From bugzilla at redhat.com Wed May 7 07:06:19 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 May 2008 03:06:19 -0400 Subject: [RHSA-2008:0211-01] Important: kernel security and bug fix update Message-ID: <200805070706.m4776JJd028902@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0211-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0211.html Issue date: 2008-05-07 CVE Names: CVE-2006-4814 CVE-2007-5001 CVE-2007-6151 CVE-2007-6206 CVE-2008-0007 CVE-2008-1367 CVE-2008-1375 CVE-2008-1669 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue: * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs: * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 306971 - CVE-2006-4814 kernel Race condition in mincore can cause "ps -ef" to hang 326251 - CVE-2007-5001 kernel asynchronous IO on a FIFO kernel panic 396861 - CVE-2007-6206 Issue with core dump owner 413731 - RHEL3: System hangs at unmount 425111 - CVE-2007-6151 I4L: fix isdn_ioctl memory issue 428961 - CVE-2008-0007 kernel: insufficient range checks in fault handlers with mremap 437312 - CVE-2008-1367 Kernel doesn't clear DF for signal handlers 439754 - CVE-2008-1375 kernel: race condition in dnotify (local DoS, local roothole possible) 443433 - CVE-2008-1669 kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-57.EL.src.rpm i386: kernel-2.4.21-57.EL.athlon.rpm kernel-2.4.21-57.EL.i686.rpm kernel-BOOT-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.athlon.rpm kernel-debuginfo-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.i686.rpm kernel-doc-2.4.21-57.EL.i386.rpm kernel-hugemem-2.4.21-57.EL.i686.rpm kernel-hugemem-unsupported-2.4.21-57.EL.i686.rpm kernel-smp-2.4.21-57.EL.athlon.rpm kernel-smp-2.4.21-57.EL.i686.rpm kernel-smp-unsupported-2.4.21-57.EL.athlon.rpm kernel-smp-unsupported-2.4.21-57.EL.i686.rpm kernel-source-2.4.21-57.EL.i386.rpm kernel-unsupported-2.4.21-57.EL.athlon.rpm kernel-unsupported-2.4.21-57.EL.i686.rpm ia64: kernel-2.4.21-57.EL.ia64.rpm kernel-debuginfo-2.4.21-57.EL.ia64.rpm kernel-doc-2.4.21-57.EL.ia64.rpm kernel-source-2.4.21-57.EL.ia64.rpm kernel-unsupported-2.4.21-57.EL.ia64.rpm ppc: kernel-2.4.21-57.EL.ppc64iseries.rpm kernel-2.4.21-57.EL.ppc64pseries.rpm kernel-debuginfo-2.4.21-57.EL.ppc64.rpm kernel-debuginfo-2.4.21-57.EL.ppc64iseries.rpm kernel-debuginfo-2.4.21-57.EL.ppc64pseries.rpm kernel-doc-2.4.21-57.EL.ppc64.rpm kernel-source-2.4.21-57.EL.ppc64.rpm kernel-unsupported-2.4.21-57.EL.ppc64iseries.rpm kernel-unsupported-2.4.21-57.EL.ppc64pseries.rpm s390: kernel-2.4.21-57.EL.s390.rpm kernel-debuginfo-2.4.21-57.EL.s390.rpm kernel-doc-2.4.21-57.EL.s390.rpm kernel-source-2.4.21-57.EL.s390.rpm kernel-unsupported-2.4.21-57.EL.s390.rpm s390x: kernel-2.4.21-57.EL.s390x.rpm kernel-debuginfo-2.4.21-57.EL.s390x.rpm kernel-doc-2.4.21-57.EL.s390x.rpm kernel-source-2.4.21-57.EL.s390x.rpm kernel-unsupported-2.4.21-57.EL.s390x.rpm x86_64: kernel-2.4.21-57.EL.ia32e.rpm kernel-2.4.21-57.EL.x86_64.rpm kernel-debuginfo-2.4.21-57.EL.ia32e.rpm kernel-debuginfo-2.4.21-57.EL.x86_64.rpm kernel-doc-2.4.21-57.EL.x86_64.rpm kernel-smp-2.4.21-57.EL.x86_64.rpm kernel-smp-unsupported-2.4.21-57.EL.x86_64.rpm kernel-source-2.4.21-57.EL.x86_64.rpm kernel-unsupported-2.4.21-57.EL.ia32e.rpm kernel-unsupported-2.4.21-57.EL.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-57.EL.src.rpm i386: kernel-2.4.21-57.EL.athlon.rpm kernel-2.4.21-57.EL.i686.rpm kernel-BOOT-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.athlon.rpm kernel-debuginfo-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.i686.rpm kernel-doc-2.4.21-57.EL.i386.rpm kernel-hugemem-2.4.21-57.EL.i686.rpm kernel-hugemem-unsupported-2.4.21-57.EL.i686.rpm kernel-smp-2.4.21-57.EL.athlon.rpm kernel-smp-2.4.21-57.EL.i686.rpm kernel-smp-unsupported-2.4.21-57.EL.athlon.rpm kernel-smp-unsupported-2.4.21-57.EL.i686.rpm kernel-source-2.4.21-57.EL.i386.rpm kernel-unsupported-2.4.21-57.EL.athlon.rpm kernel-unsupported-2.4.21-57.EL.i686.rpm x86_64: kernel-2.4.21-57.EL.ia32e.rpm kernel-2.4.21-57.EL.x86_64.rpm kernel-debuginfo-2.4.21-57.EL.ia32e.rpm kernel-debuginfo-2.4.21-57.EL.x86_64.rpm kernel-doc-2.4.21-57.EL.x86_64.rpm kernel-smp-2.4.21-57.EL.x86_64.rpm kernel-smp-unsupported-2.4.21-57.EL.x86_64.rpm kernel-source-2.4.21-57.EL.x86_64.rpm kernel-unsupported-2.4.21-57.EL.ia32e.rpm kernel-unsupported-2.4.21-57.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-57.EL.src.rpm i386: kernel-2.4.21-57.EL.athlon.rpm kernel-2.4.21-57.EL.i686.rpm kernel-BOOT-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.athlon.rpm kernel-debuginfo-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.i686.rpm kernel-doc-2.4.21-57.EL.i386.rpm kernel-hugemem-2.4.21-57.EL.i686.rpm kernel-hugemem-unsupported-2.4.21-57.EL.i686.rpm kernel-smp-2.4.21-57.EL.athlon.rpm kernel-smp-2.4.21-57.EL.i686.rpm kernel-smp-unsupported-2.4.21-57.EL.athlon.rpm kernel-smp-unsupported-2.4.21-57.EL.i686.rpm kernel-source-2.4.21-57.EL.i386.rpm kernel-unsupported-2.4.21-57.EL.athlon.rpm kernel-unsupported-2.4.21-57.EL.i686.rpm ia64: kernel-2.4.21-57.EL.ia64.rpm kernel-debuginfo-2.4.21-57.EL.ia64.rpm kernel-doc-2.4.21-57.EL.ia64.rpm kernel-source-2.4.21-57.EL.ia64.rpm kernel-unsupported-2.4.21-57.EL.ia64.rpm x86_64: kernel-2.4.21-57.EL.ia32e.rpm kernel-2.4.21-57.EL.x86_64.rpm kernel-debuginfo-2.4.21-57.EL.ia32e.rpm kernel-debuginfo-2.4.21-57.EL.x86_64.rpm kernel-doc-2.4.21-57.EL.x86_64.rpm kernel-smp-2.4.21-57.EL.x86_64.rpm kernel-smp-unsupported-2.4.21-57.EL.x86_64.rpm kernel-source-2.4.21-57.EL.x86_64.rpm kernel-unsupported-2.4.21-57.EL.ia32e.rpm kernel-unsupported-2.4.21-57.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-57.EL.src.rpm i386: kernel-2.4.21-57.EL.athlon.rpm kernel-2.4.21-57.EL.i686.rpm kernel-BOOT-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.athlon.rpm kernel-debuginfo-2.4.21-57.EL.i386.rpm kernel-debuginfo-2.4.21-57.EL.i686.rpm kernel-doc-2.4.21-57.EL.i386.rpm kernel-hugemem-2.4.21-57.EL.i686.rpm kernel-hugemem-unsupported-2.4.21-57.EL.i686.rpm kernel-smp-2.4.21-57.EL.athlon.rpm kernel-smp-2.4.21-57.EL.i686.rpm kernel-smp-unsupported-2.4.21-57.EL.athlon.rpm kernel-smp-unsupported-2.4.21-57.EL.i686.rpm kernel-source-2.4.21-57.EL.i386.rpm kernel-unsupported-2.4.21-57.EL.athlon.rpm kernel-unsupported-2.4.21-57.EL.i686.rpm ia64: kernel-2.4.21-57.EL.ia64.rpm kernel-debuginfo-2.4.21-57.EL.ia64.rpm kernel-doc-2.4.21-57.EL.ia64.rpm kernel-source-2.4.21-57.EL.ia64.rpm kernel-unsupported-2.4.21-57.EL.ia64.rpm x86_64: kernel-2.4.21-57.EL.ia32e.rpm kernel-2.4.21-57.EL.x86_64.rpm kernel-debuginfo-2.4.21-57.EL.ia32e.rpm kernel-debuginfo-2.4.21-57.EL.x86_64.rpm kernel-doc-2.4.21-57.EL.x86_64.rpm kernel-smp-2.4.21-57.EL.x86_64.rpm kernel-smp-unsupported-2.4.21-57.EL.x86_64.rpm kernel-source-2.4.21-57.EL.x86_64.rpm kernel-unsupported-2.4.21-57.EL.ia32e.rpm kernel-unsupported-2.4.21-57.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIIVShXlSAg2UNWIIRAgmSAKCRogfxBH0zKSSl0LoEU/mX2fM8HACgpUZp ku1MKisAK/HECsk5IhuieJo= =ld1g -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 7 07:49:25 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 May 2008 03:49:25 -0400 Subject: [RHSA-2008:0233-01] Important: kernel security and bug fix update Message-ID: <200805070749.m477nP4H002186@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0233-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0233.html Issue date: 2008-05-07 CVE Names: CVE-2007-5498 CVE-2008-0007 CVE-2008-1367 CVE-2008-1375 CVE-2008-1619 CVE-2008-1669 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue: * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs: * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an "ata1: CPB flags CMD err flags 0x11" error. * repeatedly hot-plugging a PCI Express card may have caused "Bad DLLP" errors. * a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. * when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the "Memory: 32839688k/33685504k available" line. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 369531 - CVE-2007-5498 missing sanity check in xen block backend driver 412071 - LTC37008-QDIO based network connections hang with QIOASSIST ON 427400 - CVE-2008-1619 [xen-ia64] Dom0 panic while we run ftp test tool between HVM and Dom0. 428961 - CVE-2008-0007 kernel: insufficient range checks in fault handlers with mremap 433616 - [Xen] vmalloc/vfree on HVM Guest/IA64 does untolerate performance. 433617 - libata: sata_nv may send commands with duplicate tags [5.1.z] 437312 - CVE-2008-1367 Kernel doesn't clear DF for signal handlers 437770 - CVE-2008-1619 [xen-ia64] Dom0 panic while we run ftp test tool between HVM and Dom0. 439754 - CVE-2008-1375 kernel: race condition in dnotify (local DoS, local roothole possible) 440438 - [5.1] PCI Express hotplug driver problem (Bad DLLP) [rhel-5.1.z] 440447 - 2.6.18-53.1.12 crashes on NULL pointer dereference with NFS on the stack [rhel-5.1.z] 442922 - kexec or kdump hangs on ES7000/ONE 443433 - CVE-2008-1669 kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-53.1.19.el5.src.rpm i386: kernel-2.6.18-53.1.19.el5.i686.rpm kernel-PAE-2.6.18-53.1.19.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.19.el5.i686.rpm kernel-debug-2.6.18-53.1.19.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.19.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.19.el5.i686.rpm kernel-devel-2.6.18-53.1.19.el5.i686.rpm kernel-headers-2.6.18-53.1.19.el5.i386.rpm kernel-xen-2.6.18-53.1.19.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.19.el5.i686.rpm noarch: kernel-doc-2.6.18-53.1.19.el5.noarch.rpm x86_64: kernel-2.6.18-53.1.19.el5.x86_64.rpm kernel-debug-2.6.18-53.1.19.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.19.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.19.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.19.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.19.el5.x86_64.rpm kernel-devel-2.6.18-53.1.19.el5.x86_64.rpm kernel-headers-2.6.18-53.1.19.el5.x86_64.rpm kernel-xen-2.6.18-53.1.19.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.19.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.19.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-53.1.19.el5.src.rpm i386: kernel-2.6.18-53.1.19.el5.i686.rpm kernel-PAE-2.6.18-53.1.19.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.19.el5.i686.rpm kernel-debug-2.6.18-53.1.19.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.19.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.19.el5.i686.rpm kernel-devel-2.6.18-53.1.19.el5.i686.rpm kernel-headers-2.6.18-53.1.19.el5.i386.rpm kernel-xen-2.6.18-53.1.19.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.19.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.19.el5.i686.rpm ia64: kernel-2.6.18-53.1.19.el5.ia64.rpm kernel-debug-2.6.18-53.1.19.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-53.1.19.el5.ia64.rpm kernel-debug-devel-2.6.18-53.1.19.el5.ia64.rpm kernel-debuginfo-2.6.18-53.1.19.el5.ia64.rpm kernel-debuginfo-common-2.6.18-53.1.19.el5.ia64.rpm kernel-devel-2.6.18-53.1.19.el5.ia64.rpm kernel-headers-2.6.18-53.1.19.el5.ia64.rpm kernel-xen-2.6.18-53.1.19.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-53.1.19.el5.ia64.rpm kernel-xen-devel-2.6.18-53.1.19.el5.ia64.rpm noarch: kernel-doc-2.6.18-53.1.19.el5.noarch.rpm ppc: kernel-2.6.18-53.1.19.el5.ppc64.rpm kernel-debug-2.6.18-53.1.19.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-53.1.19.el5.ppc64.rpm kernel-debug-devel-2.6.18-53.1.19.el5.ppc64.rpm kernel-debuginfo-2.6.18-53.1.19.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-53.1.19.el5.ppc64.rpm kernel-devel-2.6.18-53.1.19.el5.ppc64.rpm kernel-headers-2.6.18-53.1.19.el5.ppc.rpm kernel-headers-2.6.18-53.1.19.el5.ppc64.rpm kernel-kdump-2.6.18-53.1.19.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-53.1.19.el5.ppc64.rpm kernel-kdump-devel-2.6.18-53.1.19.el5.ppc64.rpm s390x: kernel-2.6.18-53.1.19.el5.s390x.rpm kernel-debug-2.6.18-53.1.19.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-53.1.19.el5.s390x.rpm kernel-debug-devel-2.6.18-53.1.19.el5.s390x.rpm kernel-debuginfo-2.6.18-53.1.19.el5.s390x.rpm kernel-debuginfo-common-2.6.18-53.1.19.el5.s390x.rpm kernel-devel-2.6.18-53.1.19.el5.s390x.rpm kernel-headers-2.6.18-53.1.19.el5.s390x.rpm x86_64: kernel-2.6.18-53.1.19.el5.x86_64.rpm kernel-debug-2.6.18-53.1.19.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.19.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.19.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.19.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.19.el5.x86_64.rpm kernel-devel-2.6.18-53.1.19.el5.x86_64.rpm kernel-headers-2.6.18-53.1.19.el5.x86_64.rpm kernel-xen-2.6.18-53.1.19.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.19.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.19.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIIV6cXlSAg2UNWIIRAroqAJ9mxmGtFJNNxXGQ1Yv53ROudG4AOgCdEIBH oxXtczRwSakkE0jTk1AnyN4= =WSVP -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 7 07:49:53 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 May 2008 03:49:53 -0400 Subject: [RHSA-2008:0237-01] Important: kernel security and bug fix update Message-ID: <200805070749.m477nrvN002212@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0237-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0237.html Issue date: 2008-05-07 CVE Names: CVE-2005-0504 CVE-2007-6282 CVE-2008-0007 CVE-2008-1375 CVE-2008-1615 CVE-2008-1669 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue: * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * a flaw in the MOXA serial driver could allow a local unprivileged user to perform privileged operations, such as replacing firmware. (CVE-2005-0504, Important) As well, these updated packages fix the following bugs: * multiple buffer overflows in the neofb driver have been resolved. