop version 3 Extras: i386: acroread-8.1.2-1.el3.6.i386.rpm acroread-plugin-8.1.2-1.el3.6.i386.rpm x86_64: acroread-8.1.2-1.el3.6.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: acroread-8.1.2-1.el3.6.i386.rpm acroread-plugin-8.1.2-1.el3.6.i386.rpm x86_64: acroread-8.1.2-1.el3.6.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: acroread-8.1.2-1.el3.6.i386.rpm acroread-plugin-8.1.2-1.el3.6.i386.rpm x86_64: acroread-8.1.2-1.el3.6.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-8.1.2-1.el4.2.i386.rpm acroread-plugin-8.1.2-1.el4.2.i386.rpm x86_64: acroread-8.1.2-1.el4.2.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-8.1.2-1.el4.2.i386.rpm acroread-plugin-8.1.2-1.el4.2.i386.rpm x86_64: acroread-8.1.2-1.el4.2.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-8.1.2-1.el4.2.i386.rpm acroread-plugin-8.1.2-1.el4.2.i386.rpm x86_64: acroread-8.1.2-1.el4.2.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-8.1.2-1.el4.2.i386.rpm acroread-plugin-8.1.2-1.el4.2.i386.rpm x86_64: acroread-8.1.2-1.el4.2.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: acroread-8.1.2-1.el5.3.i386.rpm acroread-plugin-8.1.2-1.el5.3.i386.rpm x86_64: acroread-8.1.2-1.el5.3.i386.rpm acroread-plugin-8.1.2-1.el5.3.i386.rpm RHEL Supplementary (v. 5 server): i386: acroread-8.1.2-1.el5.3.i386.rpm acroread-plugin-8.1.2-1.el5.3.i386.rpm x86_64: acroread-8.1.2-1.el5.3.i386.rpm acroread-plugin-8.1.2-1.el5.3.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0726 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHvv90XlSAg2UNWIIRAmsAAJsGwERLrCU4RaHJU3wzn8nBdSkcBACdGLS2 aS9vgj1R4bYqskDdOH8lsdQ= =qrEO -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 25 14:24:14 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Feb 2008 09:24:14 -0500 Subject: [RHSA-2008:0153-01] Important: cups security update Message-ID: <200802251424.m1PEOEKx008699@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2008:0153-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0153.html Issue date: 2008-02-25 CVE Names: CVE-2008-0596 CVE-2008-0597 ===================================================================== 1. Summary: Updated cups packages that fixes two security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 3. Note that the default configuration of CUPS on Red Hat Enterprise Linux 3 allow requests of this type only from the local subnet. In addition, these updated cups packages fix a bug that occurred when using the CUPS polling daemon. Excessive debugging log information was saved to the error_log file regardless of the LogLevel setting, which filled up disk space rapidly. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 246545 - Cups fills up logfiles if queue is turned on 433825 - CVE-2008-0596 cups: memory leak handling IPP browse requests 433847 - CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.51.src.rpm i386: cups-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-devel-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.i386.rpm ia64: cups-1.1.17-13.3.51.ia64.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.ia64.rpm cups-devel-1.1.17-13.3.51.ia64.rpm cups-libs-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.ia64.rpm ppc: cups-1.1.17-13.3.51.ppc.rpm cups-debuginfo-1.1.17-13.3.51.ppc.rpm cups-debuginfo-1.1.17-13.3.51.ppc64.rpm cups-devel-1.1.17-13.3.51.ppc.rpm cups-libs-1.1.17-13.3.51.ppc.rpm cups-libs-1.1.17-13.3.51.ppc64.rpm s390: cups-1.1.17-13.3.51.s390.rpm cups-debuginfo-1.1.17-13.3.51.s390.rpm cups-devel-1.1.17-13.3.51.s390.rpm cups-libs-1.1.17-13.3.51.s390.rpm s390x: cups-1.1.17-13.3.51.s390x.rpm cups-debuginfo-1.1.17-13.3.51.s390.rpm cups-debuginfo-1.1.17-13.3.51.s390x.rpm cups-devel-1.1.17-13.3.51.s390x.rpm cups-libs-1.1.17-13.3.51.s390.rpm cups-libs-1.1.17-13.3.51.s390x.rpm x86_64: cups-1.1.17-13.3.51.x86_64.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.x86_64.rpm cups-devel-1.1.17-13.3.51.x86_64.rpm cups-libs-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.51.src.rpm i386: cups-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-devel-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.i386.rpm x86_64: cups-1.1.17-13.3.51.x86_64.