From bugzilla at redhat.com Mon Nov 3 15:26:32 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2008 10:26:32 -0500 Subject: [RHSA-2008:0971-01] Important: net-snmp security update Message-ID: <200811031526.mA3FQW1C015344@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: net-snmp security update Advisory ID: RHSA-2008:0971-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0971.html Issue date: 2008-11-03 CVE Names: CVE-2008-4309 ===================================================================== 1. Summary: Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash. (CVE-2008-4309) Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name "public" grants read-only access. In production deployments, it is recommended to change this default community name. All users of net-snmp should upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 469349 - CVE-2008-4309 net-snmp: numresponses calculation integer overflow in snmp_agent.c 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/net-snmp-5.0.9-2.30E.25.src.rpm i386: net-snmp-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-devel-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-perl-5.0.9-2.30E.25.i386.rpm net-snmp-utils-5.0.9-2.30E.25.i386.rpm ia64: net-snmp-5.0.9-2.30E.25.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.ia64.rpm net-snmp-devel-5.0.9-2.30E.25.ia64.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.ia64.rpm net-snmp-perl-5.0.9-2.30E.25.ia64.rpm net-snmp-utils-5.0.9-2.30E.25.ia64.rpm ppc: net-snmp-5.0.9-2.30E.25.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.25.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.25.ppc64.rpm net-snmp-devel-5.0.9-2.30E.25.ppc.rpm net-snmp-libs-5.0.9-2.30E.25.ppc.rpm net-snmp-libs-5.0.9-2.30E.25.ppc64.rpm net-snmp-perl-5.0.9-2.30E.25.ppc.rpm net-snmp-utils-5.0.9-2.30E.25.ppc.rpm s390: net-snmp-5.0.9-2.30E.25.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.25.s390.rpm net-snmp-devel-5.0.9-2.30E.25.s390.rpm net-snmp-libs-5.0.9-2.30E.25.s390.rpm net-snmp-perl-5.0.9-2.30E.25.s390.rpm net-snmp-utils-5.0.9-2.30E.25.s390.rpm s390x: net-snmp-5.0.9-2.30E.25.s390x.rpm net-snmp-debuginfo-5.0.9-2.30E.25.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.25.s390x.rpm net-snmp-devel-5.0.9-2.30E.25.s390x.rpm net-snmp-libs-5.0.9-2.30E.25.s390.rpm net-snmp-libs-5.0.9-2.30E.25.s390x.rpm net-snmp-perl-5.0.9-2.30E.25.s390x.rpm net-snmp-utils-5.0.9-2.30E.25.s390x.rpm x86_64: net-snmp-5.0.9-2.30E.25.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.x86_64.rpm net-snmp-devel-5.0.9-2.30E.25.x86_64.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.x86_64.rpm net-snmp-perl-5.0.9-2.30E.25.x86_64.rpm net-snmp-utils-5.0.9-2.30E.25.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/net-snmp-5.0.9-2.30E.25.src.rpm i386: net-snmp-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-devel-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-perl-5.0.9-2.30E.25.i386.rpm net-snmp-utils-5.0.9-2.30E.25.i386.rpm x86_64: net-snmp-5.0.9-2.30E.25.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.x86_64.rpm net-snmp-devel-5.0.9-2.30E.25.x86_64.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.x86_64.rpm net-snmp-perl-5.0.9-2.30E.25.x86_64.rpm net-snmp-utils-5.0.9-2.30E.25.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/net-snmp-5.0.9-2.30E.25.src.rpm i386: net-snmp-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-devel-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-perl-5.0.9-2.30E.25.i386.rpm net-snmp-utils-5.0.9-2.30E.25.i386.rpm ia64: net-snmp-5.0.9-2.30E.25.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.ia64.rpm net-snmp-devel-5.0.9-2.30E.25.ia64.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.ia64.rpm net-snmp-perl-5.0.9-2.30E.25.ia64.rpm net-snmp-utils-5.0.9-2.30E.25.ia64.rpm x86_64: net-snmp-5.0.9-2.30E.25.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.x86_64.rpm net-snmp-devel-5.0.9-2.30E.25.x86_64.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.x86_64.rpm net-snmp-perl-5.0.9-2.30E.25.x86_64.rpm net-snmp-utils-5.0.9-2.30E.25.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/net-snmp-5.0.9-2.30E.25.src.rpm i386: net-snmp-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-devel-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-perl-5.0.9-2.30E.25.i386.rpm net-snmp-utils-5.0.9-2.30E.25.i386.rpm ia64: net-snmp-5.0.9-2.30E.25.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.ia64.rpm net-snmp-devel-5.0.9-2.30E.25.ia64.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.ia64.rpm net-snmp-perl-5.0.9-2.30E.25.ia64.rpm net-snmp-utils-5.0.9-2.30E.25.ia64.rpm x86_64: net-snmp-5.0.9-2.30E.25.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.25.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.25.x86_64.rpm net-snmp-devel-5.0.9-2.30E.25.x86_64.rpm net-snmp-libs-5.0.9-2.30E.25.i386.rpm net-snmp-libs-5.0.9-2.30E.25.x86_64.rpm net-snmp-perl-5.0.9-2.30E.25.x86_64.rpm net-snmp-utils-5.0.9-2.30E.25.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/net-snmp-5.1.2-13.el4_7.2.src.rpm i386: net-snmp-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-devel-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-perl-5.1.2-13.el4_7.2.i386.rpm net-snmp-utils-5.1.2-13.el4_7.2.i386.rpm ia64: net-snmp-5.1.2-13.el4_7.2.ia64.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.ia64.rpm net-snmp-devel-5.1.2-13.el4_7.2.ia64.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.ia64.rpm net-snmp-perl-5.1.2-13.el4_7.2.ia64.rpm net-snmp-utils-5.1.2-13.el4_7.2.ia64.rpm ppc: net-snmp-5.1.2-13.el4_7.2.ppc.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.ppc.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.ppc64.rpm net-snmp-devel-5.1.2-13.el4_7.2.ppc.rpm net-snmp-libs-5.1.2-13.el4_7.2.ppc.rpm net-snmp-libs-5.1.2-13.el4_7.2.ppc64.rpm net-snmp-perl-5.1.2-13.el4_7.2.ppc.rpm net-snmp-utils-5.1.2-13.el4_7.2.ppc.rpm s390: net-snmp-5.1.2-13.el4_7.2.s390.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.s390.rpm net-snmp-devel-5.1.2-13.el4_7.2.s390.rpm net-snmp-libs-5.1.2-13.el4_7.2.s390.rpm net-snmp-perl-5.1.2-13.el4_7.2.s390.rpm net-snmp-utils-5.1.2-13.el4_7.2.s390.rpm s390x: net-snmp-5.1.2-13.el4_7.2.s390x.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.s390.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.s390x.rpm net-snmp-devel-5.1.2-13.el4_7.2.s390x.rpm net-snmp-libs-5.1.2-13.el4_7.2.s390.rpm net-snmp-libs-5.1.2-13.el4_7.2.s390x.rpm net-snmp-perl-5.1.2-13.el4_7.2.s390x.rpm net-snmp-utils-5.1.2-13.el4_7.2.s390x.rpm x86_64: net-snmp-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-devel-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-perl-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-utils-5.1.2-13.el4_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/net-snmp-5.1.2-13.el4_7.2.src.rpm i386: net-snmp-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-devel-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-perl-5.1.2-13.el4_7.2.i386.rpm net-snmp-utils-5.1.2-13.el4_7.2.i386.rpm x86_64: net-snmp-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-devel-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-perl-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-utils-5.1.2-13.el4_7.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/net-snmp-5.1.2-13.el4_7.2.src.rpm i386: net-snmp-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-devel-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-perl-5.1.2-13.el4_7.2.i386.rpm net-snmp-utils-5.1.2-13.el4_7.2.i386.rpm ia64: net-snmp-5.1.2-13.el4_7.2.ia64.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.ia64.rpm net-snmp-devel-5.1.2-13.el4_7.2.ia64.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.ia64.rpm net-snmp-perl-5.1.2-13.el4_7.2.ia64.rpm net-snmp-utils-5.1.2-13.el4_7.2.ia64.rpm x86_64: net-snmp-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-devel-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-perl-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-utils-5.1.2-13.el4_7.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/net-snmp-5.1.2-13.el4_7.2.src.rpm i386: net-snmp-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-devel-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-perl-5.1.2-13.el4_7.2.i386.rpm net-snmp-utils-5.1.2-13.el4_7.2.i386.rpm ia64: net-snmp-5.1.2-13.el4_7.2.ia64.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.ia64.rpm net-snmp-devel-5.1.2-13.el4_7.2.ia64.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.ia64.rpm net-snmp-perl-5.1.2-13.el4_7.2.ia64.rpm net-snmp-utils-5.1.2-13.el4_7.2.ia64.rpm x86_64: net-snmp-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.i386.rpm net-snmp-debuginfo-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-devel-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-libs-5.1.2-13.el4_7.2.i386.rpm net-snmp-libs-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-perl-5.1.2-13.el4_7.2.x86_64.rpm net-snmp-utils-5.1.2-13.el4_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/net-snmp-5.3.1-24.el5_2.2.src.rpm i386: net-snmp-5.3.1-24.el5_2.2.i386.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.i386.rpm net-snmp-libs-5.3.1-24.el5_2.2.i386.rpm net-snmp-perl-5.3.1-24.el5_2.2.i386.rpm net-snmp-utils-5.3.1-24.el5_2.2.i386.rpm x86_64: net-snmp-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.i386.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-libs-5.3.1-24.el5_2.2.i386.rpm net-snmp-libs-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-perl-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-utils-5.3.1-24.el5_2.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/net-snmp-5.3.1-24.el5_2.2.src.rpm i386: net-snmp-debuginfo-5.3.1-24.el5_2.2.i386.rpm net-snmp-devel-5.3.1-24.el5_2.2.i386.rpm x86_64: net-snmp-debuginfo-5.3.1-24.el5_2.2.i386.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-devel-5.3.1-24.el5_2.2.i386.rpm net-snmp-devel-5.3.1-24.el5_2.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/net-snmp-5.3.1-24.el5_2.2.src.rpm i386: net-snmp-5.3.1-24.el5_2.2.i386.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.i386.rpm net-snmp-devel-5.3.1-24.el5_2.2.i386.rpm net-snmp-libs-5.3.1-24.el5_2.2.i386.rpm net-snmp-perl-5.3.1-24.el5_2.2.i386.rpm net-snmp-utils-5.3.1-24.el5_2.2.i386.rpm ia64: net-snmp-5.3.1-24.el5_2.2.ia64.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.ia64.rpm net-snmp-devel-5.3.1-24.el5_2.2.ia64.rpm net-snmp-libs-5.3.1-24.el5_2.2.ia64.rpm net-snmp-perl-5.3.1-24.el5_2.2.ia64.rpm net-snmp-utils-5.3.1-24.el5_2.2.ia64.rpm ppc: net-snmp-5.3.1-24.el5_2.2.ppc.