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * a kernel panic, due to inconsistent detection of AGP aperture size, has been resolved. * a race condition in UNIX domain sockets may have caused "recv()" to return zero. In clustered configurations, this may have caused unexpected failovers. * to prevent link storms, network link carrier events were delayed by up to one second, causing unnecessary packet loss. Now, link carrier events are scheduled immediately. * a client-side race on blocking locks caused large time delays on NFS file systems. * in certain situations, the libATA sata_nv driver may have sent commands with duplicate tags, which were rejected by SATA devices. This may have caused infinite reboots. * running the "service network restart" command may have caused networking to fail. * a bug in NFS caused cached information about directories to be stored for too long, causing wrong attributes to be read. * on systems with a large highmem/lowmem ratio, NFS write performance may have been very slow when using small files. * a bug, which caused network hangs when the system clock was wrapped around zero, has been resolved. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 404291 - CVE-2007-6282 IPSec ESP kernel panics 423111 - CVE-2005-0504 Buffer overflow in moxa driver 428961 - CVE-2008-0007 kernel: insufficient range checks in fault handlers with mremap 431430 - CVE-2008-1615 kernel: ptrace: Unprivileged crash on x86_64 %cs corruption 435122 - [RHEL4.6] In unix domain sockets, recv() may incorrectly return zero 436102 - Fake ARP dropped after migration leading to loss of network connectivity 436129 - LTC41942-30 second flock() calls against files stored on a NetApp while using NFS 436499 - libata: sata_nv may send commands with duplicate tags 436749 - HP-Japan Network stack hang after service network restart 437788 - NFS: Fix directory caching problem - with test case and patch. 438345 - [2.6.9-55.9] VM pagecache reclaim patch causes high latency on systems with large highmem/lowmem ratios 438477 - Since "Patch2037: linux-2.6.9-vm-balance.patch" my NFS performance is poorly 439754 - CVE-2008-1375 kernel: race condition in dnotify (local DoS, local roothole possible) 443433 - CVE-2008-1669 kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-67.0.15.EL.src.rpm i386: kernel-2.6.9-67.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.15.EL.i686.rpm kernel-devel-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.15.EL.i686.rpm kernel-smp-2.6.9-67.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.i686.rpm ia64: kernel-2.6.9-67.0.15.EL.ia64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.ia64.rpm kernel-devel-2.6.9-67.0.15.EL.ia64.rpm kernel-largesmp-2.6.9-67.0.15.EL.ia64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.ia64.rpm noarch: kernel-doc-2.6.9-67.0.15.EL.noarch.rpm ppc: kernel-2.6.9-67.0.15.EL.ppc64.rpm kernel-2.6.9-67.0.15.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-67.0.15.EL.ppc64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.ppc64iseries.rpm kernel-devel-2.6.9-67.0.15.EL.ppc64.rpm kernel-devel-2.6.9-67.0.15.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-67.0.15.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.ppc64.rpm s390: kernel-2.6.9-67.0.15.EL.s390.rpm kernel-debuginfo-2.6.9-67.0.15.EL.s390.rpm kernel-devel-2.6.9-67.0.15.EL.s390.rpm s390x: kernel-2.6.9-67.0.15.EL.s390x.rpm kernel-debuginfo-2.6.9-67.0.15.EL.s390x.rpm kernel-devel-2.6.9-67.0.15.EL.s390x.rpm x86_64: kernel-2.6.9-67.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.x86_64.rpm kernel-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-67.0.15.EL.src.rpm i386: kernel-2.6.9-67.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.15.EL.i686.rpm kernel-devel-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.15.EL.i686.rpm kernel-smp-2.6.9-67.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.i686.rpm noarch: kernel-doc-2.6.9-67.0.15.EL.noarch.rpm x86_64: kernel-2.6.9-67.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.x86_64.rpm kernel-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-67.0.15.EL.src.rpm i386: kernel-2.6.9-67.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.15.EL.i686.rpm kernel-devel-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.15.EL.i686.rpm kernel-smp-2.6.9-67.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.i686.rpm ia64: kernel-2.6.9-67.0.15.EL.ia64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.ia64.rpm kernel-devel-2.6.9-67.0.15.EL.ia64.rpm kernel-largesmp-2.6.9-67.0.15.EL.ia64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.ia64.rpm noarch: kernel-doc-2.6.9-67.0.15.EL.noarch.rpm x86_64: kernel-2.6.9-67.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.x86_64.rpm kernel-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-67.0.15.EL.src.rpm i386: kernel-2.6.9-67.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.15.EL.i686.rpm kernel-devel-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-2.6.9-67.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.15.EL.i686.rpm kernel-smp-2.6.9-67.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-2.6.9-67.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.i686.rpm ia64: kernel-2.6.9-67.0.15.EL.ia64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.ia64.rpm kernel-devel-2.6.9-67.0.15.EL.ia64.rpm kernel-largesmp-2.6.9-67.0.15.EL.ia64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.ia64.rpm noarch: kernel-doc-2.6.9-67.0.15.EL.noarch.rpm x86_64: kernel-2.6.9-67.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.15.EL.x86_64.rpm kernel-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-2.6.9-67.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.15.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIIV8IXlSAg2UNWIIRAlDoAKC/PSOTtgcT/spYH8H43N6cPXTrCQCffa7O M2K5hk4HepnEKsOw5a3q6Y8= =Cab9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 8 09:18:13 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 May 2008 05:18:13 -0400 Subject: [RHSA-2008:0262-01] Important: gpdf security update Message-ID: <200805080918.m489IDwU030207@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2008:0262-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0262.html Issue date: 2008-05-08 CVE Names: CVE-2008-1693 ===================================================================== 1. Summary: An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Kees Cook discovered a flaw in the way gpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) Users of gpdf are advised to upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 441722 - CVE-2008-1693 xpdf: embedded font vulnerability 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-7.7.2.src.rpm i386: gpdf-2.8.2-7.7.2.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.i386.rpm ia64: gpdf-2.8.2-7.7.2.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.ia64.rpm ppc: gpdf-2.8.2-7.7.2.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.ppc.rpm s390: gpdf-2.8.2-7.7.2.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.s390.rpm s390x: gpdf-2.8.2-7.7.2.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-7.7.2.src.rpm i386: gpdf-2.8.2-7.7.2.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.i386.rpm x86_64: gpdf-2.8.2-7.7.2.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-7.7.2.src.rpm i386: gpdf-2.8.2-7.7.2.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.i386.rpm ia64: gpdf-2.8.2-7.7.2.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-7.7.2.src.rpm i386: gpdf-2.8.2-7.7.2.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.i386.rpm ia64: gpdf-2.8.2-7.7.2.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIIsVKXlSAg2UNWIIRAtRIAJ0ZXbMrM1sJ4BJa1qhNRqpgNWwfVwCghmPy nPoLDbQrISR9cOZjd97nN3E= =A4Wv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 13 12:29:01 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 May 2008 08:29:01 -0400 Subject: [RHSA-2008:0194-01] Important: xen security and bug fix update Message-ID: <200805131229.m4DCT1dR015998@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xen security and bug fix update Advisory ID: RHSA-2008:0194-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0194.html Issue date: 2008-05-13 CVE Names: CVE-2007-3919 CVE-2007-5730 CVE-2008-0928 CVE-2008-1943 CVE-2008-1944 CVE-2008-2004 ===================================================================== 1. Summary: Updated xen packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization. These updated packages fix the following security issues: Daniel P. Berrange discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the format of messages serving to update the contents of the framebuffer. This could allow a malicious user to cause a denial of service, or compromise the privileged domain (Dom0). (CVE-2008-1944) Markus Armbruster discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the frontend's framebuffer description. This could allow a malicious user to cause a denial of service, or to use a specially crafted frontend to compromise the privileged domain (Dom0). (CVE-2008-1943) Chris Wright discovered a security vulnerability in the QEMU block format auto-detection, when running fully-virtualized guests. Such fully-virtualized guests, with a raw formatted disk image, were able to write a header to that disk image describing another format. This could allow such guests to read arbitrary files in their hypervisor's host. (CVE-2008-2004) Ian Jackson discovered a security vulnerability in the QEMU block device drivers backend. A guest operating system could issue a block device request and read or write arbitrary memory locations, which could lead to privilege escalation. (CVE-2008-0928) Tavis Ormandy found that QEMU did not perform adequate sanity-checking of data received via the "net socket listen" option. A malicious local administrator of a guest domain could trigger this flaw to potentially execute arbitrary code outside of the domain. (CVE-2007-5730) Steve Kemp discovered that the xenbaked daemon and the XenMon utility communicated via an insecure temporary file. A malicious local administrator of a guest domain could perform a symbolic link attack, causing arbitrary files to be truncated. (CVE-2007-3919) As well, in the previous xen packages, it was possible for Dom0 to fail to flush data from a fully-virtualized guest to disk, even if the guest explicitly requested the flush. This could cause data integrity problems on the guest. In these updated packages, Dom0 always respects the request to flush to disk. Users of xen are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 350421 - CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss 360381 - CVE-2007-5730 QEMU Buffer overflow via crafted "net socket listen" option 433560 - CVE-2008-0928 Qemu insufficient block device address range checking 435495 - [RHEL5.2]: LTC41676-Xen full virt has data integrity issue 443078 - CVE-2008-1943 PVFB backend fails to validate frontend's framebuffer description 443390 - CVE-2008-1944 PVFB SDL backend chokes on bogus screen updates 444583 - CVE-2008-2004 qemu/kvm/xen: qemu block format auto-detection vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-41.el5_1.5.src.rpm i386: xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-libs-3.0.3-41.el5_1.5.i386.rpm x86_64: xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-debuginfo-3.0.3-41.el5_1.5.x86_64.rpm xen-libs-3.0.3-41.el5_1.5.i386.rpm xen-libs-3.0.3-41.el5_1.5.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-41.el5_1.5.src.rpm i386: xen-3.0.3-41.el5_1.5.i386.rpm xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-devel-3.0.3-41.el5_1.5.i386.rpm x86_64: xen-3.0.3-41.el5_1.5.x86_64.rpm xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-debuginfo-3.0.3-41.el5_1.5.x86_64.rpm xen-devel-3.0.3-41.el5_1.5.i386.rpm xen-devel-3.0.3-41.el5_1.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-41.el5_1.5.src.rpm i386: xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-libs-3.0.3-41.el5_1.5.i386.rpm ia64: xen-debuginfo-3.0.3-41.el5_1.5.ia64.rpm xen-libs-3.0.3-41.el5_1.5.ia64.rpm x86_64: xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-debuginfo-3.0.3-41.el5_1.5.x86_64.rpm xen-libs-3.0.3-41.el5_1.5.i386.rpm xen-libs-3.0.3-41.el5_1.5.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-41.el5_1.5.src.rpm i386: xen-3.0.3-41.el5_1.5.i386.rpm xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-devel-3.0.3-41.el5_1.5.i386.rpm ia64: xen-3.0.3-41.el5_1.5.ia64.rpm xen-debuginfo-3.0.3-41.el5_1.5.ia64.rpm xen-devel-3.0.3-41.el5_1.5.ia64.rpm x86_64: xen-3.0.3-41.el5_1.5.x86_64.rpm xen-debuginfo-3.0.3-41.el5_1.5.i386.rpm xen-debuginfo-3.0.3-41.el5_1.5.x86_64.rpm xen-devel-3.0.3-41.el5_1.5.i386.rpm xen-devel-3.0.3-41.el5_1.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3919 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1944 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIKYl8XlSAg2UNWIIRAhx7AKClR1PG+iH8wkI/lOgfpPtOLmSzpgCgvURY VbxfWvdPToJNVkcDf1gn5Qg= =PXkq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 14 08:12:38 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 May 2008 04:12:38 -0400 Subject: [RHSA-2008:0270-01] Important: libvorbis security update Message-ID: <200805140812.m4E8CcCE003590@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvorbis security update Advisory ID: RHSA-2008:0270-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0270.html Issue date: 2008-05-14 CVE Names: CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 ===================================================================== 1. Summary: Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 440700 - CVE-2008-1419 vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow 440706 - CVE-2008-1420 vorbis: integer overflow in partvals computation 440709 - CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libvorbis-1.0-10.el3.src.rpm i386: libvorbis-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-devel-1.0-10.el3.i386.rpm ia64: libvorbis-1.0-10.el3.i386.rpm libvorbis-1.0-10.el3.ia64.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.ia64.rpm libvorbis-devel-1.0-10.el3.ia64.rpm ppc: libvorbis-1.0-10.el3.ppc.rpm libvorbis-1.0-10.el3.ppc64.rpm libvorbis-debuginfo-1.0-10.el3.ppc.rpm libvorbis-debuginfo-1.0-10.el3.ppc64.rpm libvorbis-devel-1.0-10.el3.ppc.rpm s390: libvorbis-1.0-10.el3.s390.rpm libvorbis-debuginfo-1.0-10.el3.s390.rpm libvorbis-devel-1.0-10.el3.s390.rpm s390x: libvorbis-1.0-10.el3.s390.rpm libvorbis-1.0-10.el3.s390x.rpm libvorbis-debuginfo-1.0-10.el3.s390.rpm libvorbis-debuginfo-1.0-10.el3.s390x.rpm libvorbis-devel-1.0-10.el3.s390x.rpm x86_64: libvorbis-1.0-10.el3.i386.rpm libvorbis-1.0-10.el3.x86_64.