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.x86_64.rpm cups-devel-1.1.17-13.3.51.x86_64.rpm cups-libs-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.51.src.rpm i386: cups-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-devel-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.i386.rpm ia64: cups-1.1.17-13.3.51.ia64.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.ia64.rpm cups-devel-1.1.17-13.3.51.ia64.rpm cups-libs-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.ia64.rpm x86_64: cups-1.1.17-13.3.51.x86_64.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.x86_64.rpm cups-devel-1.1.17-13.3.51.x86_64.rpm cups-libs-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.51.src.rpm i386: cups-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-devel-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.i386.rpm ia64: cups-1.1.17-13.3.51.ia64.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.ia64.rpm cups-devel-1.1.17-13.3.51.ia64.rpm cups-libs-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.ia64.rpm x86_64: cups-1.1.17-13.3.51.x86_64.rpm cups-debuginfo-1.1.17-13.3.51.i386.rpm cups-debuginfo-1.1.17-13.3.51.x86_64.rpm cups-devel-1.1.17-13.3.51.x86_64.rpm cups-libs-1.1.17-13.3.51.i386.rpm cups-libs-1.1.17-13.3.51.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHws+IXlSAg2UNWIIRAqdPAJwLMg8/K2+HGWaEcVtGJsXSbtP1jgCgpE9+ JZuPcxY0STp2AqKp4pE3wRI= =3O5e -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 25 14:25:26 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Feb 2008 09:25:26 -0500 Subject: [RHSA-2008:0161-01] Important: cups security update Message-ID: <200802251425.m1PEPVoU009239@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2008:0161-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0161.html Issue date: 2008-02-25 CVE Names: CVE-2008-0596 CVE-2008-0597 ===================================================================== 1. Summary: Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 433825 - CVE-2008-0596 cups: memory leak handling IPP browse requests 433847 - CVE-2008-0597 cups: dereference of free'd memory handling IPP browse requests 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm ia64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm ppc: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.ppc64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ppc64.rpm s390: cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm s390x: cups-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.s390x.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm ia64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm i386: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm ia64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.ia64.rpm x86_64: cups-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-debuginfo-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHws+eXlSAg2UNWIIRAiLDAJ9/0vK7RxY5i8MPBSf5tvl/RM7lVACcCjUz 3IQgbJDXzJ9xpD+OUjWES7Y= =B2Se -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 27 22:15:15 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Feb 2008 17:15:15 -0500 Subject: [RHSA-2008:0155-01] Important: ghostscript security update Message-ID: <200802272215.m1RMFFCu030329@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ghostscript security update Advisory ID: RHSA-2008:0155-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0155.html Issue date: 2008-02-27 CVE Names: CVE-2008-0411 ===================================================================== 1. Summary: Updated ghostscript packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Ghostscript is a program for displaying PostScript files, or printing them to non-PostScript printers. Chris Evans from the Google Security Team reported a stack-based buffer overflow flaw in Ghostscript's zseticcspace() function. An attacker could create a malicious PostScript file that would cause Ghostscript to execute arbitrary code when opened. (CVE-2008-0411) These updated packages also fix a bug, which prevented the pxlmono printer driver from producing valid output on Red Hat Enterprise Linux 4. All users of ghostscript are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431536 - CVE-2008-0411 ghostscript: stack-based buffer overflow in .seticcspace operator 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ghostscript-7.05-32.1.13.src.rpm i386: ghostscript-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-devel-7.05-32.1.13.i386.rpm hpijs-1.3-32.1.13.i386.rpm ia64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.ia64.