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.ppc.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.ppc64.rpm net-snmp-devel-5.3.1-24.el5_2.2.ppc.rpm net-snmp-devel-5.3.1-24.el5_2.2.ppc64.rpm net-snmp-libs-5.3.1-24.el5_2.2.ppc.rpm net-snmp-libs-5.3.1-24.el5_2.2.ppc64.rpm net-snmp-perl-5.3.1-24.el5_2.2.ppc.rpm net-snmp-utils-5.3.1-24.el5_2.2.ppc.rpm s390x: net-snmp-5.3.1-24.el5_2.2.s390x.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.s390.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.s390x.rpm net-snmp-devel-5.3.1-24.el5_2.2.s390.rpm net-snmp-devel-5.3.1-24.el5_2.2.s390x.rpm net-snmp-libs-5.3.1-24.el5_2.2.s390.rpm net-snmp-libs-5.3.1-24.el5_2.2.s390x.rpm net-snmp-perl-5.3.1-24.el5_2.2.s390x.rpm net-snmp-utils-5.3.1-24.el5_2.2.s390x.rpm x86_64: net-snmp-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.i386.rpm net-snmp-debuginfo-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-devel-5.3.1-24.el5_2.2.i386.rpm net-snmp-devel-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-libs-5.3.1-24.el5_2.2.i386.rpm net-snmp-libs-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-perl-5.3.1-24.el5_2.2.x86_64.rpm net-snmp-utils-5.3.1-24.el5_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJDxgQXlSAg2UNWIIRAojBAJ4plZxRuBN4xciXxDhgoGyfMQ4UdwCgiHPm GG4DFojqucSUrm/pOG35HOc= =gjGu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 4 13:35:18 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Nov 2008 08:35:18 -0500 Subject: [RHSA-2008:0957-02] Important: kernel security and bug fix update Message-ID: <200811041335.mA4DZIvL016850@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0957-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0957.html Issue date: 2008-11-04 CVE Names: CVE-2006-5755 CVE-2007-5907 CVE-2008-2372 CVE-2008-3276 CVE-2008-3527 CVE-2008-3833 CVE-2008-4210 CVE-2008-4302 ===================================================================== 1. Summary: Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. (CVE-2007-5907, Important) * Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges. (CVE-2008-3527, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833, Important) * a flaw was found in the Linux kernel splice implementation. This could cause a local denial of service when there is a certain failure in the add_to_page_cache_lru() function. (CVE-2008-4302, Important) * a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored. This could allow a local unprivileged user to cause a denial of service. (CVE-2006-5755, Low) * a flaw was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2372, Low) * an integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. By default, remote DCCP is blocked by SELinux. (CVE-2008-3276, Low) In addition, these updated packages fix the following bugs: * random32() seeding has been improved. * in a multi-core environment, a race between the QP async event-handler and the destro_qp() function could occur. This led to unpredictable results during invalid memory access, which could lead to a kernel crash. * a format string was omitted in the call to the request_module() function. * a stack overflow caused by an infinite recursion bug in the binfmt_misc kernel module was corrected. * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for scatterlist usage before calling kmap_atomic(). * a sentinel NUL byte was added to the device_write() function to ensure that lspace.name is NUL-terminated. * in the character device driver, a range_is_allowed() check was added to the read_mem() and write_mem() functions. It was possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. Also, the parameters of range_is_allowed() were changed to cleanly handle greater than 32-bits of physical address on 32-bit architectures. * some of the newer Nehalem-based systems declare their CPU DSDT entries as type "Alias". During boot, this caused an "Error attaching device data" message to be logged. * the evtchn event channel device lacked locks and memory barriers. This has led to xenstore becoming unresponsive on the Itanium? architecture. * sending of gratuitous ARP packets in the Xen frontend network driver is now delayed until the backend signals that its carrier status has been processed by the stack. * on forcedeth devices, whenever setting ethtool parameters for link speed, the device could stop receiving interrupts. * the CIFS 'forcedirectio' option did not allow text to be appended to files. * the gettimeofday() function returned a backwards time on Intel? 64. * residual-count corrections during UNDERRUN handling were added to the qla2xxx driver. * the fix for a small quirk was removed for certain Adaptec controllers for which it caused problems. * the "xm trigger init" command caused a domain panic if a userland application was running on a guest on the Intel? 64 architecture. Users of kernel should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 377561 - CVE-2007-5907 kernel-xen 3.1.1 does not prevent modification of the CR4 TSC from applications (DoS possible) 452666 - CVE-2008-2372 kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP 457718 - CVE-2006-5755 kernel: local denial of service due to NT bit leakage 458021 - kernel: random32: seeding improvement [rhel-5.2.z] 458759 - kernel: dlm: dlm/user.c input validation fixes [rhel-5.2.z] 458781 - LTC44618-Race possibility between QP async handler and destroy_qp() 459226 - CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow 459461 - kernel: cpufreq: fix format string bug [rhel-5.2.z] 459464 - kernel: binfmt_misc.c: avoid potential kernel stack overflow [rhel-5.2.z] 460251 - CVE-2008-3527 kernel: missing boundary checks in syscall/syscall32_nopage() 460638 - [REG][5.3] The system crashed by the NULL pointer access with kmap_atomic() of ata_scsi_rbuf_get(). 460858 - kernel: devmem: add range_is_allowed() check to mmap_mem() [rhel-5.2.z] 460868 - RHEL5.2 ACPI core bug 461099 - evtchn device lacks lock and barriers 461457 - Coordinate gratuitous ARP with backend network status 461894 - nVidia MCP55 MCP55 Ethernet (rev a3) not functional on kernel 2.6.18-53.1.4 462434 - CVE-2008-4302 kernel: splice: fix bad unlock_page() in error case 462591 - CIFS option forcedirectio fails to allow the appending of text to files. 462860 - RHEL5.3: Fix time of gettimeofday() going backward (EM64T) (*) 463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group 464450 - CVE-2008-3833 kernel: remove SUID when splicing into an inode 465741 - [QLogic 5.2.z bug] qla2xxx - Additional residual-count corrections during UNDERRUN handling. 466427 - Significant regression in time() performance 466885 - [aacraid 5.2.z] aac_srb: aac_fib_send failed with status 8195 467105 - xm trigger <domain> init causes kernel panic. 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.17.el5.src.rpm i386: kernel-2.6.18-92.1.17.el5.i686.rpm kernel-PAE-2.6.18-92.1.17.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.17.el5.i686.rpm kernel-debug-2.6.18-92.1.17.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.17.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.17.el5.i686.rpm kernel-devel-2.6.18-92.1.17.el5.i686.rpm kernel-headers-2.6.18-92.1.17.el5.i386.rpm kernel-xen-2.6.18-92.1.17.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.17.el5.i686.rpm noarch: kernel-doc-2.6.18-92.1.17.el5.noarch.rpm x86_64: kernel-2.6.18-92.1.17.el5.x86_64.rpm kernel-debug-2.6.18-92.1.17.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.17.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.17.el5.x86_64.rpm kernel-devel-2.6.18-92.1.17.el5.x86_64.rpm kernel-headers-2.6.18-92.1.17.el5.x86_64.rpm kernel-xen-2.6.18-92.1.17.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.17.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.17.el5.src.rpm i386: kernel-2.6.18-92.1.17.el5.i686.rpm kernel-PAE-2.6.18-92.1.17.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.17.el5.i686.rpm kernel-debug-2.6.18-92.1.17.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.17.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.17.el5.i686.rpm kernel-devel-2.6.18-92.1.17.el5.i686.rpm kernel-headers-2.6.18-92.1.17.el5.i386.rpm kernel-xen-2.6.18-92.1.17.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.17.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.17.el5.i686.rpm ia64: kernel-2.6.18-92.1.17.el5.ia64.rpm kernel-debug-2.6.18-92.1.17.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.17.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.17.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.17.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.17.el5.ia64.rpm kernel-devel-2.6.18-92.1.17.el5.ia64.rpm kernel-headers-2.6.18-92.1.17.el5.ia64.rpm kernel-xen-2.6.18-92.1.17.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.17.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.17.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.17.el5.noarch.rpm ppc: kernel-2.6.18-92.1.17.el5.ppc64.rpm kernel-debug-2.6.18-92.1.17.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.17.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.17.el5.ppc64.rpm kernel-devel-2.6.18-92.1.17.el5.ppc64.rpm kernel-headers-2.6.18-92.1.17.el5.ppc.rpm kernel-headers-2.6.18-92.1.17.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.17.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.17.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.17.el5.s390x.rpm kernel-debug-2.6.18-92.1.17.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.17.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.17.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.17.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.17.el5.s390x.rpm kernel-devel-2.6.18-92.1.17.el5.s390x.rpm kernel-headers-2.6.18-92.1.17.el5.s390x.rpm kernel-kdump-2.6.18-92.1.17.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.17.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.17.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.17.el5.x86_64.rpm kernel-debug-2.6.18-92.1.17.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.17.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.17.el5.x86_64.rpm kernel-devel-2.6.18-92.1.17.el5.x86_64.rpm kernel-headers-2.6.18-92.1.17.el5.x86_64.rpm kernel-xen-2.6.18-92.1.17.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.17.