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.x86_64.rpm libvorbis-devel-1.0-10.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libvorbis-1.0-10.el3.src.rpm i386: libvorbis-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-devel-1.0-10.el3.i386.rpm x86_64: libvorbis-1.0-10.el3.i386.rpm libvorbis-1.0-10.el3.x86_64.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.x86_64.rpm libvorbis-devel-1.0-10.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libvorbis-1.0-10.el3.src.rpm i386: libvorbis-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-devel-1.0-10.el3.i386.rpm ia64: libvorbis-1.0-10.el3.i386.rpm libvorbis-1.0-10.el3.ia64.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.ia64.rpm libvorbis-devel-1.0-10.el3.ia64.rpm x86_64: libvorbis-1.0-10.el3.i386.rpm libvorbis-1.0-10.el3.x86_64.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.x86_64.rpm libvorbis-devel-1.0-10.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libvorbis-1.0-10.el3.src.rpm i386: libvorbis-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-devel-1.0-10.el3.i386.rpm ia64: libvorbis-1.0-10.el3.i386.rpm libvorbis-1.0-10.el3.ia64.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.ia64.rpm libvorbis-devel-1.0-10.el3.ia64.rpm x86_64: libvorbis-1.0-10.el3.i386.rpm libvorbis-1.0-10.el3.x86_64.rpm libvorbis-debuginfo-1.0-10.el3.i386.rpm libvorbis-debuginfo-1.0-10.el3.x86_64.rpm libvorbis-devel-1.0-10.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libvorbis-1.1.0-3.el4_6.1.src.rpm i386: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm ia64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.ia64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.ia64.rpm libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm ppc: libvorbis-1.1.0-3.el4_6.1.ppc.rpm libvorbis-1.1.0-3.el4_6.1.ppc64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.ppc.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.ppc64.rpm libvorbis-devel-1.1.0-3.el4_6.1.ppc.rpm s390: libvorbis-1.1.0-3.el4_6.1.s390.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.s390.rpm libvorbis-devel-1.1.0-3.el4_6.1.s390.rpm s390x: libvorbis-1.1.0-3.el4_6.1.s390.rpm libvorbis-1.1.0-3.el4_6.1.s390x.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.s390.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.s390x.rpm libvorbis-devel-1.1.0-3.el4_6.1.s390x.rpm x86_64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libvorbis-1.1.0-3.el4_6.1.src.rpm i386: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm x86_64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libvorbis-1.1.0-3.el4_6.1.src.rpm i386: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm ia64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.ia64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.ia64.rpm libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm x86_64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libvorbis-1.1.0-3.el4_6.1.src.rpm i386: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm ia64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.ia64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.ia64.rpm libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm x86_64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.i386.rpm libvorbis-debuginfo-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvorbis-1.1.2-3.el5_1.2.src.rpm i386: libvorbis-1.1.2-3.el5_1.2.i386.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.i386.rpm x86_64: libvorbis-1.1.2-3.el5_1.2.i386.rpm libvorbis-1.1.2-3.el5_1.2.x86_64.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.i386.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvorbis-1.1.2-3.el5_1.2.src.rpm i386: libvorbis-debuginfo-1.1.2-3.el5_1.2.i386.rpm libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm x86_64: libvorbis-debuginfo-1.1.2-3.el5_1.2.i386.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.x86_64.rpm libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm libvorbis-devel-1.1.2-3.el5_1.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libvorbis-1.1.2-3.el5_1.2.src.rpm i386: libvorbis-1.1.2-3.el5_1.2.i386.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.i386.rpm libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm ia64: libvorbis-1.1.2-3.el5_1.2.ia64.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.ia64.rpm libvorbis-devel-1.1.2-3.el5_1.2.ia64.rpm ppc: libvorbis-1.1.2-3.el5_1.2.ppc.rpm libvorbis-1.1.2-3.el5_1.2.ppc64.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.ppc.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.ppc64.rpm libvorbis-devel-1.1.2-3.el5_1.2.ppc.rpm libvorbis-devel-1.1.2-3.el5_1.2.ppc64.rpm s390x: libvorbis-1.1.2-3.el5_1.2.s390.rpm libvorbis-1.1.2-3.el5_1.2.s390x.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.s390.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.s390x.rpm libvorbis-devel-1.1.2-3.el5_1.2.s390.rpm libvorbis-devel-1.1.2-3.el5_1.2.s390x.rpm x86_64: libvorbis-1.1.2-3.el5_1.2.i386.rpm libvorbis-1.1.2-3.el5_1.2.x86_64.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.i386.rpm libvorbis-debuginfo-1.1.2-3.el5_1.2.x86_64.rpm libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm libvorbis-devel-1.1.2-3.el5_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIKp7GXlSAg2UNWIIRAiYeAKCweG9U0Z/hgYPz3cRzv5Au/2HkgQCePH8A hzpHXsyXrEVrjwmn7XbDJuo= =4z3Q -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 14 08:13:04 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 May 2008 04:13:04 -0400 Subject: [RHSA-2008:0271-01] Important: libvorbis security update Message-ID: <200805140813.m4E8D42s003603@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvorbis security update Advisory ID: RHSA-2008:0271-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0271.html Issue date: 2008-05-14 CVE Names: CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 CVE-2008-2009 ===================================================================== 1. Summary: Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Description: The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 440700 - CVE-2008-1419 vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow 440706 - CVE-2008-1420 vorbis: integer overflow in partvals computation 440709 - CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks 444443 - CVE-2008-2009 vorbis: insufficient validation of Huffman tree causing memory corruption in _make_decode_tree() 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libvorbis-1.0rc2-9.el2.src.rpm i386: libvorbis-1.0rc2-9.el2.i386.rpm libvorbis-devel-1.0rc2-9.el2.i386.rpm ia64: libvorbis-1.0rc2-9.el2.ia64.rpm libvorbis-devel-1.0rc2-9.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libvorbis-1.0rc2-9.el2.src.rpm ia64: libvorbis-1.0rc2-9.el2.ia64.rpm libvorbis-devel-1.0rc2-9.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libvorbis-1.0rc2-9.el2.src.rpm i386: libvorbis-1.0rc2-9.el2.i386.rpm libvorbis-devel-1.0rc2-9.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libvorbis-1.0rc2-9.el2.src.rpm i386: libvorbis-1.0rc2-9.el2.i386.rpm libvorbis-devel-1.0rc2-9.el2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2009 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIKp76XlSAg2UNWIIRAvRkAJ9nwrMgcKpfuCB9QEtQoLR5mHBO4ACeMJsB Yjvm/Op0zu9UzJvMpOcqTMw= =xleg -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 19 15:31:42 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 19 May 2008 11:31:42 -0400 Subject: [RHSA-2008:0267-01] Critical: java-1.6.0-ibm security update Message-ID: <200805191531.m4JFVgFP018321@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2008:0267-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0267.html Issue date: 2008-05-19 CVE Names: CVE-2008-1187 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 3. Description: IBM's 1.6.0 Java release includes the IBM Java 2 Runtime Environment, and the IBM Java 2 Software Development Kit. A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) Several buffer overflow flaws were found in Java Web Start (JWS). An untrusted JNLP application could access local files, or execute local applications accessible to the user running the JRE. (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196) A flaw was found in the Java plug-in. A remote attacker could bypass the same origin policy, executing arbitrary code with the permissions of the user running the JRE. (CVE-2008-1192) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possibly execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The JRE allowed untrusted JavaScript code to create local network connections by the use of Java APIs. A remote attacker could use these flaws to access local network services. (CVE-2008-1195) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, that contain IBM's 1.6.0 SR1 Java release, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation 436293 - CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190) 436295 - CVE-2008-1192 Java Plugin same-origin-policy bypass 436296 - CVE-2008-1193 JRE image parsing library allows privilege escalation (CVE-2008-1194) 436299 - CVE-2008-1195 Java-API calls in untrusted Javascript allow network privilege escalation 436302 - CVE-2008-1196 Buffer overflow security vulnerabilities in Java Web Start 444746 - CVE-2008-1191 Untrusted Java Web Start arbitrary file creation 6. Package List: RHEL Desktop Supplementary (v. 5 client): i386: java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196 http://www-128.ibm.com/developerworks/java/jdk/alerts/ http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIMZ1UXlSAg2UNWIIRAhwoAJ9cu+ref+CxMA888kw2j3ZNDR6Y9QCgu7Di 1OF8OHR8KLYNh5X0/S+86AQ= =NsNv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 20 10:02:09 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 May 2008 06:02:09 -0400 Subject: [RHSA-2008:0275-01] Important: kernel security and bug fix update Message-ID: <200805201002.m4KA29eC023604@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0275-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0275.html Issue date: 2008-05-20 CVE Names: CVE-2007-5093 CVE-2007-6282 CVE-2007-6712 CVE-2008-1615 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * on 64-bit architectures, the possibility of a timer-expiration value overflow was found in the Linux kernel high-resolution timers functionality, hrtimer. This could allow a local unprivileged user to setup a large interval value, forcing the timer expiry value to become negative, causing a denial of service (kernel hang). (CVE-2007-6712, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * a potential denial of service attack was discovered in the Linux kernel PWC USB video driver. A local unprivileged user could use this flaw to bring the kernel USB subsystem into the busy-waiting state, causing a denial of service. (CVE-2007-5093, Low) As well, these updated packages fix the following bugs: * in certain situations, a kernel hang and a possible panic occurred when disabling the cpufreq daemon. This may have prevented system reboots from completing successfully. * continual "softlockup" messages, which occurred on the guest's console after a successful save and restore of a Red Hat Enterprise Linux 5 para-virtualized guest, have been resolved. * in the previous kernel packages, the kernel may not have reclaimed NFS locks after a system reboot. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 306591 - CVE-2007-5093 kernel PWC driver DoS 400821 - rhel5.1s2 hang at 'Disabling ondemand cpu frequency scaling' [rhel-5.1.z] 404291 - CVE-2007-6282 IPSec ESP kernel panics 429516 - booting with maxcpus=1 panics when starting cpufreq service [rhel-5.1.z] 431430 - CVE-2008-1615 kernel: ptrace: Unprivileged crash on x86_64 %cs corruption 439999 - CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang) 444402 - [RHEL5]: Softlockup after save/restore in PV guest 445360 - RHEL5.1 kernel not reclaiming NFS locks when server reboots 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-53.1.21.el5.src.rpm i386: kernel-2.6.18-53.1.21.el5.i686.rpm kernel-PAE-2.6.18-53.1.21.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.21.el5.i686.rpm kernel-debug-2.6.18-53.1.21.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.21.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.21.el5.i686.rpm kernel-devel-2.6.18-53.1.21.el5.i686.rpm kernel-headers-2.6.18-53.1.21.el5.i386.rpm kernel-xen-2.6.18-53.1.21.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.21.el5.i686.rpm noarch: kernel-doc-2.6.18-53.1.21.el5.noarch.rpm x86_64: kernel-2.6.18-53.1.21.el5.x86_64.rpm kernel-debug-2.6.18-53.1.21.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.21.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.21.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.21.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.21.el5.x86_64.rpm kernel-devel-2.6.18-53.1.21.el5.x86_64.rpm kernel-headers-2.6.18-53.1.21.el5.x86_64.rpm kernel-xen-2.6.18-53.1.21.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.21.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.21.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-53.1.21.el5.src.rpm i386: kernel-2.6.18-53.1.21.el5.i686.rpm kernel-PAE-2.6.18-53.1.21.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.21.el5.i686.rpm kernel-debug-2.6.18-53.1.21.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.21.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.21.el5.i686.rpm kernel-devel-2.6.18-53.1.21.el5.i686.rpm kernel-headers-2.6.18-53.1.21.el5.i386.rpm kernel-xen-2.6.18-53.1.21.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.21.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.21.el5.i686.rpm ia64: kernel-2.6.18-53.1.21.el5.ia64.rpm kernel-debug-2.6.18-53.1.21.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-53.1.21.el5.ia64.rpm kernel-debug-devel-2.6.18-53.1.21.el5.ia64.rpm kernel-debuginfo-2.6.18-53.1.21.el5.ia64.rpm kernel-debuginfo-common-2.6.18-53.1.21.el5.ia64.rpm kernel-devel-2.6.18-53.1.21.el5.ia64.rpm kernel-headers-2.6.18-53.1.21.el5.ia64.rpm kernel-xen-2.6.18-53.1.21.