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.ia64.rpm ghostscript-devel-7.05-32.1.13.ia64.rpm hpijs-1.3-32.1.13.ia64.rpm ppc: ghostscript-7.05-32.1.13.ppc.rpm ghostscript-7.05-32.1.13.ppc64.rpm ghostscript-debuginfo-7.05-32.1.13.ppc.rpm ghostscript-debuginfo-7.05-32.1.13.ppc64.rpm ghostscript-devel-7.05-32.1.13.ppc.rpm hpijs-1.3-32.1.13.ppc.rpm s390: ghostscript-7.05-32.1.13.s390.rpm ghostscript-debuginfo-7.05-32.1.13.s390.rpm ghostscript-devel-7.05-32.1.13.s390.rpm hpijs-1.3-32.1.13.s390.rpm s390x: ghostscript-7.05-32.1.13.s390.rpm ghostscript-7.05-32.1.13.s390x.rpm ghostscript-debuginfo-7.05-32.1.13.s390.rpm ghostscript-debuginfo-7.05-32.1.13.s390x.rpm ghostscript-devel-7.05-32.1.13.s390x.rpm hpijs-1.3-32.1.13.s390x.rpm x86_64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.x86_64.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.x86_64.rpm ghostscript-devel-7.05-32.1.13.x86_64.rpm hpijs-1.3-32.1.13.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ghostscript-7.05-32.1.13.src.rpm i386: ghostscript-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-devel-7.05-32.1.13.i386.rpm hpijs-1.3-32.1.13.i386.rpm x86_64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.x86_64.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.x86_64.rpm ghostscript-devel-7.05-32.1.13.x86_64.rpm hpijs-1.3-32.1.13.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ghostscript-7.05-32.1.13.src.rpm i386: ghostscript-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-devel-7.05-32.1.13.i386.rpm hpijs-1.3-32.1.13.i386.rpm ia64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.ia64.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.ia64.rpm ghostscript-devel-7.05-32.1.13.ia64.rpm hpijs-1.3-32.1.13.ia64.rpm x86_64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.x86_64.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.x86_64.rpm ghostscript-devel-7.05-32.1.13.x86_64.rpm hpijs-1.3-32.1.13.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ghostscript-7.05-32.1.13.src.rpm i386: ghostscript-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-devel-7.05-32.1.13.i386.rpm hpijs-1.3-32.1.13.i386.rpm ia64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.ia64.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.ia64.rpm ghostscript-devel-7.05-32.1.13.ia64.rpm hpijs-1.3-32.1.13.ia64.rpm x86_64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.x86_64.rpm ghostscript-debuginfo-7.05-32.1.13.i386.rpm ghostscript-debuginfo-7.05-32.1.13.x86_64.rpm ghostscript-devel-7.05-32.1.13.x86_64.rpm hpijs-1.3-32.1.13.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ghostscript-7.07-33.2.el4_6.1.src.rpm i386: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-devel-7.07-33.2.el4_6.1.i386.rpm ghostscript-gtk-7.07-33.2.el4_6.1.i386.rpm ia64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.ia64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.ia64.rpm ghostscript-devel-7.07-33.2.el4_6.1.ia64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.ia64.rpm ppc: ghostscript-7.07-33.2.el4_6.1.ppc.rpm ghostscript-7.07-33.2.el4_6.1.ppc64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.ppc.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.ppc64.rpm ghostscript-devel-7.07-33.2.el4_6.1.ppc.rpm ghostscript-gtk-7.07-33.2.el4_6.1.ppc.rpm s390: ghostscript-7.07-33.2.el4_6.1.s390.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.s390.rpm ghostscript-devel-7.07-33.2.el4_6.1.s390.rpm ghostscript-gtk-7.07-33.2.el4_6.1.s390.rpm s390x: ghostscript-7.07-33.2.el4_6.1.s390.rpm ghostscript-7.07-33.2.el4_6.1.s390x.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.s390.