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJEE9kXlSAg2UNWIIRAtXuAJ9r0hH8Bfb/o53FNKpG4whntJ9RpQCeNM/f Ji64btu0eUfOmPlR5p0kq78= =x7xq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 5 11:09:35 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Nov 2008 06:09:35 -0500 Subject: [RHSA-2008:0939-00] Important: openoffice.org security update Message-ID: <200811051109.mA5B9ZKr012765@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2008:0939-00 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0939.html Issue date: 2008-11-05 CVE Names: CVE-2008-2237 CVE-2008-2238 ===================================================================== 1. Summary: Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, x86_64 Red Hat Enterprise Linux WS version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. SureRun Security Team discovered an integer overflow flaw leading to a heap buffer overflow in the Windows Metafile (WMF) image format parser. An attacker could create a carefully crafted document containing a malicious WMF file that could cause OpenOffice.org to crash, or, possibly, execute arbitrary code if opened by a victim. (CVE-2008-2237) Multiple integer overflow flaws were found in the Enhanced Windows Metafile (EMF) parser. An attacker could create a carefully crafted document containing a malicious EMF file that could cause OpenOffice.org to crash, or, possibly, execute arbitrary code if opened by a victim. (CVE-2008-2238) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 462639 - CVE-2008-2237 OpenOffice.org WMF integer overflow 466528 - CVE-2008-2238 OpenOffice.org multiple EMF buffer overflows 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-43.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-43.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-43.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-43.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-43.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-43.2.0.EL3.i386.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm ppc: openoffice.org-1.1.5-10.6.0.7.EL4.ppc.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.ppc.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.ppc.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.ppc.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.ppc.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.ppc.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.ppc.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.i386.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.3.0-6.5.4.el5_2.src.rpm i386: openoffice.org-base-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-calc-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-core-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-debuginfo-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-draw-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-emailmerge-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-graphicfilter-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-headless-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-impress-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-javafilter-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ar-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-bn-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-de-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-es-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-fr-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-it-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nl-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ru-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sv-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ur-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-math-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-pyuno-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-testtools-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-writer-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-xsltfilter-2.3.0-6.5.4.el5_2.i386.rpm x86_64: openoffice.org-base-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-calc-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-core-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-debuginfo-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-draw-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-emailmerge-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-graphicfilter-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-headless-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-impress-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-javafilter-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ar-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-bn-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-de-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-es-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-fr-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-it-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nl-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ru-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sv-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ur-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-math-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-pyuno-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-testtools-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-writer-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-xsltfilter-2.3.0-6.5.4.el5_2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.3.0-6.5.4.el5_2.src.rpm i386: openoffice.org-debuginfo-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-sdk-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-sdk-doc-2.3.0-6.5.4.el5_2.i386.rpm x86_64: openoffice.org-debuginfo-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-sdk-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-sdk-doc-2.3.0-6.5.4.el5_2.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-2.3.0-6.5.4.el5_2.src.rpm i386: openoffice.org-base-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-calc-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-core-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-debuginfo-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-draw-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-emailmerge-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-graphicfilter-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-headless-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-impress-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-javafilter-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ar-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-bn-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-de-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-es-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-fr-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-it-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nl-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ru-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-sv-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ur-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-math-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-pyuno-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-sdk-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-sdk-doc-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-testtools-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-writer-2.3.0-6.5.4.el5_2.i386.rpm openoffice.org-xsltfilter-2.3.0-6.5.4.el5_2.i386.rpm x86_64: openoffice.org-base-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-calc-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-core-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-debuginfo-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-draw-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-emailmerge-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-graphicfilter-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-headless-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-impress-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-javafilter-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-af_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ar-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-as_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-bg_BG-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-bn-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ca_ES-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-cy_GB-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-da_DK-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-de-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-el_GR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-es-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-et_EE-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-eu_ES-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-fi_FI-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-fr-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ga_IE-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-gl_ES-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-gu_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-he_IL-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-hi_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-hr_HR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-hu_HU-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-it-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ja_JP-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-kn_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ko_KR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-lt_LT-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ml_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-mr_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ms_MY-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nb_NO-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nl-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nn_NO-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-or_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pa_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pl_PL-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pt_BR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-pt_PT-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ru-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sk_SK-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sl_SI-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sr_CS-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-st_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-sv-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ta_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-te_IN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-th_TH-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-tr_TR-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ur-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-zh_CN-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-zh_TW-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-math-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-pyuno-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-sdk-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-sdk-doc-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-testtools-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-writer-2.3.0-6.5.4.el5_2.x86_64.rpm