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-53.1.21.el5.ia64.rpm kernel-xen-devel-2.6.18-53.1.21.el5.ia64.rpm noarch: kernel-doc-2.6.18-53.1.21.el5.noarch.rpm ppc: kernel-2.6.18-53.1.21.el5.ppc64.rpm kernel-debug-2.6.18-53.1.21.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-53.1.21.el5.ppc64.rpm kernel-debug-devel-2.6.18-53.1.21.el5.ppc64.rpm kernel-debuginfo-2.6.18-53.1.21.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-53.1.21.el5.ppc64.rpm kernel-devel-2.6.18-53.1.21.el5.ppc64.rpm kernel-headers-2.6.18-53.1.21.el5.ppc.rpm kernel-headers-2.6.18-53.1.21.el5.ppc64.rpm kernel-kdump-2.6.18-53.1.21.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-53.1.21.el5.ppc64.rpm kernel-kdump-devel-2.6.18-53.1.21.el5.ppc64.rpm s390x: kernel-2.6.18-53.1.21.el5.s390x.rpm kernel-debug-2.6.18-53.1.21.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-53.1.21.el5.s390x.rpm kernel-debug-devel-2.6.18-53.1.21.el5.s390x.rpm kernel-debuginfo-2.6.18-53.1.21.el5.s390x.rpm kernel-debuginfo-common-2.6.18-53.1.21.el5.s390x.rpm kernel-devel-2.6.18-53.1.21.el5.s390x.rpm kernel-headers-2.6.18-53.1.21.el5.s390x.rpm x86_64: kernel-2.6.18-53.1.21.el5.x86_64.rpm kernel-debug-2.6.18-53.1.21.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.21.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.21.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.21.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.21.el5.x86_64.rpm kernel-devel-2.6.18-53.1.21.el5.x86_64.rpm kernel-headers-2.6.18-53.1.21.el5.x86_64.rpm kernel-xen-2.6.18-53.1.21.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.21.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.21.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIMqD4XlSAg2UNWIIRAhK/AJ98DsHewofh5uN+K5rpPtn1JxoQJgCgnKJW EuCpQUULNYEX1G+rfZ+yA+g= =Ye6D -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 20 14:49:42 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 May 2008 10:49:42 -0400 Subject: [RHSA-2008:0489-01] Critical: gnutls security update Message-ID: <200805201449.m4KEng4f004735@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: gnutls security update Advisory ID: RHSA-2008:0489-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0489.html Issue date: 2008-05-20 CVE Names: CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 ===================================================================== 1. Summary: Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 5 includes applications, such as CUPS, that would be directly vulnerable to any such an exploit, however. Consequently, we have assigned it critical severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 447461 - CVE-2008-1948 GNUTLS-SA-2008-1-1 GnuTLS buffer overflow 447462 - CVE-2008-1949 GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference 447463 - CVE-2008-1950 GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_1.src.rpm i386: gnutls-1.4.1-3.el5_1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_1.i386.rpm gnutls-utils-1.4.1-3.el5_1.i386.rpm x86_64: gnutls-1.4.1-3.el5_1.i386.rpm gnutls-1.4.1-3.el5_1.x86_64.rpm gnutls-debuginfo-1.4.1-3.el5_1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_1.x86_64.rpm gnutls-utils-1.4.1-3.el5_1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_1.src.rpm i386: gnutls-debuginfo-1.4.1-3.el5_1.i386.rpm gnutls-devel-1.4.1-3.el5_1.i386.rpm x86_64: gnutls-debuginfo-1.4.1-3.el5_1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_1.x86_64.rpm gnutls-devel-1.4.1-3.el5_1.i386.rpm gnutls-devel-1.4.1-3.el5_1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnutls-1.4.1-3.el5_1.src.rpm i386: gnutls-1.4.1-3.el5_1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_1.i386.rpm gnutls-devel-1.4.1-3.el5_1.i386.rpm gnutls-utils-1.4.1-3.el5_1.i386.rpm ia64: gnutls-1.4.1-3.el5_1.i386.rpm gnutls-1.4.1-3.el5_1.ia64.rpm gnutls-debuginfo-1.4.1-3.el5_1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_1.ia64.rpm gnutls-devel-1.4.1-3.el5_1.ia64.rpm gnutls-utils-1.4.1-3.el5_1.ia64.rpm ppc: gnutls-1.4.1-3.el5_1.ppc.rpm gnutls-1.4.1-3.el5_1.ppc64.rpm gnutls-debuginfo-1.4.1-3.el5_1.ppc.rpm gnutls-debuginfo-1.4.1-3.el5_1.ppc64.rpm gnutls-devel-1.4.1-3.el5_1.ppc.rpm gnutls-devel-1.4.1-3.el5_1.ppc64.rpm gnutls-utils-1.4.1-3.el5_1.ppc.rpm s390x: gnutls-1.4.1-3.el5_1.s390.rpm gnutls-1.4.1-3.el5_1.s390x.rpm gnutls-debuginfo-1.4.1-3.el5_1.s390.rpm gnutls-debuginfo-1.4.1-3.el5_1.s390x.rpm gnutls-devel-1.4.1-3.el5_1.s390.rpm gnutls-devel-1.4.1-3.el5_1.s390x.rpm gnutls-utils-1.4.1-3.el5_1.s390x.rpm x86_64: gnutls-1.4.1-3.el5_1.i386.rpm gnutls-1.4.1-3.el5_1.x86_64.rpm gnutls-debuginfo-1.4.1-3.el5_1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_1.x86_64.rpm gnutls-devel-1.4.1-3.el5_1.i386.rpm gnutls-devel-1.4.1-3.el5_1.x86_64.rpm gnutls-utils-1.4.1-3.el5_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIMuUBXlSAg2UNWIIRAlKIAJ9hIDhnAHsww5O+8RpFuW2njUDgFACfQqZf XAbhp8KXDUbhkeIiL6wIEWM= =P2DK -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 20 14:57:44 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 May 2008 10:57:44 -0400 Subject: [RHSA-2008:0492-01] Important: gnutls security update Message-ID: <200805201457.m4KEviRe006545@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gnutls security update Advisory ID: RHSA-2008:0492-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0492.html Issue date: 2008-05-20 CVE Names: CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 ===================================================================== 1. Summary: Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 4 does not ship with any applications directly affected by this flaw. Third-party software which runs on Red Hat Enterprise Linux 4 could, however, be affected by this vulnerability. Consequently, we have assigned it important severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 447461 - CVE-2008-1948 GNUTLS-SA-2008-1-1 GnuTLS buffer overflow 447462 - CVE-2008-1949 GNUTLS-SA-2008-1-2 GnuTLS null-pointer dereference 447463 - CVE-2008-1950 GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnutls-1.0.20-4.el4_6.src.rpm i386: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-devel-1.0.20-4.el4_6.i386.rpm ia64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.ia64.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.ia64.rpm gnutls-devel-1.0.20-4.el4_6.ia64.rpm ppc: gnutls-1.0.20-4.el4_6.ppc.rpm gnutls-1.0.20-4.el4_6.ppc64.rpm gnutls-debuginfo-1.0.20-4.el4_6.ppc.rpm gnutls-debuginfo-1.0.20-4.el4_6.ppc64.rpm gnutls-devel-1.0.20-4.el4_6.ppc.rpm s390: gnutls-1.0.20-4.el4_6.s390.rpm gnutls-debuginfo-1.0.20-4.el4_6.s390.rpm gnutls-devel-1.0.20-4.el4_6.s390.rpm s390x: gnutls-1.0.20-4.el4_6.s390.rpm gnutls-1.0.20-4.el4_6.s390x.rpm gnutls-debuginfo-1.0.20-4.el4_6.s390.rpm gnutls-debuginfo-1.0.20-4.el4_6.s390x.rpm gnutls-devel-1.0.20-4.el4_6.s390x.rpm x86_64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.x86_64.rpm gnutls-devel-1.0.20-4.el4_6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnutls-1.0.20-4.el4_6.src.rpm i386: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-devel-1.0.20-4.el4_6.i386.rpm x86_64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.x86_64.rpm gnutls-devel-1.0.20-4.el4_6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnutls-1.0.20-4.el4_6.src.rpm i386: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-devel-1.0.20-4.el4_6.i386.rpm ia64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.ia64.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.ia64.rpm gnutls-devel-1.0.20-4.el4_6.ia64.rpm x86_64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.x86_64.rpm gnutls-devel-1.0.20-4.el4_6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnutls-1.0.20-4.el4_6.src.rpm i386: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-devel-1.0.20-4.el4_6.i386.rpm ia64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.ia64.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.ia64.rpm gnutls-devel-1.0.20-4.el4_6.ia64.rpm x86_64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_6.i386.rpm gnutls-debuginfo-1.0.20-4.el4_6.x86_64.rpm gnutls-devel-1.0.20-4.el4_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIMubjXlSAg2UNWIIRAunQAJ9JqlTaGnSiqVyym9rPhEQFNIY6gQCeKAUH avMSEbLh4NDwZLSw6lbF0ug= =UUQi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 07:51:12 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 03:51:12 -0400 Subject: [RHSA-2008:0287-01] Important: libxslt security update Message-ID: <200805210751.m4L7pDOA031459@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxslt security update Advisory ID: RHSA-2008:0287-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0287.html Issue date: 2008-05-21 CVE Names: CVE-2008-1767 ===================================================================== 1. Summary: Updated libxslt packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: libxslt is a C library, based on libxml, for parsing of XML files into other textual formats (eg HTML, plain text and other XML representations of the underlying data). It uses the standard XSLT stylesheet transformation mechanism and, being written in plain ANSI C, is designed to be simple to incorporate into other applications Anthony de Almeida Lopes reported the libxslt library did not properly process long "transformation match" conditions in the XSL stylesheet files. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the application using libxslt library to perform XSL transformations. (CVE-2008-1767) All users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 446809 - CVE-2008-1767 libxslt: fixed-sized steps array overflow via "template match" condition in XSL file 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxslt-1.0.15-3.src.rpm i386: libxslt-1.0.15-3.i386.rpm libxslt-devel-1.0.15-3.i386.rpm libxslt-python-1.0.15-3.i386.rpm ia64: libxslt-1.0.15-3.ia64.rpm libxslt-devel-1.0.15-3.ia64.rpm libxslt-python-1.0.15-3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxslt-1.0.15-3.src.rpm ia64: libxslt-1.0.15-3.ia64.rpm libxslt-devel-1.0.15-3.ia64.rpm libxslt-python-1.0.15-3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxslt-1.0.15-3.src.rpm i386: libxslt-1.0.15-3.i386.rpm libxslt-devel-1.0.15-3.i386.rpm libxslt-python-1.0.15-3.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxslt-1.0.15-3.src.rpm i386: libxslt-1.0.15-3.i386.rpm libxslt-devel-1.0.15-3.i386.rpm libxslt-python-1.0.15-3.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libxslt-1.0.33-6.src.rpm i386: libxslt-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-devel-1.0.33-6.i386.rpm ia64: libxslt-1.0.33-6.i386.rpm libxslt-1.0.33-6.ia64.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.ia64.rpm libxslt-devel-1.0.33-6.ia64.rpm ppc: libxslt-1.0.33-6.ppc.rpm libxslt-1.0.33-6.ppc64.rpm libxslt-debuginfo-1.0.33-6.ppc.rpm libxslt-debuginfo-1.0.33-6.ppc64.rpm libxslt-devel-1.0.33-6.ppc.rpm s390: libxslt-1.0.33-6.s390.rpm libxslt-debuginfo-1.0.33-6.s390.rpm libxslt-devel-1.0.33-6.s390.rpm s390x: libxslt-1.0.33-6.s390.rpm libxslt-1.0.33-6.s390x.rpm libxslt-debuginfo-1.0.33-6.s390.rpm libxslt-debuginfo-1.0.33-6.s390x.rpm libxslt-devel-1.0.33-6.s390x.rpm x86_64: libxslt-1.0.33-6.i386.rpm libxslt-1.0.33-6.x86_64.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.x86_64.rpm libxslt-devel-1.0.33-6.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libxslt-1.0.33-6.src.rpm i386: libxslt-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-devel-1.0.33-6.i386.rpm x86_64: libxslt-1.0.33-6.i386.rpm libxslt-1.0.33-6.x86_64.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.x86_64.rpm libxslt-devel-1.0.33-6.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libxslt-1.0.33-6.src.rpm i386: libxslt-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-devel-1.0.33-6.i386.rpm ia64: libxslt-1.0.33-6.i386.rpm libxslt-1.0.33-6.ia64.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.ia64.rpm libxslt-devel-1.0.33-6.ia64.rpm x86_64: libxslt-1.0.33-6.i386.rpm libxslt-1.0.33-6.x86_64.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.x86_64.rpm libxslt-devel-1.0.33-6.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libxslt-1.0.33-6.src.rpm i386: libxslt-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-devel-1.0.33-6.i386.rpm ia64: libxslt-1.0.33-6.i386.rpm libxslt-1.0.33-6.ia64.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.ia64.rpm libxslt-devel-1.0.33-6.ia64.rpm x86_64: libxslt-1.0.33-6.i386.rpm libxslt-1.0.33-6.x86_64.rpm libxslt-debuginfo-1.0.33-6.i386.rpm libxslt-debuginfo-1.0.33-6.x86_64.rpm libxslt-devel-1.0.33-6.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libxslt-1.1.11-1.el4_6.1.src.rpm i386: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-devel-1.1.11-1.el4_6.1.i386.rpm libxslt-python-1.1.11-1.el4_6.1.i386.rpm ia64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.ia64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.ia64.rpm libxslt-devel-1.1.11-1.el4_6.1.ia64.rpm libxslt-python-1.1.11-1.el4_6.1.ia64.rpm ppc: libxslt-1.1.11-1.el4_6.1.ppc.rpm libxslt-1.1.11-1.el4_6.1.ppc64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.ppc.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.ppc64.rpm libxslt-devel-1.1.11-1.el4_6.1.ppc.rpm libxslt-python-1.1.11-1.el4_6.1.ppc.rpm s390: libxslt-1.1.11-1.el4_6.1.s390.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.s390.rpm libxslt-devel-1.1.11-1.el4_6.1.s390.rpm libxslt-python-1.1.11-1.el4_6.1.s390.rpm s390x: libxslt-1.1.11-1.el4_6.1.s390.rpm libxslt-1.1.11-1.el4_6.1.s390x.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.s390.