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.s390x.rpm ghostscript-devel-7.07-33.2.el4_6.1.s390x.rpm ghostscript-gtk-7.07-33.2.el4_6.1.s390x.rpm x86_64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-devel-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ghostscript-7.07-33.2.el4_6.1.src.rpm i386: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-devel-7.07-33.2.el4_6.1.i386.rpm ghostscript-gtk-7.07-33.2.el4_6.1.i386.rpm x86_64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-devel-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ghostscript-7.07-33.2.el4_6.1.src.rpm i386: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-devel-7.07-33.2.el4_6.1.i386.rpm ghostscript-gtk-7.07-33.2.el4_6.1.i386.rpm ia64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.ia64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.ia64.rpm ghostscript-devel-7.07-33.2.el4_6.1.ia64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.ia64.rpm x86_64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-devel-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ghostscript-7.07-33.2.el4_6.1.src.rpm i386: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-devel-7.07-33.2.el4_6.1.i386.rpm ghostscript-gtk-7.07-33.2.el4_6.1.i386.rpm ia64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.ia64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.ia64.rpm ghostscript-devel-7.07-33.2.el4_6.1.ia64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.ia64.rpm x86_64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-devel-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.15.2-9.1.el5_1.1.src.rpm i386: ghostscript-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.i386.rpm x86_64: ghostscript-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.15.2-9.1.el5_1.1.src.rpm i386: ghostscript-debuginfo-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.i386.rpm x86_64: ghostscript-debuginfo-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ghostscript-8.15.2-9.1.el5_1.1.src.rpm i386: ghostscript-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.i386.rpm ia64: ghostscript-8.15.2-9.1.el5_1.1.ia64.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.ia64.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.ia64.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.ia64.rpm ppc: ghostscript-8.15.2-9.1.el5_1.1.ppc.rpm ghostscript-8.15.2-9.1.el5_1.1.ppc64.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.ppc.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.ppc64.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.ppc.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.ppc64.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.ppc.rpm s390x: ghostscript-8.15.2-9.1.el5_1.1.s390.rpm ghostscript-8.15.2-9.1.el5_1.1.s390x.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.s390.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.s390x.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.s390.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.s390x.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.s390x.rpm x86_64: ghostscript-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-debuginfo-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHxeDxXlSAg2UNWIIRAnpPAJ9JidFpVvM1RUhFUjuw/gBb7hc4UgCgusI0 r+Kx+IT3x3/DEaovuC7aDJA= =EeZh -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 27 22:15:25 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Feb 2008 17:15:25 -0500 Subject: [RHSA-2008:0159-01] Moderate: dbus security update Message-ID: <200802272215.m1RMFPf9030338@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dbus security update Advisory ID: RHSA-2008:0159-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0159.html Issue date: 2008-02-27 CVE Names: CVE-2008-0595 ===================================================================== 1. Summary: Updated dbus packages that fix an issue with circumventing the security policy are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Havoc Pennington discovered a flaw in the way the dbus-daemon applies its security policy. A user with the ability to connect to the dbus-daemon may be able to execute certain method calls they should normally not have permission to access. (CVE-2008-0595) Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that would allow a user to leverage this flaw to elevate their