openoffice.org-xsltfilter-2.3.0-6.5.4.el5_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2238 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJEX6/XlSAg2UNWIIRAsWMAKCXmDDiuuhhIVhfARwIQzAHIjoNMgCgm/Qw SjEcXg3APow1qfRQl+0/k5Y= =SsJH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 11 18:27:32 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Nov 2008 13:27:32 -0500 Subject: [RHSA-2008:0967-01] Moderate: httpd security and bug fix update Message-ID: <200811111827.mABIRWwG009084@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2008:0967-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0967.html Issue date: 2008-11-11 CVE Names: CVE-2008-2364 CVE-2008-2939 ===================================================================== 1. Summary: Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the "ProxyRemoteMatch" directive in the Red Hat Enterprise Linux 4 httpd packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red Hat Enterprise Linux 5 packages. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server 458250 - CVE-2008-2939 httpd: mod_proxy_ftp globbing XSS 464492 - mod_proxy: ProxyRemoteMatch uses remote proxy if regex does *not* match 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-71.ent.src.rpm i386: httpd-2.0.46-71.ent.i386.rpm httpd-debuginfo-2.0.46-71.ent.i386.rpm httpd-devel-2.0.46-71.ent.i386.rpm mod_ssl-2.0.46-71.ent.i386.rpm ia64: httpd-2.0.46-71.ent.ia64.rpm httpd-debuginfo-2.0.46-71.ent.ia64.rpm httpd-devel-2.0.46-71.ent.ia64.rpm mod_ssl-2.0.46-71.ent.ia64.rpm ppc: httpd-2.0.46-71.ent.ppc.rpm httpd-debuginfo-2.0.46-71.ent.ppc.rpm httpd-devel-2.0.46-71.ent.ppc.rpm mod_ssl-2.0.46-71.ent.ppc.rpm s390: httpd-2.0.46-71.ent.s390.rpm httpd-debuginfo-2.0.46-71.ent.s390.rpm httpd-devel-2.0.46-71.ent.s390.rpm mod_ssl-2.0.46-71.ent.s390.rpm s390x: httpd-2.0.46-71.ent.s390x.rpm httpd-debuginfo-2.0.46-71.ent.s390x.rpm httpd-devel-2.0.46-71.ent.s390x.rpm mod_ssl-2.0.46-71.ent.s390x.rpm x86_64: httpd-2.0.46-71.ent.x86_64.rpm httpd-debuginfo-2.0.46-71.ent.x86_64.rpm httpd-devel-2.0.46-71.ent.x86_64.rpm mod_ssl-2.0.46-71.ent.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-71.ent.src.rpm i386: httpd-2.0.46-71.ent.i386.rpm httpd-debuginfo-2.0.46-71.ent.i386.rpm httpd-devel-2.0.46-71.ent.i386.rpm mod_ssl-2.0.46-71.ent.i386.rpm x86_64: httpd-2.0.46-71.ent.x86_64.rpm httpd-debuginfo-2.0.46-71.ent.x86_64.rpm httpd-devel-2.0.46-71.ent.x86_64.rpm mod_ssl-2.0.46-71.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-71.ent.src.rpm i386: httpd-2.0.46-71.ent.i386.rpm httpd-debuginfo-2.0.46-71.ent.i386.rpm httpd-devel-2.0.46-71.ent.i386.rpm mod_ssl-2.0.46-71.ent.i386.rpm ia64: httpd-2.0.46-71.ent.ia64.rpm httpd-debuginfo-2.0.46-71.ent.ia64.rpm httpd-devel-2.0.46-71.ent.ia64.rpm mod_ssl-2.0.46-71.ent.ia64.rpm x86_64: httpd-2.0.46-71.ent.x86_64.rpm httpd-debuginfo-2.0.46-71.ent.x86_64.rpm httpd-devel-2.0.46-71.ent.x86_64.rpm mod_ssl-2.0.46-71.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-71.ent.src.rpm i386: httpd-2.0.46-71.ent.i386.rpm httpd-debuginfo-2.0.46-71.ent.i386.rpm httpd-devel-2.0.46-71.ent.i386.rpm mod_ssl-2.0.46-71.ent.i386.rpm ia64: httpd-2.0.46-71.ent.ia64.rpm httpd-debuginfo-2.0.46-71.ent.ia64.rpm httpd-devel-2.0.46-71.ent.ia64.rpm mod_ssl-2.0.46-71.ent.ia64.rpm x86_64: httpd-2.0.46-71.ent.x86_64.rpm httpd-debuginfo-2.0.46-71.ent.x86_64.rpm httpd-devel-2.0.46-71.ent.x86_64.rpm mod_ssl-2.0.46-71.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-41.ent.2.src.rpm i386: httpd-2.0.52-41.ent.2.i386.rpm httpd-debuginfo-2.0.52-41.ent.2.i386.rpm httpd-devel-2.0.52-41.ent.2.i386.rpm httpd-manual-2.0.52-41.ent.2.i386.rpm httpd-suexec-2.0.52-41.ent.2.i386.rpm mod_ssl-2.0.52-41.ent.2.i386.rpm ia64: httpd-2.0.52-41.ent.2.ia64.rpm httpd-debuginfo-2.0.52-41.ent.2.ia64.rpm httpd-devel-2.0.52-41.ent.2.ia64.rpm httpd-manual-2.0.52-41.ent.2.ia64.rpm httpd-suexec-2.0.52-41.ent.2.ia64.rpm mod_ssl-2.0.52-41.ent.2.ia64.rpm ppc: httpd-2.0.52-41.ent.2.ppc.rpm httpd-debuginfo-2.0.52-41.ent.2.ppc.rpm httpd-devel-2.0.52-41.ent.2.ppc.rpm httpd-manual-2.0.52-41.ent.2.ppc.rpm httpd-suexec-2.0.52-41.ent.2.ppc.rpm mod_ssl-2.0.52-41.ent.2.ppc.rpm s390: httpd-2.0.52-41.ent.2.s390.rpm httpd-debuginfo-2.0.52-41.ent.2.s390.rpm httpd-devel-2.0.52-41.ent.2.s390.rpm httpd-manual-2.0.52-41.ent.2.s390.rpm httpd-suexec-2.0.52-41.ent.2.s390.rpm mod_ssl-2.0.52-41.ent.2.s390.rpm s390x: httpd-2.0.52-41.ent.2.s390x.rpm httpd-debuginfo-2.0.52-41.ent.2.s390x.rpm httpd-devel-2.0.52-41.ent.2.s390x.rpm httpd-manual-2.0.52-41.ent.2.s390x.rpm httpd-suexec-2.0.52-41.ent.2.s390x.rpm mod_ssl-2.0.52-41.ent.2.s390x.rpm x86_64: httpd-2.0.52-41.ent.2.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.2.x86_64.rpm httpd-devel-2.0.52-41.ent.2.x86_64.rpm httpd-manual-2.0.52-41.ent.2.x86_64.rpm httpd-suexec-2.0.52-41.ent.2.x86_64.rpm mod_ssl-2.0.52-41.ent.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-41.ent.2.src.rpm i386: httpd-2.0.52-41.ent.2.i386.rpm httpd-debuginfo-2.0.52-41.ent.2.i386.rpm httpd-devel-2.0.52-41.ent.2.i386.rpm httpd-manual-2.0.52-41.ent.2.i386.rpm httpd-suexec-2.0.52-41.ent.2.i386.rpm mod_ssl-2.0.52-41.ent.2.i386.rpm x86_64: httpd-2.0.52-41.ent.2.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.2.x86_64.rpm httpd-devel-2.0.52-41.ent.2.x86_64.rpm httpd-manual-2.0.52-41.ent.2.x86_64.rpm httpd-suexec-2.0.52-41.ent.2.x86_64.rpm mod_ssl-2.0.52-41.ent.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-41.ent.2.src.rpm i386: httpd-2.0.52-41.ent.2.i386.rpm httpd-debuginfo-2.0.52-41.ent.2.i386.rpm httpd-devel-2.0.52-41.ent.2.i386.rpm httpd-manual-2.0.52-41.ent.2.i386.rpm httpd-suexec-2.0.52-41.ent.2.i386.rpm mod_ssl-2.0.52-41.ent.2.i386.rpm ia64: httpd-2.0.52-41.ent.2.ia64.rpm httpd-debuginfo-2.0.52-41.ent.2.ia64.rpm httpd-devel-2.0.52-41.ent.2.ia64.rpm httpd-manual-2.0.52-41.ent.2.ia64.rpm httpd-suexec-2.0.52-41.ent.2.ia64.rpm mod_ssl-2.0.52-41.ent.2.ia64.rpm x86_64: httpd-2.0.52-41.ent.2.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.2.x86_64.rpm httpd-devel-2.0.52-41.ent.2.x86_64.rpm httpd-manual-2.0.52-41.ent.2.x86_64.rpm httpd-suexec-2.0.52-41.ent.2.x86_64.rpm mod_ssl-2.0.52-41.ent.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-41.ent.2.src.rpm i386: httpd-2.0.52-41.ent.2.i386.rpm httpd-debuginfo-2.0.52-41.ent.2.i386.rpm httpd-devel-2.0.52-41.ent.2.i386.rpm httpd-manual-2.0.52-41.ent.2.i386.rpm httpd-suexec-2.0.52-41.ent.2.i386.rpm mod_ssl-2.0.52-41.ent.2.i386.rpm ia64: httpd-2.0.52-41.ent.2.ia64.rpm httpd-debuginfo-2.0.52-41.ent.2.ia64.rpm httpd-devel-2.0.52-41.ent.2.ia64.rpm httpd-manual-2.0.52-41.ent.2.ia64.rpm httpd-suexec-2.0.52-41.ent.2.ia64.rpm mod_ssl-2.0.52-41.ent.2.ia64.rpm x86_64: httpd-2.0.52-41.ent.2.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.2.x86_64.rpm httpd-devel-2.0.52-41.ent.2.x86_64.rpm httpd-manual-2.0.52-41.ent.2.x86_64.rpm httpd-suexec-2.0.52-41.ent.2.x86_64.rpm mod_ssl-2.0.52-41.ent.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-11.el5_2.4.src.rpm i386: httpd-2.2.3-11.el5_2.4.i386.rpm httpd-debuginfo-2.2.3-11.el5_2.4.i386.rpm mod_ssl-2.2.3-11.el5_2.4.i386.rpm x86_64: httpd-2.2.3-11.el5_2.4.x86_64.rpm httpd-debuginfo-2.2.3-11.el5_2.4.x86_64.rpm mod_ssl-2.2.3-11.el5_2.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-11.el5_2.4.src.rpm i386: httpd-debuginfo-2.2.3-11.el5_2.4.i386.rpm httpd-devel-2.2.3-11.el5_2.4.i386.rpm httpd-manual-2.2.3-11.el5_2.4.i386.rpm x86_64: httpd-debuginfo-2.2.3-11.el5_2.4.i386.rpm httpd-debuginfo-2.2.3-11.el5_2.4.x86_64.rpm httpd-devel-2.2.3-11.el5_2.4.i386.rpm httpd-devel-2.2.3-11.el5_2.4.x86_64.rpm httpd-manual-2.2.3-11.el5_2.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-11.el5_2.4.src.rpm i386: httpd-2.2.3-11.el5_2.4.i386.rpm httpd-debuginfo-2.2.3-11.el5_2.4.i386.rpm httpd-devel-2.2.3-11.el5_2.4.i386.rpm httpd-manual-2.2.3-11.el5_2.4.i386.rpm mod_ssl-2.2.3-11.el5_2.4.i386.rpm ia64: httpd-2.2.3-11.el5_2.4.ia64.rpm httpd-debuginfo-2.2.3-11.el5_2.4.ia64.rpm httpd-devel-2.2.3-11.el5_2.4.ia64.rpm httpd-manual-2.2.3-11.el5_2.4.ia64.rpm mod_ssl-2.2.3-11.el5_2.4.ia64.rpm ppc: httpd-2.2.3-11.el5_2.4.ppc.rpm httpd-2.2.3-11.el5_2.4.ppc64.rpm httpd-debuginfo-2.2.3-11.el5_2.4.ppc.rpm httpd-debuginfo-2.2.3-11.el5_2.4.ppc64.rpm httpd-devel-2.2.3-11.el5_2.4.ppc.rpm httpd-devel-2.2.3-11.el5_2.4.ppc64.rpm httpd-manual-2.2.3-11.el5_2.4.ppc.rpm mod_ssl-2.2.3-11.el5_2.4.ppc.rpm s390x: httpd-2.2.3-11.el5_2.4.s390x.rpm httpd-debuginfo-2.2.3-11.el5_2.4.s390.rpm httpd-debuginfo-2.2.3-11.el5_2.4.s390x.rpm httpd-devel-2.2.3-11.el5_2.4.s390.rpm httpd-devel-2.2.3-11.el5_2.4.s390x.rpm httpd-manual-2.2.3-11.el5_2.4.s390x.rpm mod_ssl-2.2.3-11.el5_2.4.s390x.rpm x86_64: httpd-2.2.3-11.el5_2.4.x86_64.rpm httpd-debuginfo-2.2.3-11.el5_2.4.i386.rpm httpd-debuginfo-2.2.3-11.el5_2.4.x86_64.rpm httpd-devel-2.2.3-11.el5_2.4.i386.rpm httpd-devel-2.2.3-11.el5_2.4.x86_64.rpm httpd-manual-2.2.3-11.el5_2.4.x86_64.rpm mod_ssl-2.2.3-11.el5_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJGc6KXlSAg2UNWIIRAlRvAJ4l4NIZaJ1/qJpcA0WLcvdPXgFlwgCfUtwp 4kV/EMwi22BLV4H5xbjebO0= =Y9Dl -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 11 18:28:48 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Nov 2008 13:28:48 -0500 Subject: [RHSA-2008:0982-01] Moderate: gnutls security update Message-ID: <200811111828.mABISmGI010036@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security update Advisory ID: RHSA-2008:0982-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0982.html Issue date: 2008-11-11 CVE Names: CVE-2008-4989 ===================================================================== 1. Summary: Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). Martin von Gagern discovered a flaw in the way GnuTLS verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications using the GnuTLS library to trust invalid certificates. (CVE-2008-4989) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 470079 - CVE-2008-4989 gnutls: certificate chain verification flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_2.1.src.rpm i386: gnutls-1.4.1-3.el5_2.1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.i386.rpm gnutls-utils-1.4.1-3.el5_2.1.i386.rpm x86_64: gnutls-1.4.1-3.el5_2.1.i386.rpm gnutls-1.4.1-3.el5_2.1.x86_64.