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.s390x.rpm libxslt-devel-1.1.11-1.el4_6.1.s390x.rpm libxslt-python-1.1.11-1.el4_6.1.s390x.rpm x86_64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.x86_64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.x86_64.rpm libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libxslt-1.1.11-1.el4_6.1.src.rpm i386: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-devel-1.1.11-1.el4_6.1.i386.rpm libxslt-python-1.1.11-1.el4_6.1.i386.rpm x86_64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.x86_64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.x86_64.rpm libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libxslt-1.1.11-1.el4_6.1.src.rpm i386: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-devel-1.1.11-1.el4_6.1.i386.rpm libxslt-python-1.1.11-1.el4_6.1.i386.rpm ia64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.ia64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.ia64.rpm libxslt-devel-1.1.11-1.el4_6.1.ia64.rpm libxslt-python-1.1.11-1.el4_6.1.ia64.rpm x86_64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.x86_64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.x86_64.rpm libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libxslt-1.1.11-1.el4_6.1.src.rpm i386: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-devel-1.1.11-1.el4_6.1.i386.rpm libxslt-python-1.1.11-1.el4_6.1.i386.rpm ia64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.ia64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.ia64.rpm libxslt-devel-1.1.11-1.el4_6.1.ia64.rpm libxslt-python-1.1.11-1.el4_6.1.ia64.rpm x86_64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.x86_64.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.i386.rpm libxslt-debuginfo-1.1.11-1.el4_6.1.x86_64.rpm libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-2.el5_1.1.src.rpm i386: libxslt-1.1.17-2.el5_1.1.i386.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.i386.rpm libxslt-python-1.1.17-2.el5_1.1.i386.rpm x86_64: libxslt-1.1.17-2.el5_1.1.i386.rpm libxslt-1.1.17-2.el5_1.1.x86_64.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.i386.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.x86_64.rpm libxslt-python-1.1.17-2.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-2.el5_1.1.src.rpm i386: libxslt-debuginfo-1.1.17-2.el5_1.1.i386.rpm libxslt-devel-1.1.17-2.el5_1.1.i386.rpm x86_64: libxslt-debuginfo-1.1.17-2.el5_1.1.i386.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.x86_64.rpm libxslt-devel-1.1.17-2.el5_1.1.i386.rpm libxslt-devel-1.1.17-2.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxslt-1.1.17-2.el5_1.1.src.rpm i386: libxslt-1.1.17-2.el5_1.1.i386.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.i386.rpm libxslt-devel-1.1.17-2.el5_1.1.i386.rpm libxslt-python-1.1.17-2.el5_1.1.i386.rpm ia64: libxslt-1.1.17-2.el5_1.1.i386.rpm libxslt-1.1.17-2.el5_1.1.ia64.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.i386.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.ia64.rpm libxslt-devel-1.1.17-2.el5_1.1.ia64.rpm libxslt-python-1.1.17-2.el5_1.1.ia64.rpm ppc: libxslt-1.1.17-2.el5_1.1.ppc.rpm libxslt-1.1.17-2.el5_1.1.ppc64.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.ppc.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.ppc64.rpm libxslt-devel-1.1.17-2.el5_1.1.ppc.rpm libxslt-devel-1.1.17-2.el5_1.1.ppc64.rpm libxslt-python-1.1.17-2.el5_1.1.ppc.rpm s390x: libxslt-1.1.17-2.el5_1.1.s390.rpm libxslt-1.1.17-2.el5_1.1.s390x.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.s390.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.s390x.rpm libxslt-devel-1.1.17-2.el5_1.1.s390.rpm libxslt-devel-1.1.17-2.el5_1.1.s390x.rpm libxslt-python-1.1.17-2.el5_1.1.s390x.rpm x86_64: libxslt-1.1.17-2.el5_1.1.i386.rpm libxslt-1.1.17-2.el5_1.1.x86_64.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.i386.rpm libxslt-debuginfo-1.1.17-2.el5_1.1.x86_64.rpm libxslt-devel-1.1.17-2.el5_1.1.i386.rpm libxslt-devel-1.1.17-2.el5_1.1.x86_64.rpm libxslt-python-1.1.17-2.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIM9RkXlSAg2UNWIIRAleaAJ9n5/NiJkXyjXXuEbfU3DOP+rUfSQCgntyh oioAmn/GB0hT/Eq72vYZ9CY= =q2Ft -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 14:28:23 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 10:28:23 -0400 Subject: [RHSA-2008:0061-02] Moderate: setroubleshoot security and bug fix update Message-ID: <200805211428.m4LESNuh029997@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: setroubleshoot security and bug fix update Advisory ID: RHSA-2008:0061-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0061.html Issue date: 2008-05-20 Updated on: 2008-05-21 CVE Names: CVE-2007-5495 CVE-2007-5496 ===================================================================== 1. Summary: Updated setroubleshoot packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - noarch Red Hat Enterprise Linux (v. 5 server) - noarch 3. Description: The setroubleshoot packages provide tools to help diagnose SELinux problems. When AVC messages occur, an alert is generated that gives information about the problem, and how to create a resolution. A flaw was found in the way sealert wrote diagnostic messages to a temporary file. A local unprivileged user could perform a symbolic link attack, and cause arbitrary files, writable by other users, to be overwritten when a victim runs sealert. (CVE-2007-5495) A flaw was found in the way sealert displayed records from the setroubleshoot database as unescaped HTML. An local unprivileged attacker could cause AVC denial events with carefully crafted process or file names, injecting arbitrary HTML tags into the logs, which could be used as a scripting attack, or to confuse the user running sealert. (CVE-2007-5496) Additionally, the following bugs have been fixed in these update packages: * in certain situations, the sealert process used excessive CPU. These alerts are now capped at a maximum of 30, D-Bus is used instead of polling, threads causing excessive wake-up have been removed, and more robust exception-handling has been added. * different combinations of the sealert '-a', '-l', '-H', and '-v' options did not work as documented. * the SETroubleShoot browser did not allow multiple entries to be deleted. * the SETroubleShoot browser did not display statements that displayed whether SELinux was using Enforcing or Permissive mode, particularly when warning about SELinux preventions. * in certain cases, the SETroubleShoot browser gave incorrect instructions regarding paths, and would not display the full paths to files. * adding an email recipient to the recipients option from the /etc/setroubleshoot/setroubleshoot.cfg file and then generating an SELinux denial caused a traceback error. The recipients option has been removed; email addresses are now managed through the SETroubleShoot browser by navigating to File -> Edit Email Alert List, or by editing the /var/lib/setroubleshoot/email_alert_recipients file. * the setroubleshoot browser incorrectly displayed a period between the httpd_sys_content_t context and the directory path. * on the PowerPC architecture, The get_credentials() function in access_control.py would generate an exception when it called the socket.getsockopt() function. * The code which handles path information has been completely rewritten so that assumptions on path information which were misleading are no longer made. If the path information is not present, it will be presented as "". * setroubleshoot had problems with non-English locales under certain circumstances, possibly causing a python traceback, an sealert window pop-up containing an error, a "RuntimeError: maximum recursion depth exceeded" error after a traceback, or a "UnicodeEncodeError" after a traceback. * sealert ran even when SELinux was disabled, causing "attempt to open server connection failed" errors. Sealert now checks whether SELinux is enabled or disabled. * the database setroubleshoot maintains was world-readable. The setroubleshoot database is now mode 600, and is owned by the root user and group. * setroubleshoot did not validate requests to set AVC filtering options for users. In these updated packages, checks ensure that requests originate from the filter owner. * the previous setroubleshoot packages required a number of GNOME packages and libraries. setroubleshoot has therefore been split into 2 packages: setroubleshoot and setroubleshoot-server. * a bug in decoding the audit field caused an "Input is not proper UTF-8, indicate encoding!" error message. The decoding code has been rewritten. * a file name mismatch in the setroubleshoot init script would cause a failure to shut down. Users of setroubleshoot are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 227806 - setroubleshoot browser doesn't allow multiple entry deletion 240355 - setroubleshoot gives bad suggestions 241543 - Adding recipents entry to config file crashes setroubleshoot 243800 - typo in sealert / setroubleshoot suggestion 244345 - missing filename in setroubleshoot (AVC.get_path() returns incomplete path) 250239 - Runtime Error: maximum recursion depth exceeded 288221 - CVE-2007-5495 setroubleshoot insecure logging 288271 - CVE-2007-5496 setroubleshoot log injection 288881 - setroubleshoot failure when httpd is trying to access rpm_log_t 312281 - setroubleshoot requires gnome to run 431768 - setroubleshoot - audit_listener_database.xml:3029: parser error in xmlParseDoc() 436564 - socket.getsockopt() on ppc generates exception 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/setroubleshoot-2.0.5-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/setroubleshoot-plugins-2.0.4-2.el5.src.rpm noarch: setroubleshoot-2.0.5-3.el5.noarch.rpm setroubleshoot-plugins-2.0.4-2.el5.noarch.rpm setroubleshoot-server-2.0.5-3.el5.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/setroubleshoot-2.0.5-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/setroubleshoot-plugins-2.0.4-2.el5.src.rpm noarch: setroubleshoot-2.0.5-3.el5.noarch.rpm setroubleshoot-plugins-2.0.4-2.el5.noarch.rpm setroubleshoot-server-2.0.5-3.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5496 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFINDF9XlSAg2UNWIIRAkHzAJ0YcawxJSJKZPdqP3c6znexeA44/wCeL0MB SPdFNZlyQ5cKA915HmCC7Yw= =/U9U -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 14:28:50 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 10:28:50 -0400 Subject: [RHSA-2008:0295-01] Low: vsftpd security and bug fix update Message-ID: <200805211428.m4LESo5Q030019@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: vsftpd security and bug fix update Advisory ID: RHSA-2008:0295-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0295.html Issue date: 2008-05-21 CVE Names: CVE-2007-5962 ===================================================================== 1. Summary: An updated vsftpd package that fixes a security issue and several bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The vsftpd package includes a Very Secure File Transfer Protocol (FTP) daemon. A memory leak was discovered in the vsftpd daemon. An attacker who is able to connect to an FTP service, either as an authenticated or anonymous user, could cause vsftpd to allocate all available memory if the "deny_file" option was enabled in vsftpd.conf. (CVE-2007-5962) As well, this updated package fixes following bugs: * a race condition could occur even when the "lock_upload_files" option is set. When uploading two files simultaneously, the result was a combination of the two files. This resulted in uploaded files becoming corrupted. In these updated packages, uploading two files simultaneously will result in a file that is identical to the last uploaded file. * when the "userlist_enable" option is used, failed log in attempts as a result of the user not being in the list of allowed users, or being in the list of denied users, will not be logged. In these updated packages, a new "userlist_log=YES" option can be configured in vsftpd.conf, which will log failed log in attempts in these situations. * vsftpd did not support usernames that started with an underscore or a period character. Usernames starting with an underscore or a period are supported in these updated packages. * using wildcards in conjunction with the "ls" command did not return all the file names it should. For example, if you FTPed into a directory containing three files -- A1, A21 and A11 -- and ran the "ls *1" command, only the file names A1 and A21 were returned. These updated packages use greedier code that continues to speculatively scan for items even after matches have been found. * when the "user_config_dir" option is enabled in vsftpd.conf, and the user-specific configuration file did not exist, the following error occurred after a user entered their password during the log in process: 500 OOPS: reading non-root config file This has been resolved in this updated package. All vsftpd users are advised to upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 240553 - vsftpd has a create/lock race condition which corrupts uploads 392181 - vsftpd file listing issue with wildcard 392231 - Uploaded file corrupted when two connections from same client uploading same file simultaneously 397011 - CVE-2007-5962 vsftpd: memory leak when deny_file option is set 400921 - OOPS: reading non-root config file 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vsftpd-2.0.5-12.el5.src.rpm i386: vsftpd-2.0.5-12.el5.i386.rpm vsftpd-debuginfo-2.0.5-12.el5.i386.rpm x86_64: vsftpd-2.0.5-12.el5.x86_64.rpm vsftpd-debuginfo-2.0.5-12.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vsftpd-2.0.5-12.el5.src.rpm i386: vsftpd-2.0.5-12.el5.i386.rpm vsftpd-debuginfo-2.0.5-12.el5.i386.rpm ia64: vsftpd-2.0.5-12.el5.ia64.rpm vsftpd-debuginfo-2.0.5-12.el5.ia64.rpm ppc: vsftpd-2.0.5-12.el5.ppc.rpm vsftpd-debuginfo-2.0.5-12.el5.ppc.rpm s390x: vsftpd-2.0.5-12.el5.s390x.rpm vsftpd-debuginfo-2.0.5-12.el5.s390x.rpm x86_64: vsftpd-2.0.5-12.el5.x86_64.rpm vsftpd-debuginfo-2.0.5-12.