privileges. This flaw does not affect the version of D-Bus shipped in Red Hat Enterprise Linux 4. All users are advised to upgrade to these updated dbus packages, which contain a backported patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 432419 - CVE-2008-0595 dbus security policy circumvention 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.0.0-6.3.el5_1.src.rpm i386: dbus-1.0.0-6.3.el5_1.i386.rpm dbus-debuginfo-1.0.0-6.3.el5_1.i386.rpm dbus-x11-1.0.0-6.3.el5_1.i386.rpm x86_64: dbus-1.0.0-6.3.el5_1.i386.rpm dbus-1.0.0-6.3.el5_1.x86_64.rpm dbus-debuginfo-1.0.0-6.3.el5_1.i386.rpm dbus-debuginfo-1.0.0-6.3.el5_1.x86_64.rpm dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.0.0-6.3.el5_1.src.rpm i386: dbus-debuginfo-1.0.0-6.3.el5_1.i386.rpm dbus-devel-1.0.0-6.3.el5_1.i386.rpm x86_64: dbus-debuginfo-1.0.0-6.3.el5_1.i386.rpm dbus-debuginfo-1.0.0-6.3.el5_1.x86_64.rpm dbus-devel-1.0.0-6.3.el5_1.i386.rpm dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dbus-1.0.0-6.3.el5_1.src.rpm i386: dbus-1.0.0-6.3.el5_1.i386.rpm dbus-debuginfo-1.0.0-6.3.el5_1.i386.rpm dbus-devel-1.0.0-6.3.el5_1.i386.rpm dbus-x11-1.0.0-6.3.el5_1.i386.rpm ia64: dbus-1.0.0-6.3.el5_1.ia64.rpm dbus-debuginfo-1.0.0-6.3.el5_1.ia64.rpm dbus-devel-1.0.0-6.3.el5_1.ia64.rpm dbus-x11-1.0.0-6.3.el5_1.ia64.rpm ppc: dbus-1.0.0-6.3.el5_1.ppc.rpm dbus-1.0.0-6.3.el5_1.ppc64.rpm dbus-debuginfo-1.0.0-6.3.el5_1.ppc.rpm dbus-debuginfo-1.0.0-6.3.el5_1.ppc64.rpm dbus-devel-1.0.0-6.3.el5_1.ppc.rpm dbus-devel-1.0.0-6.3.el5_1.ppc64.rpm dbus-x11-1.0.0-6.3.el5_1.ppc.rpm s390x: dbus-1.0.0-6.3.el5_1.s390.rpm dbus-1.0.0-6.3.el5_1.s390x.rpm dbus-debuginfo-1.0.0-6.3.el5_1.s390.rpm dbus-debuginfo-1.0.0-6.3.el5_1.s390x.rpm dbus-devel-1.0.0-6.3.el5_1.s390.rpm dbus-devel-1.0.0-6.3.el5_1.s390x.rpm dbus-x11-1.0.0-6.3.el5_1.s390x.rpm x86_64: dbus-1.0.0-6.3.el5_1.i386.rpm dbus-1.0.0-6.3.el5_1.x86_64.rpm dbus-debuginfo-1.0.0-6.3.el5_1.i386.rpm dbus-debuginfo-1.0.0-6.3.el5_1.x86_64.rpm dbus-devel-1.0.0-6.3.el5_1.i386.rpm dbus-devel-1.0.0-6.3.el5_1.x86_64.rpm dbus-x11-1.0.0-6.3.el5_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0595 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHxeD5XlSAg2UNWIIRAnaGAJ42yRF1rH37lWmmeuordCQJnD2jEgCgi5Ry jqtEoMDoDBP1Nf+/5UUhS5o= =nSsz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 28 10:13:10 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Feb 2008 05:13:10 -0500 Subject: [RHSA-2008:0131-01] Moderate: netpbm security update Message-ID: <200802281013.m1SADArB007290@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: netpbm security update Advisory ID: RHSA-2008:0131-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0131.html Issue date: 2008-02-28 CVE Names: CVE-2008-0554 ===================================================================== 1. Summary: Updated netpbm packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage web-site images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431525 - CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/netpbm-9.24-9.AS21.7.src.rpm i386: netpbm-9.24-9.AS21.7.i386.rpm netpbm-devel-9.24-9.AS21.7.i386.rpm netpbm-progs-9.24-9.AS21.7.i386.rpm ia64: netpbm-9.24-9.AS21.7.ia64.rpm netpbm-devel-9.24-9.AS21.7.ia64.rpm netpbm-progs-9.24-9.AS21.7.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/netpbm-9.24-9.AS21.7.src.rpm ia64: netpbm-9.24-9.AS21.7.ia64.rpm netpbm-devel-9.24-9.AS21.7.ia64.rpm netpbm-progs-9.24-9.AS21.7.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/netpbm-9.24-9.AS21.7.src.rpm i386: netpbm-9.24-9.AS21.7.i386.rpm netpbm-devel-9.24-9.AS21.7.i386.rpm netpbm-progs-9.24-9.AS21.7.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/netpbm-9.24-9.AS21.7.src.rpm i386: netpbm-9.24-9.AS21.7.i386.rpm netpbm-devel-9.24-9.AS21.7.i386.rpm netpbm-progs-9.24-9.AS21.7.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/netpbm-9.24-11.30.5.src.rpm i386: netpbm-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-devel-9.24-11.30.5.i386.rpm netpbm-progs-9.24-11.30.5.i386.rpm ia64: netpbm-9.24-11.30.5.i386.rpm netpbm-9.24-11.30.5.ia64.