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.x86_64.rpm gnutls-utils-1.4.1-3.el5_2.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_2.1.src.rpm i386: gnutls-debuginfo-1.4.1-3.el5_2.1.i386.rpm gnutls-devel-1.4.1-3.el5_2.1.i386.rpm x86_64: gnutls-debuginfo-1.4.1-3.el5_2.1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.x86_64.rpm gnutls-devel-1.4.1-3.el5_2.1.i386.rpm gnutls-devel-1.4.1-3.el5_2.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnutls-1.4.1-3.el5_2.1.src.rpm i386: gnutls-1.4.1-3.el5_2.1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.i386.rpm gnutls-devel-1.4.1-3.el5_2.1.i386.rpm gnutls-utils-1.4.1-3.el5_2.1.i386.rpm ia64: gnutls-1.4.1-3.el5_2.1.i386.rpm gnutls-1.4.1-3.el5_2.1.ia64.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.ia64.rpm gnutls-devel-1.4.1-3.el5_2.1.ia64.rpm gnutls-utils-1.4.1-3.el5_2.1.ia64.rpm ppc: gnutls-1.4.1-3.el5_2.1.ppc.rpm gnutls-1.4.1-3.el5_2.1.ppc64.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.ppc.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.ppc64.rpm gnutls-devel-1.4.1-3.el5_2.1.ppc.rpm gnutls-devel-1.4.1-3.el5_2.1.ppc64.rpm gnutls-utils-1.4.1-3.el5_2.1.ppc.rpm s390x: gnutls-1.4.1-3.el5_2.1.s390.rpm gnutls-1.4.1-3.el5_2.1.s390x.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.s390.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.s390x.rpm gnutls-devel-1.4.1-3.el5_2.1.s390.rpm gnutls-devel-1.4.1-3.el5_2.1.s390x.rpm gnutls-utils-1.4.1-3.el5_2.1.s390x.rpm x86_64: gnutls-1.4.1-3.el5_2.1.i386.rpm gnutls-1.4.1-3.el5_2.1.x86_64.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.i386.rpm gnutls-debuginfo-1.4.1-3.el5_2.1.x86_64.rpm gnutls-devel-1.4.1-3.el5_2.1.i386.rpm gnutls-devel-1.4.1-3.el5_2.1.x86_64.rpm gnutls-utils-1.4.1-3.el5_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJGc6gXlSAg2UNWIIRAhN3AJ9IebiZ928axpW3nuN1sYKIIuIGaACfQq+I 4DBHppZuRQ9BcPOzPR4Gh0E= =cqGm -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 12 17:32:34 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Nov 2008 12:32:34 -0500 Subject: [RHSA-2008:0974-01] Critical: acroread security update Message-ID: <200811121732.mACHWYFo007595@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2008:0974-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0974.html Issue date: 2008-11-12 CVE Names: CVE-2008-2549 CVE-2008-2992 CVE-2008-4812 CVE-2008-4813 CVE-2008-4814 CVE-2008-4815 CVE-2008-4817 ===================================================================== 1. Summary: Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Several input validation flaws were discovered in Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817) The Adobe Reader binary had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local attacker able to convince another user to run Adobe Reader in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-4815) All acroread users are advised to upgrade to these updated packages, that contain Adobe Reader version 8.1.3, and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 450078 - CVE-2008-2549 acroread: crash and possible code execution 469875 - CVE-2008-4812 Adobe Reader: embedded font handling out-of-bounds array indexing 469876 - CVE-2008-4813 Adobe Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw 469877 - CVE-2008-2992 Adobe Reader: JavaScript util.printf() function buffer overflow 469880 - CVE-2008-4814 Adobe Reader: arbitrary code execution via unspecified JavaScript method 469882 - CVE-2008-4815 Adobe Reader: insecure RPATH flaw 469923 - CVE-2008-4817 Adobe Reader: Download Manager input validation flaw 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: acroread-8.1.3-1.i386.rpm acroread-plugin-8.1.3-1.i386.rpm x86_64: acroread-8.1.3-1.i386.rpm Red Hat Desktop version 3 Extras: i386: acroread-8.1.3-1.i386.rpm acroread-plugin-8.1.3-1.i386.rpm x86_64: acroread-8.1.3-1.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: acroread-8.1.3-1.i386.rpm acroread-plugin-8.1.3-1.i386.rpm x86_64: acroread-8.1.3-1.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: acroread-8.1.3-1.i386.rpm acroread-plugin-8.1.3-1.i386.rpm x86_64: acroread-8.1.3-1.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-8.1.3-1.el4.i386.rpm acroread-plugin-8.1.3-1.el4.i386.rpm x86_64: acroread-8.1.3-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-8.1.3-1.el4.i386.rpm acroread-plugin-8.1.3-1.el4.i386.rpm x86_64: acroread-8.1.3-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-8.1.3-1.el4.i386.rpm acroread-plugin-8.1.3-1.el4.i386.rpm x86_64: acroread-8.1.3-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-8.1.3-1.el4.i386.rpm acroread-plugin-8.1.3-1.el4.i386.rpm x86_64: acroread-8.1.3-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: acroread-8.1.3-1.el5.i386.rpm acroread-plugin-8.1.3-1.el5.i386.rpm x86_64: acroread-8.1.3-1.el5.i386.rpm acroread-plugin-8.1.3-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: acroread-8.1.3-1.el5.i386.rpm acroread-plugin-8.1.3-1.el5.i386.rpm x86_64: acroread-8.1.3-1.el5.i386.rpm acroread-plugin-8.1.3-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJGxMSXlSAg2UNWIIRAhpQAKCl+EmsEXnvSnbyEUKvOTdh1vtZIgCgvVG7 xqtXvioZHxs6OCvB94zsCiU= =BQRt -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 12 18:06:37 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Nov 2008 13:06:37 -0500 Subject: [RHSA-2008:0980-02] Important: flash-plugin security update Message-ID: <200811121806.mACI6brr027322@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: flash-plugin security update Advisory ID: RHSA-2008:0980-02 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0980.html Issue date: 2008-11-12 CVE Names: CVE-2007-4324 CVE-2007-6243 CVE-2008-3873 CVE-2008-4401 CVE-2008-4503 CVE-2008-4818 CVE-2008-4819 CVE-2008-4823 CVE-2008-4822 CVE-2008-4821 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Desktop version 3 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Description: The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. A flaw was found in the way Adobe Flash Player wrote content to the clipboard. A malicious SWF (Shockwave Flash) file could populate the clipboard with a URL that could cause the user to accidentally or mistakenly load an attacker-controlled URL. (CVE-2008-3873) A flaw was found with Adobe's ActionScript scripting language which allowed Flash scripts to initiate file uploads and downloads without user interaction. ActionScript's FileReference.browse and FileReference.download method calls can now only be initiated via user interaction, such as through mouse-clicks or key-presses on the keyboard. (CVE-2008-4401) A flaw was found in Adobe Flash Player's display of Settings Manager content. A malicious SWF file could trick the user into unintentionally or mistakenly clicking a link or a dialog which could then give the malicious SWF file permission to access the local machine's camera or microphone. (CVE-2008-4503) Flaws were found in the way Flash Player restricted the interpretation and usage of cross-domain policy files. A remote attacker could use Flash Player to conduct cross-domain and cross-site scripting attacks (CVE-2007-4324, CVE-2007-6243). This update provides enhanced fixes for these issues. Flash Player contains a flaw in the way it interprets HTTP response headers. An attacker could use this flaw to conduct a cross-site scripting attack against the user running Flash Player. (CVE-2008-4818) A flaw was found in the way Flash Player handles the ActionScript attribute. A malicious site could use this flaw to inject arbitrary HTML content, confusing the user running the browser. (CVE-2008-4823) A flaw was found in the way Flash Player interprets policy files. It was possible to bypass a non-root domain policy, possibly allowing a malicious site to access data in a different domain. (CVE-2008-4822) A flaw was found in how Flash Player's jar: protocol handler interacts with Mozilla. A malicious flash application could use this flaw to disclose sensitive information. (CVE-2008-4821) Updated Flash Player also extends mechanisms to help prevent an attacker from executing a DNS rebinding attack. (CVE-2008-4819) All users of Adobe Flash Player should upgrade to this updated package, which contains Flash Player version 9.0.151.0. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 252292 - CVE-2007-4324 Flash movie can determine whether a TCP port is open 440664 - CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws 465736 - CVE-2008-3873 flash: clipboard hijack attack 466154 - CVE-2008-4401 flash-plugin: upload/download user interaction 466344 - CVE-2008-4503 Adobe Flash Player clickjacking 470116 - CVE-2008-4818 Flash Player XSS 470123 - CVE-2008-4819 Flash Player DNS rebind attack 470128 - CVE-2008-4823 Flash Player HTML injection flaw 470130 - CVE-2008-4822 Flash Player policy file interpretation flaw 470131 - CVE-2008-4821 Flash Player jar: protocol handler 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Desktop version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821 http://adobe.com/products/flashplayer http://www.redhat.com/security/updates/classification/#important http://www.adobe.com/support/security/bulletins/apsb08-20.