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5962 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFINDGOXlSAg2UNWIIRAvAdAJ9VO+ddDYvcoY8hppyJwzmTHdoGtQCgr6Jg lM2d7tmmxF0YKVNo4WLrvWw= =XWhK -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 14:29:52 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 10:29:52 -0400 Subject: [RHSA-2008:0297-02] Low: dovecot security and bug fix update Message-ID: <200805211429.m4LETqcn030149@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: dovecot security and bug fix update Advisory ID: RHSA-2008:0297-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0297.html Issue date: 2008-05-20 Updated on: 2008-05-21 CVE Names: CVE-2007-2231 CVE-2007-4211 CVE-2007-6598 CVE-2008-1199 ===================================================================== 1. Summary: An updated dovecot package that fixes several security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Dovecot is an IMAP server for Linux and UNIX-like systems, primarily written with security in mind. A flaw was discovered in the way Dovecot handled the "mail_extra_groups" option. An authenticated attacker with local shell access could leverage this flaw to read, modify, or delete other users mail that is stored on the mail server. (CVE-2008-1199) This issue did not affect the default Red Hat Enterprise Linux 5 Dovecot configuration. This update adds two new configuration options -- "mail_privileged_group" and "mail_access_groups" -- to minimize the usage of additional privileges. A directory traversal flaw was discovered in Dovecot's zlib plug-in. An authenticated user could use this flaw to view other compressed mailboxes with the permissions of the Dovecot process. (CVE-2007-2231) A flaw was found in the Dovecot ACL plug-in. User with only insert permissions for a mailbox could use the "COPY" and "APPEND" commands to set additional message flags. (CVE-2007-4211) A flaw was found in a way Dovecot cached LDAP query results in certain configurations. This could possibly allow authenticated users to log in as a different user who has the same password. (CVE-2007-6598) As well, this updated package fixes the following bugs: * configuring "userdb" and "passdb" to use LDAP caused Dovecot to hang. A segmentation fault may have occurred. In this updated package, using an LDAP backend for "userdb" and "passdb" no longer causes Dovecot to hang. * the Dovecot "login_process_size" limit was configured for 32-bit systems. On 64-bit systems, when Dovecot was configured to use either IMAP or POP3, the log in processes crashed with out-of-memory errors. Errors such as the following were logged: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory In this updated package, the "login_process_size" limit is correctly configured on 64-bit systems, which resolves this issue. Note: this updated package upgrades dovecot to version 1.0.7. For further details, refer to the Dovecot changelog: http://koji.fedoraproject.org/koji/buildinfo?buildID=23397 Users of dovecot are advised to upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 238439 - CVE-2007-2231 Directory traversal in dovecot with zlib plugin 245249 - Dovecot hangs while using ldap backend. 251007 - CVE-2007-4211 Dovecot possible privilege ascalation in ACL plugin 253363 - Dovecot pop3-login/imap-login crash with OOM error 331441 - Please consider upgrading Dovecot to 1.0rc23 at least 380401 - tracker bug for 1.0.7 rebase 427575 - CVE-2007-6598: dovecot LDAP+auth cache user login mixup 436927 - CVE-2008-1199 dovecot: insecure mail_extra_groups option 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dovecot-1.0.7-2.el5.src.rpm i386: dovecot-1.0.7-2.el5.i386.rpm dovecot-debuginfo-1.0.7-2.el5.i386.rpm x86_64: dovecot-1.0.7-2.el5.x86_64.rpm dovecot-debuginfo-1.0.7-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dovecot-1.0.7-2.el5.src.rpm i386: dovecot-1.0.7-2.el5.i386.rpm dovecot-debuginfo-1.0.7-2.el5.i386.rpm ia64: dovecot-1.0.7-2.el5.ia64.rpm dovecot-debuginfo-1.0.7-2.el5.ia64.rpm ppc: dovecot-1.0.7-2.el5.ppc.rpm dovecot-debuginfo-1.0.7-2.el5.ppc.rpm s390x: dovecot-1.0.7-2.el5.s390x.rpm dovecot-debuginfo-1.0.7-2.el5.s390x.rpm x86_64: dovecot-1.0.7-2.el5.x86_64.rpm dovecot-debuginfo-1.0.7-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1199 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFINDGqXlSAg2UNWIIRAsOeAJwKM3PYlb29LhOkcBx0olvLEhVqFgCeNBkT tjyub6/ivPbuDLqT6Y06D/Y= =peHK -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 14:30:30 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 10:30:30 -0400 Subject: [RHSA-2008:0300-02] Moderate: bind security, bug fix, and enhancement update Message-ID: <200805211430.m4LEUUUL030709@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security, bug fix, and enhancement update Advisory ID: RHSA-2008:0300-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0300.html Issue date: 2008-05-20 Updated on: 2008-05-21 Keywords: gss-tsig lsb sdb CVE Names: CVE-2007-6283 CVE-2008-0122 ===================================================================== 1. Summary: Updated bind packages that fix two security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that the bind packages created the "rndc.key" file with insecure file permissions. This allowed any local user to read the content of this file. A local user could use this flaw to control some aspects of the named daemon by using the rndc utility, for example, stopping the named daemon. This problem did not affect systems with the bind-chroot package installed. (CVE-2007-6283) A buffer overflow flaw was discovered in the "inet_network()" function, as implemented by libbind. An attacker could use this flaw to crash an application calling this function, with an argument provided from an untrusted source. (CVE-2008-0122) As well, these updated packages fix the following bugs: * when using an LDAP backend, missing function declarations caused segmentation faults, due to stripped pointers on machines where pointers are longer than integers. * starting named may have resulted in named crashing, due to a race condition during D-BUS connection initialization. This has been resolved in these updated packages. * the named init script returned incorrect error codes, causing the "status" command to return an incorrect status. In these updated packages, the named init script is Linux Standard Base (LSB) compliant. * in these updated packages, the "rndc [command] [zone]" command, where [command] is an rndc command, and [zone] is the specified zone, will find the [zone] if the zone is unique to all views. * the default named log rotation script did not work correctly when using the bind-chroot package. In these updated packages, installing bind-chroot creates the symbolic link "/var/log/named.log", which points to "/var/named/chroot/var/log/named.log", which resolves this issue. * a previous bind update incorrectly changed the permissions on the "/etc/openldap/schema/dnszone.schema" file to mode 640, instead of mode 644, which resulted in OpenLDAP not being able to start. In these updated packages, the permissions are correctly set to mode 644. * the "checkconfig" parameter was missing in the named usage report. For example, running the "service named" command did not return "checkconfig" in the list of available options. * due to a bug in the named init script not handling the rndc return value correctly, the "service named stop" and "service named restart" commands failed on certain systems. * the bind-chroot spec file printed errors when running the "%pre" and "%post" sections. Errors such as the following occurred: Locating //etc/named.conf failed: [FAILED] This has been resolved in these updated packages. * installing the bind-chroot package creates a "/dev/random" file in the chroot environment; however, the "/dev/random" file had an incorrect SELinux label. Starting named resulted in an 'avc: denied { getattr } for pid=[pid] comm="named" path="/dev/random"' error being logged. The "/dev/random" file has the correct SELinux label in these updated packages. * in certain situations, running the "bind +trace" command resulted in random segmentation faults. As well, these updated packages add the following enhancements: * support has been added for GSS-TSIG (RFC 3645). * the "named.root" file has been updated to reflect the new address for L.ROOT-SERVERS.NET. * updates BIND to the latest 9.3 maintenance release. All users of bind are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 240788 - bind_sdb, ldap2zone segfaulting 240876 - bind crashes on restart and also when running without forwarders 242734 - Wrong init script 247486 - bind-chroot does not modify /etc/logrotate.d/named 250118 - dnszone.schema bad file permissions 250744 - missed parameter "configtest" in init script usage report 250901 - "service named restart" fails 251528 - RFE: add support for GSSTSIG 252334 - bind-chroot-9.3.3-9.0.1 leaks error noise in its scripts 253537 - avc: denied { getattr } for comm="named" path="/dev/random" 353741 - Rebase to latest 9.3 maintenance release 363531 - New L.ROOT-SERVERS.NET address 419421 - CVE-2007-6283 bind: /etc/rndc.key has 644 permissions by default 423741 - resolver library causes segfaults in bind-utils such as dig,ping 429149 - CVE-2008-0122 libbind off-by-one buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.4-6.P1.el5.src.rpm i386: bind-9.3.4-6.P1.el5.i386.rpm bind-debuginfo-9.3.4-6.P1.el5.i386.rpm bind-libs-9.3.4-6.P1.el5.i386.rpm bind-sdb-9.3.4-6.P1.el5.i386.rpm bind-utils-9.3.4-6.P1.el5.i386.rpm x86_64: bind-9.3.4-6.P1.el5.x86_64.rpm bind-debuginfo-9.3.4-6.P1.el5.i386.rpm bind-debuginfo-9.3.4-6.P1.el5.x86_64.rpm bind-libs-9.3.4-6.P1.el5.i386.rpm bind-libs-9.3.4-6.P1.el5.x86_64.rpm bind-sdb-9.3.4-6.P1.el5.x86_64.rpm bind-utils-9.3.4-6.P1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.4-6.P1.el5.src.rpm i386: bind-chroot-9.3.4-6.P1.el5.i386.rpm bind-debuginfo-9.3.4-6.P1.el5.i386.rpm bind-devel-9.3.4-6.P1.el5.i386.rpm bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm caching-nameserver-9.3.4-6.P1.el5.i386.rpm x86_64: bind-chroot-9.3.4-6.P1.el5.x86_64.rpm bind-debuginfo-9.3.4-6.P1.el5.i386.rpm bind-debuginfo-9.3.4-6.P1.el5.x86_64.rpm bind-devel-9.3.4-6.P1.el5.i386.rpm bind-devel-9.3.4-6.P1.el5.x86_64.rpm bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm bind-libbind-devel-9.3.4-6.P1.el5.x86_64.rpm caching-nameserver-9.3.4-6.P1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.4-6.P1.el5.src.rpm i386: bind-9.3.4-6.P1.el5.i386.rpm bind-chroot-9.3.4-6.P1.el5.i386.rpm bind-debuginfo-9.3.4-6.P1.el5.i386.rpm bind-devel-9.3.4-6.P1.el5.i386.rpm bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm bind-libs-9.3.4-6.P1.el5.i386.rpm bind-sdb-9.3.4-6.P1.el5.i386.rpm bind-utils-9.3.4-6.P1.el5.i386.rpm caching-nameserver-9.3.4-6.P1.el5.i386.rpm ia64: bind-9.3.4-6.P1.el5.ia64.rpm bind-chroot-9.3.4-6.P1.el5.ia64.rpm bind-debuginfo-9.3.4-6.P1.el5.i386.rpm bind-debuginfo-9.3.4-6.P1.el5.ia64.rpm bind-devel-9.3.4-6.P1.el5.ia64.rpm bind-libbind-devel-9.3.4-6.P1.el5.ia64.rpm bind-libs-9.3.4-6.P1.el5.i386.rpm bind-libs-9.3.4-6.P1.el5.ia64.rpm bind-sdb-9.3.4-6.P1.el5.ia64.rpm bind-utils-9.3.4-6.P1.el5.ia64.rpm caching-nameserver-9.3.4-6.P1.el5.ia64.rpm ppc: bind-9.3.4-6.P1.el5.ppc.rpm bind-chroot-9.3.4-6.P1.el5.ppc.rpm bind-debuginfo-9.3.4-6.P1.el5.ppc.rpm bind-debuginfo-9.3.4-6.P1.el5.ppc64.rpm bind-devel-9.3.4-6.P1.el5.ppc.rpm bind-devel-9.3.4-6.P1.el5.ppc64.rpm bind-libbind-devel-9.3.4-6.P1.el5.ppc.rpm bind-libbind-devel-9.3.4-6.P1.el5.ppc64.rpm bind-libs-9.3.4-6.P1.el5.ppc.rpm bind-libs-9.3.4-6.P1.el5.ppc64.rpm bind-sdb-9.3.4-6.P1.el5.ppc.rpm bind-utils-9.3.4-6.P1.el5.ppc.rpm caching-nameserver-9.3.4-6.P1.el5.ppc.rpm s390x: bind-9.3.4-6.P1.el5.s390x.rpm bind-chroot-9.3.4-6.P1.el5.s390x.rpm bind-debuginfo-9.3.4-6.P1.el5.s390.rpm bind-debuginfo-9.3.4-6.P1.el5.s390x.rpm bind-devel-9.3.4-6.P1.el5.s390.rpm bind-devel-9.3.4-6.P1.el5.s390x.rpm bind-libbind-devel-9.3.4-6.P1.el5.s390.rpm bind-libbind-devel-9.3.4-6.P1.el5.s390x.rpm bind-libs-9.3.4-6.P1.el5.s390.rpm bind-libs-9.3.4-6.P1.el5.s390x.rpm bind-sdb-9.3.4-6.P1.el5.s390x.rpm bind-utils-9.3.4-6.P1.el5.s390x.rpm caching-nameserver-9.3.4-6.P1.el5.s390x.rpm x86_64: bind-9.3.4-6.P1.el5.x86_64.rpm bind-chroot-9.3.4-6.P1.el5.x86_64.rpm bind-debuginfo-9.3.4-6.P1.el5.i386.rpm bind-debuginfo-9.3.4-6.P1.el5.x86_64.rpm bind-devel-9.3.4-6.P1.el5.i386.rpm bind-devel-9.3.4-6.P1.el5.x86_64.rpm bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm bind-libbind-devel-9.3.4-6.P1.el5.x86_64.rpm bind-libs-9.3.4-6.P1.el5.i386.rpm bind-libs-9.3.4-6.P1.el5.x86_64.rpm bind-sdb-9.3.4-6.P1.el5.x86_64.rpm bind-utils-9.3.4-6.P1.el5.x86_64.rpm caching-nameserver-9.3.4-6.P1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFINDHvXlSAg2UNWIIRAia8AJ9cwIMZ6KExQLVgCPAIMULjcefR1ACgnlYa 0//nmfeApeTQaT/uZaR3LRQ= =nRjq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 14:31:13 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 10:31:13 -0400 Subject: [RHSA-2008:0364-01] Low: mysql security and bug fix update Message-ID: <200805211431.m4LEVDpG030768@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: mysql security and bug fix update Advisory ID: RHSA-2008:0364-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0364.html Issue date: 2008-05-20 Updated on: 2008-05-21 CVE Names: CVE-2006-0903 CVE-2006-4031 CVE-2006-4227 CVE-2006-7232 CVE-2007-1420 CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3781 CVE-2007-3782 ===================================================================== 1. Summary: Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not require privileges such as "SELECT" for the source table in a "CREATE TABLE LIKE" statement. An authenticated user could obtain sensitive information, such as the table structure. (CVE-2007-3781) A flaw was discovered in MySQL that allowed an authenticated user to gain update privileges for a table in another database, via a view that refers to the external table. (CVE-2007-3782) MySQL did not require the "DROP" privilege for "RENAME TABLE" statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) A flaw was discovered in the mysql_change_db function when returning from SQL SECURITY INVOKER stored routines. An authenticated user could use this flaw to gain database privileges. (CVE-2007-2692) MySQL allowed an authenticated user to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query function. (CVE-2006-0903) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the "--skip-merge" option. (CVE-2006-4031) MySQL evaluated arguments in the wrong security context, which allowed an authenticated user to gain privileges through a routine that had been made available using "GRANT EXECUTE". (CVE-2006-4227) Multiple flaws in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583) As well, these updated packages fix the following bugs: * a separate counter was used for "insert delayed" statements, which caused rows to be discarded. In these updated packages, "insert delayed" statements no longer use a separate counter, which resolves this issue. * due to a bug in the Native POSIX Thread Library, in certain situations, "flush tables" caused a deadlock on tables that had a read lock. The mysqld daemon had to be killed forcefully. Now, "COND_refresh" has been replaced with "COND_global_read_lock", which resolves this issue. * mysqld crashed if a query for an unsigned column type contained a negative value for a "WHERE [column] NOT IN" subquery. * in master and slave server situations, specifying "on duplicate key update" for "insert" statements did not update slave servers. * in the mysql client, empty strings were displayed as "NULL". For example, running "insert into [table-name] values (' ');" resulted in a "NULL" entry being displayed when querying the table using "select * from [table-name];". * a bug in the optimizer code resulted in certain queries executing much slower than expected. * on 64-bit PowerPC architectures, MySQL did not calculate the thread stack size correctly, which could have caused MySQL to crash when overly-complex queries were used. Note: these updated packages upgrade MySQL to version 5.0.45. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html All mysql users are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 194613 - CVE-2006-0903 Mysql log file obfuscation 202246 - CVE-2006-4031 MySQL improper permission revocation 216427 - CVE-2006-4227 mysql improper suid argument evaluation 232603 - CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements 240813 - CVE-2007-2583 mysql: DoS via statement with crafted IF clause 241688 - CVE-2007-2691 mysql DROP privilege not enforced when renaming tables 241689 - CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges 248553 - CVE-2007-3781 CVE-2007-3782 New release of MySQL fixes security bugs 254012 - Mysql bug 20048: 5.0.22 FLUSH TABLES WITH READ LOCK bug; need upgrade to 5.0.23 256501 - mysql 5.0.22 still has a lot of bugs ; need upgrade 349121 - MySQL client will display empty strings as NULL (fixed in 5.0.23) 434264 - CVE-2006-7232 mysql: daemon crash via EXPLAIN on queries on information schema 435391 - mysql does not calculate thread stack size correctly for RHEL5 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.45-7.el5.src.rpm i386: mysql-5.0.45-7.el5.i386.rpm mysql-debuginfo-5.0.45-7.el5.i386.rpm x86_64: mysql-5.0.45-7.el5.i386.rpm mysql-5.0.45-7.el5.x86_64.rpm mysql-debuginfo-5.0.45-7.el5.i386.rpm mysql-debuginfo-5.0.45-7.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.45-7.el5.src.rpm i386: mysql-bench-5.0.45-7.el5.i386.rpm mysql-debuginfo-5.0.45-7.el5.i386.rpm mysql-devel-5.0.45-7.el5.i386.rpm mysql-server-5.0.45-7.el5.i386.rpm mysql-test-5.0.45-7.el5.i386.rpm x86_64: mysql-bench-5.0.45-7.el5.x86_64.rpm mysql-debuginfo-5.0.45-7.el5.i386.rpm mysql-debuginfo-5.0.45-7.el5.x86_64.rpm mysql-devel-5.0.45-7.el5.i386.rpm mysql-devel-5.0.45-7.el5.x86_64.rpm mysql-server-5.0.45-7.el5.x86_64.rpm mysql-test-5.0.45-7.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql-5.0.45-7.el5.src.rpm i386: mysql-5.0.45-7.el5.i386.rpm mysql-bench-5.0.45-7.el5.i386.rpm mysql-debuginfo-5.0.45-7.el5.i386.rpm mysql-devel-5.0.45-7.el5.i386.rpm mysql-server-5.0.45-7.el5.i386.rpm mysql-test-5.0.45-7.el5.i386.rpm ia64: mysql-5.0.45-7.el5.i386.rpm mysql-5.0.45-7.el5.ia64.rpm mysql-bench-5.0.45-7.el5.ia64.rpm mysql-debuginfo-5.0.45-7.el5.i386.rpm mysql-debuginfo-5.0.45-7.el5.ia64.rpm mysql-devel-5.0.45-7.el5.ia64.rpm mysql-server-5.0.45-7.el5.ia64.rpm mysql-test-5.0.45-7.el5.ia64.rpm ppc: mysql-5.0.45-7.el5.ppc.rpm mysql-5.0.45-7.el5.ppc64.rpm mysql-bench-5.0.45-7.el5.ppc.rpm mysql-debuginfo-5.0.45-7.el5.ppc.rpm mysql-debuginfo-5.0.45-7.el5.ppc64.rpm mysql-devel-5.0.45-7.el5.ppc.rpm mysql-devel-5.0.45-7.el5.ppc64.rpm mysql-server-5.0.45-7.el5.ppc.rpm mysql-server-5.0.45-7.el5.ppc64.rpm mysql-test-5.0.45-7.el5.ppc.rpm s390x: mysql-5.0.45-7.el5.s390.rpm mysql-5.0.45-7.el5.s390x.rpm mysql-bench-5.0.45-7.el5.s390x.rpm mysql-debuginfo-5.0.45-7.el5.s390.rpm mysql-debuginfo-5.0.45-7.el5.s390x.rpm mysql-devel-5.0.45-7.el5.s390.rpm mysql-devel-5.0.45-7.el5.s390x.rpm mysql-server-5.0.45-7.el5.s390x.rpm mysql-test-5.0.45-7.el5.s390x.rpm x86_64: mysql-5.0.45-7.el5.i386.rpm mysql-5.0.45-7.el5.x86_64.rpm mysql-bench-5.0.45-7.el5.x86_64.rpm mysql-debuginfo-5.0.45-7.el5.i386.rpm mysql-debuginfo-5.0.45-7.el5.x86_64.rpm mysql-devel-5.0.45-7.el5.i386.rpm mysql-devel-5.0.45-7.el5.x86_64.rpm mysql-server-5.0.45-7.el5.x86_64.rpm mysql-test-5.0.45-7.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3782 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFINDIQXlSAg2UNWIIRAhSDAKCa1Uw5WVz5C0KGevCBV25X9G/GBgCfcKaD fEYwviVL9nFgEYQ3wbBPU0Y= =ZmS0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 14:31:28 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 10:31:28 -0400 Subject: [RHSA-2008:0389-02] Low: nss_ldap security and bug fix update Message-ID: <200805211431.m4LEVSaU030806@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: nss_ldap security and bug fix update Advisory ID: RHSA-2008:0389-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0389.html Issue date: 2008-05-20 Updated on: 2008-05-21 Keywords: dns thread port rebuild exop referral CVE Names: CVE-2007-5794 ===================================================================== 1. Summary: An updated nss_ldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap module is a plug-in which allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows PAM-aware applications to use a directory server to verify user passwords. A race condition was discovered in nss_ldap which affected certain applications which make LDAP connections, such as Dovecot. This could cause nss_ldap to answer a request for information about one user with information about a different user. (CVE-2007-5794) In addition, these updated packages fix the following bugs: * a build error prevented the nss_ldap module from being able to use DNS to discover the location of a directory server. For example, when the /etc/nsswitch.conf configuration file was configured to use "ldap", but no "host" or "uri" option was configured in the /etc/ldap.conf configuration file, no directory server was contacted, and no results were returned. * the "port" option in the /etc/ldap.conf configuration file on client machines was ignored. For example, if a directory server which you were attempting to use was listening on a non-default port (i.e. not ports 389 or 636), it was only possible to use that directory server by including the port number in the "uri" option. In this updated package, the "port" option works as expected. * pam_ldap failed to change an expired password if it had to follow a referral to do so, which could occur, for example, when using a slave directory server in a replicated environment. An error such as the following occurred after entering a new password: "LDAP password information update failed: Can't contact LDAP server Insufficient 'write' privilege to the 'userPassword' attribute" This has been resolved in this updated package. * when the "pam_password exop_send_old" password-change method was configured in the /etc/ldap.conf configuration file, a logic error in the pam_ldap module caused client machines to attempt to change a user's password twice. First, the pam_ldap module attempted to change the password using the "exop" request, and then again using an LDAP modify request. * on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when the krb5-*-1.6.1-17.el5 packages were installed failed due to an error such as the following: + /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so dlopen() of "././nss_ldap-253/nss_ldap.so" failed: ./././nss_ldap-253/nss_ldap.so: undefined symbol: request_key error: Bad exit status from /var/tmp/rpm-tmp.62652 (%build) The missing libraries have been added, which resolves this issue. When recursively enumerating the set of members in a given group, the module would allocate insufficient space for storing the set of member names if the group itself contained other groups, thus corrupting the heap. This update includes a backported fix for this bug. Users of nss_ldap should upgrade to these updated packages, which contain backported patches to correct this issue and fix these bugs. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 254172 - Automatic DNS discovery of the LDAP server does not work 364501 - pam_ldap tries to change passwords twice 367461 - CVE-2007-5794 nss_ldap randomly replying with wrong user's data 427370 - RHEL 5.1 nss_ldap does not build with RHEL 5.1 krb5 packages 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss_ldap-253-12.el5.src.rpm i386: nss_ldap-253-12.el5.i386.rpm nss_ldap-debuginfo-253-12.el5.i386.rpm x86_64: nss_ldap-253-12.el5.i386.rpm nss_ldap-253-12.el5.x86_64.rpm nss_ldap-debuginfo-253-12.el5.i386.rpm nss_ldap-debuginfo-253-12.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss_ldap-253-12.el5.src.rpm i386: nss_ldap-253-12.el5.i386.rpm nss_ldap-debuginfo-253-12.el5.i386.rpm ia64: nss_ldap-253-12.el5.i386.rpm nss_ldap-253-12.el5.ia64.rpm nss_ldap-debuginfo-253-12.el5.i386.rpm nss_ldap-debuginfo-253-12.el5.ia64.rpm ppc: nss_ldap-253-12.el5.ppc.rpm nss_ldap-253-12.el5.ppc64.rpm nss_ldap-debuginfo-253-12.el5.ppc.rpm nss_ldap-debuginfo-253-12.el5.ppc64.rpm s390x: nss_ldap-253-12.el5.s390.rpm nss_ldap-253-12.el5.s390x.rpm nss_ldap-debuginfo-253-12.el5.s390.rpm nss_ldap-debuginfo-253-12.el5.s390x.rpm x86_64: nss_ldap-253-12.el5.i386.rpm nss_ldap-253-12.el5.x86_64.rpm nss_ldap-debuginfo-253-12.el5.i386.rpm nss_ldap-debuginfo-253-12.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFINDI3XlSAg2UNWIIRApZPAJ9Kf+xkClLPFcxM+DsAGRJ81cIT8ACgh419 X1FNfKJ0Jq3S2cGXVoxUr0g= =86EC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 14:31:51 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2008 10:31:51 -0400 Subject: [RHSA-2008:0485-02] Low: compiz security update Message-ID: <200805211431.m4LEVpkh030861@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: compiz security update Advisory ID: RHSA-2008:0485-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0485.html Issue date: 2008-05-20 Updated on: 2008-05-21 CVE Names: CVE-2007-3920 ===================================================================== 1. Summary: Updated compiz packages that prevent Compiz from breaking screen saver grabs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Compiz is an OpenGL-based window and compositing manager. Most screen savers create a top-level fullscreen window to cover the desktop, and grab the input with that window. Compiz has an option to un-redirect that window, but in some cases, this breaks the grab and compromises the locked screen. (CVE-2007-3920) Users of compiz are advised to upgrade to these updated packages, which remove this option to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 350271 - CVE-2007-3920 gnome-screensaver loses keyboard grab when running under compiz 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/compiz-0.0.13-0.37.20060817git.el5.src.rpm i386: compiz-0.0.13-0.37.20060817git.el5.i386.rpm compiz-debuginfo-0.0.13-0.37.20060817git.el5.i386.rpm x86_64: compiz-0.0.13-0.37.20060817git.el5.x86_64.rpm compiz-debuginfo-0.0.13-0.37.20060817git.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/compiz-0.0.13-0.37.20060817git.el5.src.rpm i386: compiz-debuginfo-0.0.13-0.37.20060817git.el5.i386.rpm compiz-devel-0.0.13-0.37.20060817git.el5.i386.rpm x86_64: compiz-debuginfo-0.0.13-0.37.20060817git.el5.i386.rpm compiz-debuginfo-0.0.13-0.37.20060817git.el5.x86_64.rpm compiz-devel-0.0.13-0.37.20060817git.el5.i386.rpm compiz-devel-0.0.13-0.37.20060817git.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/compiz-0.0.13-0.37.20060817git.el5.src.rpm i386: compiz-0.0.13-0.37.20060817git.el5.i386.rpm compiz-debuginfo-0.0.13-0.37.20060817git.el5.i386.rpm compiz-devel-0.0.13-0.37.20060817git.el5.i386.rpm x86_64: compiz-0.0.13-0.37.20060817git.el5.x86_64.rpm compiz-debuginfo-0.0.13-0.37.20060817git.el5.i386.rpm compiz-debuginfo-0.0.13-0.37.20060817git.el5.x86_64.rpm compiz-devel-0.0.13-0.37.20060817git.el5.i386.rpm compiz-devel-0.0.13-0.37.20060817git.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3920 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFINDJFXlSAg2UNWIIRAmhtAJ4+Qkry9zyKqInzYmOzksD0Td5ynwCcDqNz iwP0IqfWI74iK0MqC0VAY5g= =fZRQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 28 11:06:56 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 May 2008 07:06:56 -0400 Subject: [RHSA-2008:0288-01] Critical: samba security update Message-ID: <200805281106.m4SB6uME027151@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2008:0288-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0288.html Issue date: 2008-05-28 CVE Names: CVE-2008-1105 ===================================================================== 1. Summary: Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 446724 - CVE-2008-1105 Samba client buffer overflow 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/samba-2.2.12-1.21as.9.3.src.rpm i386: samba-2.2.12-1.21as.9.3.i386.rpm samba-client-2.2.12-1.21as.9.3.i386.rpm samba-common-2.2.12-1.21as.9.3.i386.rpm samba-swat-2.2.12-1.21as.9.3.i386.rpm ia64: samba-2.2.12-1.21as.9.3.ia64.rpm samba-client-2.2.12-1.21as.9.3.ia64.rpm samba-common-2.2.12-1.21as.9.3.ia64.rpm samba-swat-2.2.12-1.21as.9.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/samba-2.2.12-1.21as.9.3.src.rpm ia64: samba-2.2.12-1.21as.9.3.ia64.rpm samba-client-2.2.12-1.21as.9.3.ia64.rpm samba-common-2.2.12-1.21as.9.3.ia64.rpm samba-swat-2.2.12-1.21as.9.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/samba-2.2.12-1.21as.9.3.src.rpm i386: samba-2.2.12-1.21as.9.3.i386.rpm samba-client-2.2.12-1.21as.9.3.i386.rpm samba-common-2.2.12-1.21as.9.3.i386.rpm samba-swat-2.2.12-1.21as.9.