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.ia64.rpm netpbm-devel-9.24-11.30.5.ia64.rpm netpbm-progs-9.24-11.30.5.ia64.rpm ppc: netpbm-9.24-11.30.5.ppc.rpm netpbm-9.24-11.30.5.ppc64.rpm netpbm-debuginfo-9.24-11.30.5.ppc.rpm netpbm-debuginfo-9.24-11.30.5.ppc64.rpm netpbm-devel-9.24-11.30.5.ppc.rpm netpbm-progs-9.24-11.30.5.ppc.rpm s390: netpbm-9.24-11.30.5.s390.rpm netpbm-debuginfo-9.24-11.30.5.s390.rpm netpbm-devel-9.24-11.30.5.s390.rpm netpbm-progs-9.24-11.30.5.s390.rpm s390x: netpbm-9.24-11.30.5.s390.rpm netpbm-9.24-11.30.5.s390x.rpm netpbm-debuginfo-9.24-11.30.5.s390.rpm netpbm-debuginfo-9.24-11.30.5.s390x.rpm netpbm-devel-9.24-11.30.5.s390x.rpm netpbm-progs-9.24-11.30.5.s390x.rpm x86_64: netpbm-9.24-11.30.5.i386.rpm netpbm-9.24-11.30.5.x86_64.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.x86_64.rpm netpbm-devel-9.24-11.30.5.x86_64.rpm netpbm-progs-9.24-11.30.5.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/netpbm-9.24-11.30.5.src.rpm i386: netpbm-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-devel-9.24-11.30.5.i386.rpm netpbm-progs-9.24-11.30.5.i386.rpm x86_64: netpbm-9.24-11.30.5.i386.rpm netpbm-9.24-11.30.5.x86_64.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.x86_64.rpm netpbm-devel-9.24-11.30.5.x86_64.rpm netpbm-progs-9.24-11.30.5.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/netpbm-9.24-11.30.5.src.rpm i386: netpbm-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-devel-9.24-11.30.5.i386.rpm netpbm-progs-9.24-11.30.5.i386.rpm ia64: netpbm-9.24-11.30.5.i386.rpm netpbm-9.24-11.30.5.ia64.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.ia64.rpm netpbm-devel-9.24-11.30.5.ia64.rpm netpbm-progs-9.24-11.30.5.ia64.rpm x86_64: netpbm-9.24-11.30.5.i386.rpm netpbm-9.24-11.30.5.x86_64.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.x86_64.rpm netpbm-devel-9.24-11.30.5.x86_64.rpm netpbm-progs-9.24-11.30.5.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/netpbm-9.24-11.30.5.src.rpm i386: netpbm-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-devel-9.24-11.30.5.i386.rpm netpbm-progs-9.24-11.30.5.i386.rpm ia64: netpbm-9.24-11.30.5.i386.rpm netpbm-9.24-11.30.5.ia64.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.ia64.rpm netpbm-devel-9.24-11.30.5.ia64.rpm netpbm-progs-9.24-11.30.5.ia64.rpm x86_64: netpbm-9.24-11.30.5.i386.rpm netpbm-9.24-11.30.5.x86_64.rpm netpbm-debuginfo-9.24-11.30.5.i386.rpm netpbm-debuginfo-9.24-11.30.5.x86_64.rpm netpbm-devel-9.24-11.30.5.x86_64.rpm netpbm-progs-9.24-11.30.5.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/netpbm-10.25-2.EL4.6.el4_6.1.src.rpm i386: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm ia64: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm ppc: netpbm-10.25-2.EL4.6.el4_6.1.ppc.rpm netpbm-10.25-2.EL4.6.el4_6.1.ppc64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.ppc.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.ppc64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.ppc.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.ppc.rpm s390: netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.s390.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.s390.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.s390.rpm s390x: netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm netpbm-10.25-2.EL4.6.el4_6.1.s390x.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.s390.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.s390x.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.s390x.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.s390x.rpm x86_64: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/netpbm-10.25-2.EL4.6.el4_6.1.src.rpm i386: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm x86_64: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/netpbm-10.25-2.EL4.6.el4_6.1.src.rpm i386: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm ia64: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm x86_64: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/netpbm-10.25-2.EL4.6.el4_6.1.src.rpm i386: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm ia64: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm x86_64: netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.i386.rpm netpbm-debuginfo-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0554 