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJGxsiXlSAg2UNWIIRAn/zAJwIaRs4zmeuV6BaP+Dt+WdGrbhmIgCfSwGa JlziCwdugRRIaEmM5qjItCk= =oE/0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 13 02:47:13 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Nov 2008 21:47:13 -0500 Subject: [RHSA-2008:0977-01] Critical: seamonkey security update Message-ID: <200811130247.mAD2lDY0024068@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2008:0977-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0977.html Issue date: 2008-11-12 CVE Names: CVE-2008-0017 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 ===================================================================== 1. Summary: Updated seamonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially-crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 470864 - CVE-2008-5012 Mozilla Image stealing via canvas and HTTP redirect 470867 - CVE-2008-5013 Mozilla Flash Player dynamic module unloading flaw 470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering 470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption 470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption 470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption 470889 - CVE-2008-5019 Mozilla XSS via session restore 470892 - CVE-2008-0017 Mozilla buffer overflow in http-index-format parser 470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager 470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin violation 470898 - CVE-2008-5023 Mozilla -moz-binding property bypasses security checks on codebase principals 470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.9-0.21.el2.src.rpm i386: seamonkey-1.0.9-0.21.el2.i386.rpm seamonkey-chat-1.0.9-0.21.el2.i386.rpm seamonkey-devel-1.0.9-0.21.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.21.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.21.el2.i386.rpm seamonkey-mail-1.0.9-0.21.el2.i386.rpm seamonkey-nspr-1.0.9-0.21.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.21.el2.i386.rpm seamonkey-nss-1.0.9-0.21.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.21.el2.i386.rpm ia64: seamonkey-1.0.9-0.21.el2.ia64.rpm seamonkey-chat-1.0.9-0.21.el2.ia64.rpm seamonkey-devel-1.0.9-0.21.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.21.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.21.el2.ia64.rpm seamonkey-mail-1.0.9-0.21.el2.ia64.rpm seamonkey-nspr-1.0.9-0.21.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.21.el2.ia64.rpm seamonkey-nss-1.0.9-0.21.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.21.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.9-0.21.el2.src.rpm ia64: seamonkey-1.0.9-0.21.el2.ia64.rpm seamonkey-chat-1.0.9-0.21.el2.ia64.rpm seamonkey-devel-1.0.9-0.21.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.21.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.21.el2.ia64.rpm seamonkey-mail-1.0.9-0.21.el2.ia64.rpm seamonkey-nspr-1.0.9-0.21.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.21.el2.ia64.rpm seamonkey-nss-1.0.9-0.21.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.21.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.9-0.21.el2.src.rpm i386: seamonkey-1.0.9-0.21.el2.i386.rpm seamonkey-chat-1.0.9-0.21.el2.i386.rpm seamonkey-devel-1.0.9-0.21.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.21.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.21.el2.i386.rpm seamonkey-mail-1.0.9-0.21.el2.i386.rpm seamonkey-nspr-1.0.9-0.21.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.21.el2.i386.rpm seamonkey-nss-1.0.9-0.21.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.21.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.9-0.21.el2.src.rpm i386: seamonkey-1.0.9-0.21.el2.i386.rpm seamonkey-chat-1.0.9-0.21.el2.i386.rpm seamonkey-devel-1.0.9-0.21.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.21.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.21.el2.i386.rpm seamonkey-mail-1.0.9-0.21.el2.i386.rpm seamonkey-nspr-1.0.9-0.21.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.21.el2.i386.rpm seamonkey-nss-1.0.9-0.21.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.21.el2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.25.el3.src.rpm i386: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-chat-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-devel-1.0.9-0.25.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.25.el3.i386.rpm seamonkey-mail-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.25.el3.i386.rpm ia64: seamonkey-1.0.9-0.25.el3.ia64.rpm seamonkey-chat-1.0.9-0.25.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.ia64.rpm seamonkey-devel-1.0.9-0.25.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.25.el3.ia64.rpm seamonkey-mail-1.0.9-0.25.el3.ia64.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.ia64.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.25.el3.ia64.rpm ppc: seamonkey-1.0.9-0.25.el3.ppc.rpm seamonkey-chat-1.0.9-0.25.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.25.el3.ppc.rpm seamonkey-devel-1.0.9-0.25.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.25.el3.ppc.rpm seamonkey-mail-1.0.9-0.25.el3.ppc.rpm seamonkey-nspr-1.0.9-0.25.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.ppc.rpm seamonkey-nss-1.0.9-0.25.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.25.el3.ppc.rpm s390: seamonkey-1.0.9-0.25.el3.s390.rpm seamonkey-chat-1.0.9-0.25.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.25.el3.s390.rpm seamonkey-devel-1.0.9-0.25.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.25.el3.s390.rpm seamonkey-mail-1.0.9-0.25.el3.s390.rpm seamonkey-nspr-1.0.9-0.25.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.s390.rpm seamonkey-nss-1.0.9-0.25.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.25.el3.s390.rpm s390x: seamonkey-1.0.9-0.25.el3.s390x.rpm seamonkey-chat-1.0.9-0.25.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.25.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.25.el3.s390x.rpm seamonkey-devel-1.0.9-0.25.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.25.el3.s390x.rpm seamonkey-mail-1.0.9-0.25.el3.s390x.rpm seamonkey-nspr-1.0.9-0.25.el3.s390.rpm seamonkey-nspr-1.0.9-0.25.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.s390x.rpm seamonkey-nss-1.0.9-0.25.el3.s390.rpm seamonkey-nss-1.0.9-0.25.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.25.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-1.0.9-0.25.el3.x86_64.rpm seamonkey-chat-1.0.9-0.25.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.x86_64.rpm seamonkey-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.25.el3.x86_64.rpm seamonkey-mail-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.25.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.25.el3.src.rpm i386: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-chat-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-devel-1.0.9-0.25.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.25.el3.i386.rpm seamonkey-mail-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.25.el3.i386.rpm x86_64: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-1.0.9-0.25.el3.x86_64.rpm seamonkey-chat-1.0.9-0.25.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.x86_64.rpm seamonkey-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.25.el3.x86_64.rpm seamonkey-mail-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.25.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.25.el3.src.rpm i386: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-chat-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-devel-1.0.9-0.25.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.25.el3.i386.rpm seamonkey-mail-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.25.el3.i386.rpm ia64: seamonkey-1.0.9-0.25.el3.ia64.rpm seamonkey-chat-1.0.9-0.25.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.ia64.rpm seamonkey-devel-1.0.9-0.25.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.25.el3.ia64.rpm seamonkey-mail-1.0.9-0.25.el3.ia64.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.ia64.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.25.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-1.0.9-0.25.el3.x86_64.rpm seamonkey-chat-1.0.9-0.25.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.x86_64.rpm seamonkey-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.25.el3.x86_64.rpm seamonkey-mail-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.25.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.25.el3.src.rpm i386: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-chat-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-devel-1.0.9-0.25.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.25.el3.i386.rpm seamonkey-mail-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.25.el3.i386.rpm ia64: seamonkey-1.0.9-0.25.el3.ia64.rpm seamonkey-chat-1.0.9-0.25.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.ia64.rpm seamonkey-devel-1.0.9-0.25.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.25.el3.ia64.rpm seamonkey-mail-1.0.9-0.25.el3.ia64.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.ia64.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.25.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.25.el3.i386.rpm seamonkey-1.0.9-0.25.el3.x86_64.rpm seamonkey-chat-1.0.9-0.25.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.25.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.25.el3.x86_64.rpm seamonkey-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.25.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.25.el3.x86_64.rpm seamonkey-mail-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.25.el3.i386.rpm seamonkey-nspr-1.0.9-0.25.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-1.0.9-0.25.el3.i386.rpm seamonkey-nss-1.0.9-0.25.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.25.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-28.el4.src.rpm i386: seamonkey-1.0.9-28.el4.i386.rpm seamonkey-chat-1.0.9-28.el4.i386.rpm seamonkey-debuginfo-1.0.9-28.el4.i386.rpm seamonkey-devel-1.0.9-28.el4.i386.rpm seamonkey-dom-inspector-1.0.9-28.el4.i386.rpm seamonkey-js-debugger-1.0.9-28.el4.i386.rpm seamonkey-mail-1.0.9-28.el4.i386.rpm ia64: seamonkey-1.0.9-28.el4.ia64.rpm seamonkey-chat-1.0.9-28.el4.ia64.rpm seamonkey-debuginfo-1.0.9-28.el4.ia64.rpm seamonkey-devel-1.0.9-28.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-28.el4.ia64.rpm seamonkey-js-debugger-1.0.9-28.el4.ia64.rpm seamonkey-mail-1.0.9-28.el4.ia64.rpm ppc: seamonkey-1.0.9-28.el4.ppc.rpm seamonkey-chat-1.0.9-28.el4.ppc.rpm seamonkey-debuginfo-1.0.9-28.el4.ppc.rpm seamonkey-devel-1.0.9-28.