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/samba-2.2.12-1.21as.9.3.src.rpm i386: samba-2.2.12-1.21as.9.3.i386.rpm samba-client-2.2.12-1.21as.9.3.i386.rpm samba-common-2.2.12-1.21as.9.3.i386.rpm samba-swat-2.2.12-1.21as.9.3.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.9-1.3E.15.src.rpm i386: samba-3.0.9-1.3E.15.i386.rpm samba-client-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-swat-3.0.9-1.3E.15.i386.rpm ia64: samba-3.0.9-1.3E.15.i386.rpm samba-3.0.9-1.3E.15.ia64.rpm samba-client-3.0.9-1.3E.15.ia64.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.ia64.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.ia64.rpm samba-swat-3.0.9-1.3E.15.ia64.rpm ppc: samba-3.0.9-1.3E.15.ppc.rpm samba-3.0.9-1.3E.15.ppc64.rpm samba-client-3.0.9-1.3E.15.ppc.rpm samba-common-3.0.9-1.3E.15.ppc.rpm samba-common-3.0.9-1.3E.15.ppc64.rpm samba-debuginfo-3.0.9-1.3E.15.ppc.rpm samba-debuginfo-3.0.9-1.3E.15.ppc64.rpm samba-swat-3.0.9-1.3E.15.ppc.rpm s390: samba-3.0.9-1.3E.15.s390.rpm samba-client-3.0.9-1.3E.15.s390.rpm samba-common-3.0.9-1.3E.15.s390.rpm samba-debuginfo-3.0.9-1.3E.15.s390.rpm samba-swat-3.0.9-1.3E.15.s390.rpm s390x: samba-3.0.9-1.3E.15.s390.rpm samba-3.0.9-1.3E.15.s390x.rpm samba-client-3.0.9-1.3E.15.s390x.rpm samba-common-3.0.9-1.3E.15.s390.rpm samba-common-3.0.9-1.3E.15.s390x.rpm samba-debuginfo-3.0.9-1.3E.15.s390.rpm samba-debuginfo-3.0.9-1.3E.15.s390x.rpm samba-swat-3.0.9-1.3E.15.s390x.rpm x86_64: samba-3.0.9-1.3E.15.i386.rpm samba-3.0.9-1.3E.15.x86_64.rpm samba-client-3.0.9-1.3E.15.x86_64.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.x86_64.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.x86_64.rpm samba-swat-3.0.9-1.3E.15.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.9-1.3E.15.src.rpm i386: samba-3.0.9-1.3E.15.i386.rpm samba-client-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-swat-3.0.9-1.3E.15.i386.rpm x86_64: samba-3.0.9-1.3E.15.i386.rpm samba-3.0.9-1.3E.15.x86_64.rpm samba-client-3.0.9-1.3E.15.x86_64.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.x86_64.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.x86_64.rpm samba-swat-3.0.9-1.3E.15.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.9-1.3E.15.src.rpm i386: samba-3.0.9-1.3E.15.i386.rpm samba-client-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-swat-3.0.9-1.3E.15.i386.rpm ia64: samba-3.0.9-1.3E.15.i386.rpm samba-3.0.9-1.3E.15.ia64.rpm samba-client-3.0.9-1.3E.15.ia64.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.ia64.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.ia64.rpm samba-swat-3.0.9-1.3E.15.ia64.rpm x86_64: samba-3.0.9-1.3E.15.i386.rpm samba-3.0.9-1.3E.15.x86_64.rpm samba-client-3.0.9-1.3E.15.x86_64.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.x86_64.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.x86_64.rpm samba-swat-3.0.9-1.3E.15.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.9-1.3E.15.src.rpm i386: samba-3.0.9-1.3E.15.i386.rpm samba-client-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-swat-3.0.9-1.3E.15.i386.rpm ia64: samba-3.0.9-1.3E.15.i386.rpm samba-3.0.9-1.3E.15.ia64.rpm samba-client-3.0.9-1.3E.15.ia64.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.ia64.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.ia64.rpm samba-swat-3.0.9-1.3E.15.ia64.rpm x86_64: samba-3.0.9-1.3E.15.i386.rpm samba-3.0.9-1.3E.15.x86_64.rpm samba-client-3.0.9-1.3E.15.x86_64.rpm samba-common-3.0.9-1.3E.15.i386.rpm samba-common-3.0.9-1.3E.15.x86_64.rpm samba-debuginfo-3.0.9-1.3E.15.i386.rpm samba-debuginfo-3.0.9-1.3E.15.x86_64.rpm samba-swat-3.0.9-1.3E.15.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.25b-1.el4_6.5.src.rpm i386: samba-3.0.25b-1.el4_6.5.i386.rpm samba-client-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-swat-3.0.25b-1.el4_6.5.i386.rpm ia64: samba-3.0.25b-1.el4_6.5.ia64.rpm samba-client-3.0.25b-1.el4_6.5.ia64.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.ia64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.ia64.rpm samba-swat-3.0.25b-1.el4_6.5.ia64.rpm ppc: samba-3.0.25b-1.el4_6.5.ppc.rpm samba-client-3.0.25b-1.el4_6.5.ppc.rpm samba-common-3.0.25b-1.el4_6.5.ppc.rpm samba-common-3.0.25b-1.el4_6.5.ppc64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.ppc.rpm samba-debuginfo-3.0.25b-1.el4_6.5.ppc64.rpm samba-swat-3.0.25b-1.el4_6.5.ppc.rpm s390: samba-3.0.25b-1.el4_6.5.s390.rpm samba-client-3.0.25b-1.el4_6.5.s390.rpm samba-common-3.0.25b-1.el4_6.5.s390.rpm samba-debuginfo-3.0.25b-1.el4_6.5.s390.rpm samba-swat-3.0.25b-1.el4_6.5.s390.rpm s390x: samba-3.0.25b-1.el4_6.5.s390x.rpm samba-client-3.0.25b-1.el4_6.5.s390x.rpm samba-common-3.0.25b-1.el4_6.5.s390.rpm samba-common-3.0.25b-1.el4_6.5.s390x.rpm samba-debuginfo-3.0.25b-1.el4_6.5.s390.rpm samba-debuginfo-3.0.25b-1.el4_6.5.s390x.rpm samba-swat-3.0.25b-1.el4_6.5.s390x.rpm x86_64: samba-3.0.25b-1.el4_6.5.x86_64.rpm samba-client-3.0.25b-1.el4_6.5.x86_64.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.x86_64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.x86_64.rpm samba-swat-3.0.25b-1.el4_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/samba-3.0.25b-1.el4_6.5.src.rpm i386: samba-3.0.25b-1.el4_6.5.i386.rpm samba-client-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-swat-3.0.25b-1.el4_6.5.i386.rpm x86_64: samba-3.0.25b-1.el4_6.5.x86_64.rpm samba-client-3.0.25b-1.el4_6.5.x86_64.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.x86_64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.x86_64.rpm samba-swat-3.0.25b-1.el4_6.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.25b-1.el4_6.5.src.rpm i386: samba-3.0.25b-1.el4_6.5.i386.rpm samba-client-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-swat-3.0.25b-1.el4_6.5.i386.rpm ia64: samba-3.0.25b-1.el4_6.5.ia64.rpm samba-client-3.0.25b-1.el4_6.5.ia64.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.ia64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.ia64.rpm samba-swat-3.0.25b-1.el4_6.5.ia64.rpm x86_64: samba-3.0.25b-1.el4_6.5.x86_64.rpm samba-client-3.0.25b-1.el4_6.5.x86_64.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.x86_64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.x86_64.rpm samba-swat-3.0.25b-1.el4_6.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/samba-3.0.25b-1.el4_6.5.src.rpm i386: samba-3.0.25b-1.el4_6.5.i386.rpm samba-client-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-swat-3.0.25b-1.el4_6.5.i386.rpm ia64: samba-3.0.25b-1.el4_6.5.ia64.rpm samba-client-3.0.25b-1.el4_6.5.ia64.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.ia64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.ia64.rpm samba-swat-3.0.25b-1.el4_6.5.ia64.rpm x86_64: samba-3.0.25b-1.el4_6.5.x86_64.rpm samba-client-3.0.25b-1.el4_6.5.x86_64.rpm samba-common-3.0.25b-1.el4_6.5.i386.rpm samba-common-3.0.25b-1.el4_6.5.x86_64.rpm samba-debuginfo-3.0.25b-1.el4_6.5.i386.rpm samba-debuginfo-3.0.25b-1.el4_6.5.x86_64.rpm samba-swat-3.0.25b-1.el4_6.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIPTyzXlSAg2UNWIIRAu3pAJ9Dv0aumYX9Cj3fEVeYEmG7EhDPsACePUUg /bz+nxUKpfRlI7/Cut90x3c= =qOCo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 28 11:11:22 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 May 2008 07:11:22 -0400 Subject: [RHSA-2008:0289-01] Critical: samba security update Message-ID: <200805281111.m4SBBMhb027924@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2008:0289-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0289.html Issue date: 2008-05-28 CVE Names: CVE-2008-1105 ===================================================================== 1. Summary: Updated samba packages that fix a security issue are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 446724 - CVE-2008-1105 Samba client buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4.5.z: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.3.src.rpm i386: samba-3.0.10-2.el4_5.3.i386.rpm samba-client-3.0.10-2.el4_5.3.i386.rpm samba-common-3.0.10-2.el4_5.3.i386.rpm samba-debuginfo-3.0.10-2.el4_5.3.i386.rpm samba-swat-3.0.10-2.el4_5.3.i386.rpm ia64: samba-3.0.10-2.el4_5.3.ia64.rpm samba-client-3.0.10-2.el4_5.3.ia64.rpm samba-common-3.0.10-2.el4_5.3.i386.rpm samba-common-3.0.10-2.el4_5.3.ia64.rpm samba-debuginfo-3.0.10-2.el4_5.3.i386.rpm samba-debuginfo-3.0.10-2.el4_5.3.ia64.rpm samba-swat-3.0.10-2.el4_5.3.ia64.rpm ppc: samba-3.0.10-2.el4_5.3.ppc.rpm samba-client-3.0.10-2.el4_5.3.ppc.rpm samba-common-3.0.10-2.el4_5.3.ppc.rpm samba-common-3.0.10-2.el4_5.3.ppc64.rpm samba-debuginfo-3.0.10-2.el4_5.3.ppc.rpm samba-debuginfo-3.0.10-2.el4_5.3.ppc64.rpm samba-swat-3.0.10-2.el4_5.3.ppc.rpm s390: samba-3.0.10-2.el4_5.3.s390.rpm samba-client-3.0.10-2.el4_5.3.s390.rpm samba-common-3.0.10-2.el4_5.3.s390.rpm samba-debuginfo-3.0.10-2.el4_5.3.s390.rpm samba-swat-3.0.10-2.el4_5.3.s390.rpm s390x: samba-3.0.10-2.el4_5.3.s390x.rpm samba-client-3.0.10-2.el4_5.3.s390x.rpm samba-common-3.0.10-2.el4_5.3.s390.rpm samba-common-3.0.10-2.el4_5.3.s390x.rpm samba-debuginfo-3.0.10-2.el4_5.3.s390.rpm samba-debuginfo-3.0.10-2.el4_5.3.s390x.rpm samba-swat-3.0.10-2.el4_5.3.s390x.rpm x86_64: samba-3.0.10-2.el4_5.3.x86_64.rpm samba-client-3.0.10-2.el4_5.3.x86_64.rpm samba-common-3.0.10-2.el4_5.3.i386.rpm samba-common-3.0.10-2.el4_5.3.x86_64.rpm samba-debuginfo-3.0.10-2.el4_5.3.i386.rpm samba-debuginfo-3.0.10-2.el4_5.3.x86_64.rpm samba-swat-3.0.10-2.el4_5.3.x86_64.rpm Red Hat Enterprise Linux ES version 4.5.z: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.3.src.rpm i386: samba-3.0.10-2.el4_5.3.i386.rpm samba-client-3.0.10-2.el4_5.3.i386.rpm samba-common-3.0.10-2.el4_5.3.i386.rpm samba-debuginfo-3.0.10-2.el4_5.3.i386.rpm samba-swat-3.0.10-2.el4_5.3.i386.rpm ia64: samba-3.0.10-2.el4_5.3.ia64.rpm samba-client-3.0.10-2.el4_5.3.ia64.rpm samba-common-3.0.10-2.el4_5.3.i386.rpm samba-common-3.0.10-2.el4_5.3.ia64.rpm samba-debuginfo-3.0.10-2.el4_5.3.i386.rpm samba-debuginfo-3.0.10-2.el4_5.3.ia64.rpm samba-swat-3.0.10-2.el4_5.3.ia64.rpm x86_64: samba-3.0.10-2.el4_5.3.x86_64.rpm samba-client-3.0.10-2.el4_5.3.x86_64.rpm samba-common-3.0.10-2.el4_5.3.i386.rpm samba-common-3.0.10-2.el4_5.3.x86_64.rpm samba-debuginfo-3.0.10-2.el4_5.3.i386.rpm samba-debuginfo-3.0.10-2.el4_5.3.x86_64.rpm samba-swat-3.0.10-2.el4_5.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIPT3VXlSAg2UNWIIRAtsZAJ0cVISthJMXoiZuLOelKm3N/hHYiACfVQzJ pvZ3dbagE61N2RKJ0MCHpIw= =xsKf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 28 11:30:04 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 May 2008 07:30:04 -0400 Subject: [RHSA-2008:0290-01] Critical: samba security and bug fix update Message-ID: <200805281130.m4SBU52c030771@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security and bug fix update Advisory ID: RHSA-2008:0290-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0290.html Issue date: 2008-05-28 CVE Names: CVE-2008-1105 ===================================================================== 1. Summary: Updated samba packages that fix a security issue and two bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. This update also addresses two issues which prevented Samba from joining certain Windows domains with tightened security policies, and prevented certain signed SMB content from working as expected: * when some Windows? 2000-based domain controllers were set to use mandatory signing, Samba clients would drop the connection because of an error when generating signatures. This presented as a "Server packet had invalid SMB signature" error to the Samba client. This update corrects the signature generation error. * Samba servers using the "net ads join" command to connect to a Windows Server? 2003-based domain would fail with "failed to get schannel session key from server" and "NT_STATUS_ACCESS_DENIED" errors. This update correctly binds to the NETLOGON share, allowing Samba servers to connect to the domain properly. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 444637 - Join fails with stricter w2k3 security options set 446724 - CVE-2008-1105 Samba client buffer overflow 447380 - Signing issue: "Server packet had invalid SMB signature" with some Win2K servers 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.28-1.el5_2.1.src.rpm i386: samba-3.0.28-1.el5_2.1.i386.rpm samba-client-3.0.28-1.el5_2.1.i386.rpm samba-common-3.0.28-1.el5_2.1.i386.rpm samba-debuginfo-3.0.28-1.el5_2.1.i386.rpm samba-swat-3.0.28-1.el5_2.1.i386.rpm x86_64: samba-3.0.28-1.el5_2.1.x86_64.rpm samba-client-3.0.28-1.el5_2.1.x86_64.rpm samba-common-3.0.28-1.el5_2.1.i386.rpm samba-common-3.0.28-1.el5_2.1.x86_64.rpm samba-debuginfo-3.0.28-1.el5_2.1.i386.rpm samba-debuginfo-3.0.28-1.el5_2.1.x86_64.rpm samba-swat-3.0.28-1.el5_2.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.28-1.el5_2.1.src.rpm i386: samba-3.0.28-1.el5_2.1.i386.rpm samba-client-3.0.28-1.el5_2.1.i386.rpm samba-common-3.0.28-1.el5_2.1.i386.rpm samba-debuginfo-3.0.28-1.el5_2.1.i386.rpm samba-swat-3.0.28-1.el5_2.1.i386.rpm ia64: samba-3.0.28-1.el5_2.1.ia64.rpm samba-client-3.0.28-1.el5_2.1.ia64.rpm samba-common-3.0.28-1.el5_2.1.ia64.rpm samba-debuginfo-3.0.28-1.el5_2.1.ia64.rpm samba-swat-3.0.28-1.el5_2.1.ia64.rpm ppc: samba-3.0.28-1.el5_2.1.ppc.rpm samba-client-3.0.28-1.el5_2.1.ppc.rpm samba-common-3.0.28-1.el5_2.1.ppc.rpm samba-common-3.0.28-1.el5_2.1.ppc64.rpm samba-debuginfo-3.0.28-1.el5_2.1.ppc.rpm samba-debuginfo-3.0.28-1.el5_2.1.ppc64.rpm samba-swat-3.0.28-1.el5_2.1.ppc.rpm s390x: samba-3.0.28-1.el5_2.1.s390x.rpm samba-client-3.0.28-1.el5_2.1.s390x.rpm samba-common-3.0.28-1.el5_2.1.s390.rpm samba-common-3.0.28-1.el5_2.1.s390x.rpm samba-debuginfo-3.0.28-1.el5_2.1.s390.rpm samba-debuginfo-3.0.28-1.el5_2.1.s390x.rpm samba-swat-3.0.28-1.el5_2.1.s390x.rpm x86_64: samba-3.0.28-1.el5_2.1.x86_64.rpm samba-client-3.0.28-1.el5_2.1.x86_64.rpm samba-common-3.0.28-1.el5_2.1.i386.rpm samba-common-3.0.28-1.el5_2.1.x86_64.rpm samba-debuginfo-3.0.28-1.el5_2.1.i386.rpm samba-debuginfo-3.0.28-1.el5_2.1.x86_64.rpm samba-swat-3.0.28-1.el5_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIPUI3XlSAg2UNWIIRAhGDAJ4lNlcEJ3xZtcEpKJduiWJlPxzM/wCdHMMI AEiyDpvcbh+9UshgeD/Mkxc= =P29O -----END PGP SIGNATURE-----