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHxoiMXlSAg2UNWIIRAunrAKCooICLVJRMphxIKorPQB2hpYo/mwCdGYNk fu86Z85RV3z/oS8LFoTkn1k= =YfLM -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 28 10:15:33 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Feb 2008 05:15:33 -0500 Subject: [RHSA-2008:0146-01] Moderate: gd security update Message-ID: <200802281015.m1SAFXhL007860@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gd security update Advisory ID: RHSA-2008:0146-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0146.html Issue date: 2008-02-28 CVE Names: CVE-2006-4484 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 CVE-2007-3476 ===================================================================== 1. Summary: Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 224607 - CVE-2007-0455 gd buffer overrun 242033 - CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG 276751 - CVE-2007-3472 libgd Integer overflow in TrueColor code 276791 - CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap 277181 - CVE-2007-3475 libgd Denial of service by GIF images without a global color map 277201 - CVE-2007-3476 libgd Denial of service by corrupted GIF images 431568 - CVE-2006-4484 gd: GIF handling buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gd-2.0.28-5.4E.el4_6.1.src.rpm i386: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm ia64: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-2.0.28-5.4E.el4_6.1.ia64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.ia64.rpm gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm ppc: gd-2.0.28-5.4E.el4_6.1.ppc.rpm gd-2.0.28-5.4E.el4_6.1.ppc64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.ppc.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.ppc64.rpm gd-devel-2.0.28-5.4E.el4_6.1.ppc.rpm gd-progs-2.0.28-5.4E.el4_6.1.ppc.rpm s390: gd-2.0.28-5.4E.el4_6.1.s390.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.s390.rpm gd-devel-2.0.28-5.4E.el4_6.1.s390.rpm gd-progs-2.0.28-5.4E.el4_6.1.s390.rpm s390x: gd-2.0.28-5.4E.el4_6.1.s390.rpm gd-2.0.28-5.4E.el4_6.1.s390x.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.s390.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.s390x.rpm gd-devel-2.0.28-5.4E.el4_6.1.s390x.rpm gd-progs-2.0.28-5.4E.el4_6.1.s390x.rpm x86_64: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gd-2.0.28-5.4E.el4_6.1.src.rpm i386: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm x86_64: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gd-2.0.28-5.4E.el4_6.1.src.rpm i386: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm ia64: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-2.0.28-5.4E.el4_6.1.ia64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.ia64.rpm gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm x86_64: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gd-2.0.28-5.4E.el4_6.1.src.rpm i386: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-devel-2.0.28-5.4E.el4_6.1.i386.rpm gd-progs-2.0.28-5.4E.el4_6.1.i386.rpm ia64: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-2.0.28-5.4E.el4_6.1.ia64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.ia64.rpm gd-devel-2.0.28-5.4E.el4_6.1.ia64.rpm gd-progs-2.0.28-5.4E.el4_6.1.ia64.rpm x86_64: gd-2.0.28-5.4E.el4_6.1.i386.rpm gd-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.i386.rpm gd-debuginfo-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-devel-2.0.28-5.4E.el4_6.1.x86_64.rpm gd-progs-2.0.28-5.4E.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gd-2.0.33-9.4.el5_1.1.src.rpm i386: gd-2.0.33-9.4.el5_1.1.i386.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.i386.rpm gd-progs-2.0.33-9.4.el5_1.1.i386.rpm x86_64: gd-2.0.33-9.4.el5_1.1.i386.rpm gd-2.0.33-9.4.el5_1.1.x86_64.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.i386.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.x86_64.rpm gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gd-2.0.33-9.4.el5_1.1.src.rpm i386: gd-debuginfo-2.0.33-9.4.el5_1.1.i386.rpm gd-devel-2.0.33-9.4.el5_1.1.i386.rpm x86_64: gd-debuginfo-2.0.33-9.4.el5_1.1.i386.