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-28.el4.ppc.rpm seamonkey-js-debugger-1.0.9-28.el4.ppc.rpm seamonkey-mail-1.0.9-28.el4.ppc.rpm s390: seamonkey-1.0.9-28.el4.s390.rpm seamonkey-chat-1.0.9-28.el4.s390.rpm seamonkey-debuginfo-1.0.9-28.el4.s390.rpm seamonkey-devel-1.0.9-28.el4.s390.rpm seamonkey-dom-inspector-1.0.9-28.el4.s390.rpm seamonkey-js-debugger-1.0.9-28.el4.s390.rpm seamonkey-mail-1.0.9-28.el4.s390.rpm s390x: seamonkey-1.0.9-28.el4.s390x.rpm seamonkey-chat-1.0.9-28.el4.s390x.rpm seamonkey-debuginfo-1.0.9-28.el4.s390x.rpm seamonkey-devel-1.0.9-28.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-28.el4.s390x.rpm seamonkey-js-debugger-1.0.9-28.el4.s390x.rpm seamonkey-mail-1.0.9-28.el4.s390x.rpm x86_64: seamonkey-1.0.9-28.el4.x86_64.rpm seamonkey-chat-1.0.9-28.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-28.el4.x86_64.rpm seamonkey-devel-1.0.9-28.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-28.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-28.el4.x86_64.rpm seamonkey-mail-1.0.9-28.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-28.el4.src.rpm i386: seamonkey-1.0.9-28.el4.i386.rpm seamonkey-chat-1.0.9-28.el4.i386.rpm seamonkey-debuginfo-1.0.9-28.el4.i386.rpm seamonkey-devel-1.0.9-28.el4.i386.rpm seamonkey-dom-inspector-1.0.9-28.el4.i386.rpm seamonkey-js-debugger-1.0.9-28.el4.i386.rpm seamonkey-mail-1.0.9-28.el4.i386.rpm x86_64: seamonkey-1.0.9-28.el4.x86_64.rpm seamonkey-chat-1.0.9-28.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-28.el4.x86_64.rpm seamonkey-devel-1.0.9-28.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-28.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-28.el4.x86_64.rpm seamonkey-mail-1.0.9-28.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-28.el4.src.rpm i386: seamonkey-1.0.9-28.el4.i386.rpm seamonkey-chat-1.0.9-28.el4.i386.rpm seamonkey-debuginfo-1.0.9-28.el4.i386.rpm seamonkey-devel-1.0.9-28.el4.i386.rpm seamonkey-dom-inspector-1.0.9-28.el4.i386.rpm seamonkey-js-debugger-1.0.9-28.el4.i386.rpm seamonkey-mail-1.0.9-28.el4.i386.rpm ia64: seamonkey-1.0.9-28.el4.ia64.rpm seamonkey-chat-1.0.9-28.el4.ia64.rpm seamonkey-debuginfo-1.0.9-28.el4.ia64.rpm seamonkey-devel-1.0.9-28.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-28.el4.ia64.rpm seamonkey-js-debugger-1.0.9-28.el4.ia64.rpm seamonkey-mail-1.0.9-28.el4.ia64.rpm x86_64: seamonkey-1.0.9-28.el4.x86_64.rpm seamonkey-chat-1.0.9-28.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-28.el4.x86_64.rpm seamonkey-devel-1.0.9-28.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-28.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-28.el4.x86_64.rpm seamonkey-mail-1.0.9-28.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-28.el4.src.rpm i386: seamonkey-1.0.9-28.el4.i386.rpm seamonkey-chat-1.0.9-28.el4.i386.rpm seamonkey-debuginfo-1.0.9-28.el4.i386.rpm seamonkey-devel-1.0.9-28.el4.i386.rpm seamonkey-dom-inspector-1.0.9-28.el4.i386.rpm seamonkey-js-debugger-1.0.9-28.el4.i386.rpm seamonkey-mail-1.0.9-28.el4.i386.rpm ia64: seamonkey-1.0.9-28.el4.ia64.rpm seamonkey-chat-1.0.9-28.el4.ia64.rpm seamonkey-debuginfo-1.0.9-28.el4.ia64.rpm seamonkey-devel-1.0.9-28.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-28.el4.ia64.rpm seamonkey-js-debugger-1.0.9-28.el4.ia64.rpm seamonkey-mail-1.0.9-28.el4.ia64.rpm x86_64: seamonkey-1.0.9-28.el4.x86_64.rpm seamonkey-chat-1.0.9-28.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-28.el4.x86_64.rpm seamonkey-devel-1.0.9-28.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-28.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-28.el4.x86_64.rpm seamonkey-mail-1.0.9-28.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJG5T+XlSAg2UNWIIRAr+rAKCePxPPnFSdmlOzPUtZr78UVjKIdgCgwDeF OMNhpVAiaq9Ie/hQzfP4cJg= =0Zlk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 13 02:50:04 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Nov 2008 21:50:04 -0500 Subject: [RHSA-2008:0978-01] Critical: firefox security update Message-ID: <200811130250.mAD2o4Zv024867@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2008:0978-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0978.html Issue date: 2008-11-12 CVE Names: CVE-2008-0017 CVE-2008-5014 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 ===================================================================== 1. Summary: An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened "file:" URIs. If a file: URI was loaded in the same tab as a chrome or privileged "about:" page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 454283 - firefox-2.0-getstartpage.patch breaks extensions which set homepage 470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering 470876 - CVE-2008-5015 Mozilla file: URIs inherit chrome privileges 470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption 470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption 470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption 470889 - CVE-2008-5019 Mozilla XSS via session restore 470892 - CVE-2008-0017 Mozilla buffer overflow in http-index-format parser 470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager 470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin violation 470898 - CVE-2008-5023 Mozilla -moz-binding property bypasses security checks on codebase principals 470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm i386: firefox-3.0.4-1.el4.i386.rpm firefox-debuginfo-3.0.4-1.el4.i386.rpm nss-3.12.1.1-3.el4.i386.rpm nss-debuginfo-3.12.1.1-3.el4.i386.rpm nss-devel-3.12.1.1-3.el4.i386.rpm ia64: firefox-3.0.4-1.el4.ia64.rpm firefox-debuginfo-3.0.4-1.el4.ia64.rpm nss-3.12.1.1-3.el4.i386.rpm nss-3.12.1.1-3.el4.ia64.rpm nss-debuginfo-3.12.1.1-3.el4.ia64.rpm nss-devel-3.12.1.1-3.el4.ia64.rpm ppc: firefox-3.0.4-1.el4.ppc.rpm firefox-debuginfo-3.0.4-1.el4.ppc.rpm nss-3.12.1.1-3.el4.ppc.rpm nss-3.12.1.1-3.el4.ppc64.rpm nss-debuginfo-3.12.1.1-3.el4.ppc.rpm nss-debuginfo-3.12.1.1-3.el4.ppc64.rpm nss-devel-3.12.1.1-3.el4.ppc.rpm s390: firefox-3.0.4-1.el4.s390.rpm firefox-debuginfo-3.0.4-1.el4.s390.rpm nss-3.12.1.1-3.el4.s390.rpm nss-debuginfo-3.12.1.1-3.el4.s390.rpm nss-devel-3.12.1.1-3.el4.s390.rpm s390x: firefox-3.0.4-1.el4.s390x.rpm firefox-debuginfo-3.0.4-1.el4.s390x.rpm nss-3.12.1.1-3.el4.s390.rpm nss-3.12.1.1-3.el4.s390x.rpm nss-debuginfo-3.12.1.1-3.el4.s390x.rpm nss-devel-3.12.1.1-3.el4.s390x.rpm x86_64: firefox-3.0.4-1.el4.x86_64.rpm firefox-debuginfo-3.0.4-1.el4.x86_64.rpm nss-3.12.1.1-3.el4.i386.rpm nss-3.12.1.1-3.el4.x86_64.rpm nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm nss-devel-3.12.1.1-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm i386: firefox-3.0.4-1.el4.i386.rpm firefox-debuginfo-3.0.4-1.el4.i386.rpm nss-3.12.1.1-3.el4.i386.rpm nss-debuginfo-3.12.1.1-3.el4.i386.rpm nss-devel-3.12.1.1-3.el4.i386.rpm x86_64: firefox-3.0.4-1.el4.x86_64.rpm firefox-debuginfo-3.0.4-1.el4.x86_64.rpm nss-3.12.1.1-3.el4.i386.rpm nss-3.12.1.1-3.el4.x86_64.rpm nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm nss-devel-3.12.1.1-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm i386: firefox-3.0.4-1.el4.i386.rpm firefox-debuginfo-3.0.4-1.el4.i386.rpm nss-3.12.1.1-3.el4.i386.rpm nss-debuginfo-3.12.1.1-3.el4.i386.rpm nss-devel-3.12.1.1-3.el4.i386.rpm ia64: firefox-3.0.4-1.el4.ia64.rpm firefox-debuginfo-3.0.4-1.el4.ia64.rpm nss-3.12.1.1-3.el4.i386.rpm nss-3.12.1.1-3.el4.ia64.rpm nss-debuginfo-3.12.1.1-3.el4.ia64.rpm nss-devel-3.12.1.1-3.el4.ia64.rpm x86_64: firefox-3.0.4-1.el4.x86_64.rpm firefox-debuginfo-3.0.4-1.el4.x86_64.rpm nss-3.12.1.1-3.el4.i386.rpm nss-3.12.1.1-3.el4.x86_64.rpm nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm nss-devel-3.12.1.1-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.4-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nss-3.12.1.1-3.el4.src.rpm i386: firefox-3.0.4-1.el4.i386.rpm firefox-debuginfo-3.0.4-1.el4.i386.rpm nss-3.12.1.1-3.el4.i386.rpm nss-debuginfo-3.12.1.1-3.el4.i386.rpm nss-devel-3.12.1.1-3.el4.i386.rpm ia64: firefox-3.0.4-1.el4.ia64.rpm firefox-debuginfo-3.0.4-1.el4.ia64.rpm nss-3.12.1.1-3.el4.i386.rpm nss-3.12.1.1-3.el4.ia64.rpm nss-debuginfo-3.12.1.1-3.el4.ia64.rpm nss-devel-3.12.1.1-3.el4.ia64.rpm x86_64: firefox-3.0.4-1.el4.x86_64.rpm firefox-debuginfo-3.0.4-1.el4.x86_64.rpm nss-3.12.1.1-3.el4.i386.rpm nss-3.12.1.1-3.el4.x86_64.rpm nss-debuginfo-3.12.1.1-3.el4.x86_64.rpm nss-devel-3.12.1.1-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-20.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.4-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.4-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-22.el5.src.rpm i386: devhelp-0.12-20.el5.i386.rpm devhelp-debuginfo-0.12-20.el5.i386.rpm firefox-3.0.4-1.el5.i386.rpm firefox-debuginfo-3.0.4-1.el5.i386.rpm nss-3.12.1.1-3.el5.i386.rpm nss-debuginfo-3.12.1.1-3.el5.i386.rpm nss-tools-3.12.1.1-3.el5.i386.rpm xulrunner-1.9.0.4-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm yelp-2.16.0-22.el5.i386.rpm yelp-debuginfo-2.16.0-22.el5.i386.rpm x86_64: devhelp-0.12-20.el5.i386.rpm devhelp-0.12-20.el5.x86_64.rpm devhelp-debuginfo-0.12-20.el5.i386.rpm devhelp-debuginfo-0.12-20.el5.x86_64.rpm firefox-3.0.4-1.el5.i386.rpm firefox-3.0.4-1.el5.x86_64.rpm firefox-debuginfo-3.0.4-1.el5.i386.rpm firefox-debuginfo-3.0.4-1.el5.x86_64.rpm nss-3.12.1.1-3.el5.i386.rpm nss-3.12.1.1-3.el5.x86_64.rpm nss-debuginfo-3.12.1.1-3.el5.i386.rpm nss-debuginfo-3.12.1.1-3.el5.x86_64.rpm nss-tools-3.12.1.1-3.el5.x86_64.rpm xulrunner-1.9.0.4-1.el5.i386.rpm xulrunner-1.9.0.4-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.4-1.el5.x86_64.rpm yelp-2.16.0-22.el5.x86_64.rpm yelp-debuginfo-2.16.0-22.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-20.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.4-1.el5.src.rpm i386: devhelp-debuginfo-0.12-20.el5.i386.rpm devhelp-devel-0.12-20.el5.i386.rpm nss-debuginfo-3.12.1.1-3.el5.i386.rpm nss-devel-3.12.1.1-3.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm xulrunner-devel-1.9.0.4-1.el5.i386.rpm xulrunner-devel-unstable-1.9.0.4-1.el5.i386.rpm x86_64: devhelp-debuginfo-0.12-20.el5.i386.rpm devhelp-debuginfo-0.12-20.el5.x86_64.rpm devhelp-devel-0.12-20.el5.i386.rpm devhelp-devel-0.12-20.el5.x86_64.rpm nss-debuginfo-3.12.1.1-3.el5.i386.rpm nss-debuginfo-3.12.1.1-3.el5.x86_64.rpm nss-devel-3.12.1.1-3.el5.i386.rpm nss-devel-3.12.1.1-3.el5.x86_64.rpm nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-3.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.4-1.el5.x86_64.rpm xulrunner-devel-1.9.0.4-1.el5.i386.rpm xulrunner-devel-1.9.0.4-1.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.4-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-20.