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.x86_64.rpm gd-devel-2.0.33-9.4.el5_1.1.i386.rpm gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gd-2.0.33-9.4.el5_1.1.src.rpm i386: gd-2.0.33-9.4.el5_1.1.i386.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.i386.rpm gd-devel-2.0.33-9.4.el5_1.1.i386.rpm gd-progs-2.0.33-9.4.el5_1.1.i386.rpm ia64: gd-2.0.33-9.4.el5_1.1.ia64.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.ia64.rpm gd-devel-2.0.33-9.4.el5_1.1.ia64.rpm gd-progs-2.0.33-9.4.el5_1.1.ia64.rpm ppc: gd-2.0.33-9.4.el5_1.1.ppc.rpm gd-2.0.33-9.4.el5_1.1.ppc64.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.ppc.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.ppc64.rpm gd-devel-2.0.33-9.4.el5_1.1.ppc.rpm gd-devel-2.0.33-9.4.el5_1.1.ppc64.rpm gd-progs-2.0.33-9.4.el5_1.1.ppc.rpm s390x: gd-2.0.33-9.4.el5_1.1.s390.rpm gd-2.0.33-9.4.el5_1.1.s390x.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.s390.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.s390x.rpm gd-devel-2.0.33-9.4.el5_1.1.s390.rpm gd-devel-2.0.33-9.4.el5_1.1.s390x.rpm gd-progs-2.0.33-9.4.el5_1.1.s390x.rpm x86_64: gd-2.0.33-9.4.el5_1.1.i386.rpm gd-2.0.33-9.4.el5_1.1.x86_64.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.i386.rpm gd-debuginfo-2.0.33-9.4.el5_1.1.x86_64.rpm gd-devel-2.0.33-9.4.el5_1.1.i386.rpm gd-devel-2.0.33-9.4.el5_1.1.x86_64.rpm gd-progs-2.0.33-9.4.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHxolQXlSAg2UNWIIRAuiAAKCyMvTR6jeDsJxpLsG42TYNX0+w9ACgo1dV 4SPteBFBtGBNC9bACDW2wac= =IEDd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 28 12:11:55 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Feb 2008 07:11:55 -0500 Subject: [RHSA-2008:0105-02] Critical: thunderbird security update Message-ID: <200802281211.m1SCBtG8025318@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2008:0105-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0105.html Issue date: 2008-02-07 Updated on: 2008-02-27 CVE Names: CVE-2008-0304 CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0418 CVE-2008-0419 CVE-2008-0420 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 ===================================================================== 1. Summary: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type "plain/text", rather than "text/plain", Thunderbird will not show future "text/plain" content to the user, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 431732 - CVE-2008-0412 Mozilla layout engine crashes 431733 - CVE-2008-0413 Mozilla javascript engine crashes 431739 - CVE-2008-0415 Mozilla arbitrary code execution 431748 - CVE-2008-0418 Mozilla chrome: directory traversal 431749 - CVE-2008-0419 Mozilla arbitrary code execution 431751 - CVE-2008-0591 Mozilla information disclosure flaw 431752 - CVE-2008-0592 Mozilla text file mishandling 431756 - CVE-2008-0593 Mozilla URL token stealing flaw 435123 - CVE-2008-0304 thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm ia64: thunderbird-1.5.0.12-8.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ia64.rpm ppc: thunderbird-1.5.0.12-8.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ppc.rpm s390: thunderbird-1.5.0.12-8.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-8.el4.s390.rpm s390x: thunderbird-1.5.0.12-8.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-8.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm ia64: thunderbird-1.5.0.12-8.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-8.el4.src.rpm i386: thunderbird-1.5.0.12-8.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el4.i386.rpm ia64: thunderbird-1.5.0.12-8.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-8.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-1.5.0.12-8.el5.src.rpm i386: thunderbird-1.5.0.12-8.el5.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el5.i386.rpm x86_64: thunderbird-1.5.0.12-8.el5.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-1.5.0.12-8.el5.src.rpm i386: thunderbird-1.5.0.12-8.el5.i386.rpm thunderbird-debuginfo-1.5.0.12-8.el5.i386.rpm x86_64: thunderbird-1.5.0.12-8.el5.x86_64.rpm thunderbird-debuginfo-1.5.0.12-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHxqUJXlSAg2UNWIIRAka5AJ0bqM+SC1HDBMm95a2n46PXm4HPmgCguR4W EbZ2+7EigkctGIna1GSkaiA= =WfZ1 -----END PGP SIGNATURE-----