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.4-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.1.1-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.4-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-22.el5.src.rpm i386: devhelp-0.12-20.el5.i386.rpm devhelp-debuginfo-0.12-20.el5.i386.rpm devhelp-devel-0.12-20.el5.i386.rpm firefox-3.0.4-1.el5.i386.rpm firefox-debuginfo-3.0.4-1.el5.i386.rpm nss-3.12.1.1-3.el5.i386.rpm nss-debuginfo-3.12.1.1-3.el5.i386.rpm nss-devel-3.12.1.1-3.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm nss-tools-3.12.1.1-3.el5.i386.rpm xulrunner-1.9.0.4-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm xulrunner-devel-1.9.0.4-1.el5.i386.rpm xulrunner-devel-unstable-1.9.0.4-1.el5.i386.rpm yelp-2.16.0-22.el5.i386.rpm yelp-debuginfo-2.16.0-22.el5.i386.rpm ia64: devhelp-0.12-20.el5.ia64.rpm devhelp-debuginfo-0.12-20.el5.ia64.rpm devhelp-devel-0.12-20.el5.ia64.rpm firefox-3.0.4-1.el5.ia64.rpm firefox-debuginfo-3.0.4-1.el5.ia64.rpm nss-3.12.1.1-3.el5.i386.rpm nss-3.12.1.1-3.el5.ia64.rpm nss-debuginfo-3.12.1.1-3.el5.i386.rpm nss-debuginfo-3.12.1.1-3.el5.ia64.rpm nss-devel-3.12.1.1-3.el5.ia64.rpm nss-pkcs11-devel-3.12.1.1-3.el5.ia64.rpm nss-tools-3.12.1.1-3.el5.ia64.rpm xulrunner-1.9.0.4-1.el5.ia64.rpm xulrunner-debuginfo-1.9.0.4-1.el5.ia64.rpm xulrunner-devel-1.9.0.4-1.el5.ia64.rpm xulrunner-devel-unstable-1.9.0.4-1.el5.ia64.rpm yelp-2.16.0-22.el5.ia64.rpm yelp-debuginfo-2.16.0-22.el5.ia64.rpm ppc: devhelp-0.12-20.el5.ppc.rpm devhelp-debuginfo-0.12-20.el5.ppc.rpm devhelp-devel-0.12-20.el5.ppc.rpm firefox-3.0.4-1.el5.ppc.rpm firefox-debuginfo-3.0.4-1.el5.ppc.rpm nss-3.12.1.1-3.el5.ppc.rpm nss-3.12.1.1-3.el5.ppc64.rpm nss-debuginfo-3.12.1.1-3.el5.ppc.rpm nss-debuginfo-3.12.1.1-3.el5.ppc64.rpm nss-devel-3.12.1.1-3.el5.ppc.rpm nss-devel-3.12.1.1-3.el5.ppc64.rpm nss-pkcs11-devel-3.12.1.1-3.el5.ppc.rpm nss-pkcs11-devel-3.12.1.1-3.el5.ppc64.rpm nss-tools-3.12.1.1-3.el5.ppc.rpm xulrunner-1.9.0.4-1.el5.ppc.rpm xulrunner-1.9.0.4-1.el5.ppc64.rpm xulrunner-debuginfo-1.9.0.4-1.el5.ppc.rpm xulrunner-debuginfo-1.9.0.4-1.el5.ppc64.rpm xulrunner-devel-1.9.0.4-1.el5.ppc.rpm xulrunner-devel-1.9.0.4-1.el5.ppc64.rpm xulrunner-devel-unstable-1.9.0.4-1.el5.ppc.rpm yelp-2.16.0-22.el5.ppc.rpm yelp-debuginfo-2.16.0-22.el5.ppc.rpm s390x: devhelp-0.12-20.el5.s390.rpm devhelp-0.12-20.el5.s390x.rpm devhelp-debuginfo-0.12-20.el5.s390.rpm devhelp-debuginfo-0.12-20.el5.s390x.rpm devhelp-devel-0.12-20.el5.s390.rpm devhelp-devel-0.12-20.el5.s390x.rpm firefox-3.0.4-1.el5.s390.rpm firefox-3.0.4-1.el5.s390x.rpm firefox-debuginfo-3.0.4-1.el5.s390.rpm firefox-debuginfo-3.0.4-1.el5.s390x.rpm nss-3.12.1.1-3.el5.s390.rpm nss-3.12.1.1-3.el5.s390x.rpm nss-debuginfo-3.12.1.1-3.el5.s390.rpm nss-debuginfo-3.12.1.1-3.el5.s390x.rpm nss-devel-3.12.1.1-3.el5.s390.rpm nss-devel-3.12.1.1-3.el5.s390x.rpm nss-pkcs11-devel-3.12.1.1-3.el5.s390.rpm nss-pkcs11-devel-3.12.1.1-3.el5.s390x.rpm nss-tools-3.12.1.1-3.el5.s390x.rpm xulrunner-1.9.0.4-1.el5.s390.rpm xulrunner-1.9.0.4-1.el5.s390x.rpm xulrunner-debuginfo-1.9.0.4-1.el5.s390.rpm xulrunner-debuginfo-1.9.0.4-1.el5.s390x.rpm xulrunner-devel-1.9.0.4-1.el5.s390.rpm xulrunner-devel-1.9.0.4-1.el5.s390x.rpm xulrunner-devel-unstable-1.9.0.4-1.el5.s390x.rpm yelp-2.16.0-22.el5.s390x.rpm yelp-debuginfo-2.16.0-22.el5.s390x.rpm x86_64: devhelp-0.12-20.el5.i386.rpm devhelp-0.12-20.el5.x86_64.rpm devhelp-debuginfo-0.12-20.el5.i386.rpm devhelp-debuginfo-0.12-20.el5.x86_64.rpm devhelp-devel-0.12-20.el5.i386.rpm devhelp-devel-0.12-20.el5.x86_64.rpm firefox-3.0.4-1.el5.i386.rpm firefox-3.0.4-1.el5.x86_64.rpm firefox-debuginfo-3.0.4-1.el5.i386.rpm firefox-debuginfo-3.0.4-1.el5.x86_64.rpm nss-3.12.1.1-3.el5.i386.rpm nss-3.12.1.1-3.el5.x86_64.rpm nss-debuginfo-3.12.1.1-3.el5.i386.rpm nss-debuginfo-3.12.1.1-3.el5.x86_64.rpm nss-devel-3.12.1.1-3.el5.i386.rpm nss-devel-3.12.1.1-3.el5.x86_64.rpm nss-pkcs11-devel-3.12.1.1-3.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-3.el5.x86_64.rpm nss-tools-3.12.1.1-3.el5.x86_64.rpm xulrunner-1.9.0.4-1.el5.i386.rpm xulrunner-1.9.0.4-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.4-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.4-1.el5.x86_64.rpm xulrunner-devel-1.9.0.4-1.el5.i386.rpm xulrunner-devel-1.9.0.4-1.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.4-1.el5.x86_64.rpm yelp-2.16.0-22.el5.x86_64.rpm yelp-debuginfo-2.16.0-22.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.4 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJG5U2XlSAg2UNWIIRAocUAJ9AdR+nytI5kXo2YQVAN54jOBlNZwCghHzq 8sZ5VWaM+vik90Q9UYiEZsE= =kYqN -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 17 16:34:35 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Nov 2008 11:34:35 -0500 Subject: [RHSA-2008:0988-01] Important: libxml2 security update Message-ID: <200811171634.mAHGYZaX003114@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2008:0988-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0988.html Issue date: 2008-11-17 CVE Names: CVE-2008-4225 CVE-2008-4226 ===================================================================== 1. Summary: Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 470466 - CVE-2008-4226 libxml2: integer overflow leading to memory corruption in xmlSAX2Characters 470480 - CVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-12.ent.src.rpm i386: libxml2-2.4.19-12.ent.i386.rpm libxml2-devel-2.4.19-12.ent.i386.rpm libxml2-python-2.4.19-12.ent.i386.rpm ia64: libxml2-2.4.19-12.ent.ia64.rpm libxml2-devel-2.4.19-12.ent.ia64.rpm libxml2-python-2.4.19-12.ent.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-12.ent.src.rpm ia64: libxml2-2.4.19-12.ent.ia64.rpm libxml2-devel-2.4.19-12.ent.ia64.rpm libxml2-python-2.4.19-12.ent.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-12.ent.src.rpm i386: libxml2-2.4.19-12.ent.i386.rpm libxml2-devel-2.4.19-12.ent.i386.rpm libxml2-python-2.4.19-12.ent.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-12.ent.src.rpm i386: libxml2-2.4.19-12.ent.i386.rpm libxml2-devel-2.4.19-12.ent.i386.rpm libxml2-python-2.4.19-12.ent.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libxml2-2.5.10-14.src.rpm i386: libxml2-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-devel-2.5.10-14.i386.rpm libxml2-python-2.5.10-14.i386.rpm ia64: libxml2-2.5.10-14.i386.rpm libxml2-2.5.10-14.ia64.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.ia64.rpm libxml2-devel-2.5.10-14.ia64.rpm libxml2-python-2.5.10-14.ia64.rpm ppc: libxml2-2.5.10-14.ppc.rpm libxml2-2.5.10-14.ppc64.rpm libxml2-debuginfo-2.5.10-14.ppc.rpm libxml2-debuginfo-2.5.10-14.ppc64.rpm libxml2-devel-2.5.10-14.ppc.rpm libxml2-python-2.5.10-14.ppc.rpm s390: libxml2-2.5.10-14.s390.rpm libxml2-debuginfo-2.5.10-14.s390.rpm libxml2-devel-2.5.10-14.s390.rpm libxml2-python-2.5.10-14.s390.rpm s390x: libxml2-2.5.10-14.s390.rpm libxml2-2.5.10-14.s390x.rpm libxml2-debuginfo-2.5.10-14.s390.rpm libxml2-debuginfo-2.5.10-14.s390x.rpm libxml2-devel-2.5.10-14.s390x.rpm libxml2-python-2.5.10-14.s390x.rpm x86_64: libxml2-2.5.10-14.i386.rpm libxml2-2.5.10-14.x86_64.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.x86_64.rpm libxml2-devel-2.5.10-14.x86_64.rpm libxml2-python-2.5.10-14.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libxml2-2.5.10-14.src.rpm i386: libxml2-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-devel-2.5.10-14.i386.rpm libxml2-python-2.5.10-14.i386.rpm x86_64: libxml2-2.5.10-14.i386.rpm libxml2-2.5.10-14.x86_64.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.x86_64.rpm libxml2-devel-2.5.10-14.x86_64.rpm libxml2-python-2.5.10-14.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libxml2-2.5.10-14.src.rpm i386: libxml2-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-devel-2.5.10-14.i386.rpm libxml2-python-2.5.10-14.i386.rpm ia64: libxml2-2.5.10-14.i386.rpm libxml2-2.5.10-14.ia64.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.ia64.rpm libxml2-devel-2.5.10-14.ia64.rpm libxml2-python-2.5.10-14.ia64.rpm x86_64: libxml2-2.5.10-14.i386.rpm libxml2-2.5.10-14.x86_64.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.x86_64.rpm libxml2-devel-2.5.10-14.x86_64.rpm libxml2-python-2.5.10-14.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libxml2-2.5.10-14.src.rpm i386: libxml2-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-devel-2.5.10-14.i386.rpm libxml2-python-2.5.10-14.i386.rpm ia64: libxml2-2.5.10-14.i386.rpm libxml2-2.5.10-14.ia64.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.ia64.rpm libxml2-devel-2.5.10-14.ia64.rpm libxml2-python-2.5.10-14.ia64.rpm x86_64: libxml2-2.5.10-14.i386.rpm libxml2-2.5.10-14.x86_64.rpm libxml2-debuginfo-2.5.10-14.i386.rpm libxml2-debuginfo-2.5.10-14.x86_64.rpm libxml2-devel-2.5.10-14.x86_64.rpm libxml2-python-2.5.10-14.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libxml2-2.6.16-12.6.src.rpm i386: libxml2-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-devel-2.6.16-12.6.i386.rpm libxml2-python-2.6.16-12.6.i386.rpm ia64: libxml2-2.6.16-12.6.i386.rpm libxml2-2.6.16-12.6.ia64.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.ia64.rpm libxml2-devel-2.6.16-12.6.ia64.rpm libxml2-python-2.6.16-12.6.ia64.rpm ppc: libxml2-2.6.16-12.6.ppc.rpm libxml2-2.6.16-12.6.ppc64.rpm libxml2-debuginfo-2.6.16-12.6.ppc.rpm libxml2-debuginfo-2.6.16-12.6.ppc64.rpm libxml2-devel-2.6.16-12.6.ppc.rpm libxml2-python-2.6.16-12.6.ppc.rpm s390: libxml2-2.6.16-12.6.s390.rpm libxml2-debuginfo-2.6.16-12.6.s390.rpm libxml2-devel-2.6.16-12.6.s390.rpm libxml2-python-2.6.16-12.6.s390.rpm s390x: libxml2-2.6.16-12.6.s390.rpm libxml2-2.6.16-12.6.s390x.rpm libxml2-debuginfo-2.6.16-12.6.s390.rpm libxml2-debuginfo-2.6.16-12.6.s390x.rpm libxml2-devel-2.6.16-12.6.s390x.rpm libxml2-python-2.6.16-12.6.s390x.rpm x86_64: libxml2-2.6.16-12.6.i386.rpm libxml2-2.6.16-12.6.x86_64.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.x86_64.rpm libxml2-devel-2.6.16-12.6.x86_64.rpm libxml2-python-2.6.16-12.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libxml2-2.6.16-12.6.src.rpm i386: libxml2-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-devel-2.6.16-12.6.i386.rpm libxml2-python-2.6.16-12.6.i386.rpm x86_64: libxml2-2.6.16-12.6.i386.rpm libxml2-2.6.16-12.6.x86_64.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.x86_64.rpm libxml2-devel-2.6.16-12.6.x86_64.rpm libxml2-python-2.6.16-12.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libxml2-2.6.16-12.6.src.rpm i386: libxml2-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-devel-2.6.16-12.6.i386.rpm libxml2-python-2.6.16-12.6.i386.rpm ia64: libxml2-2.6.16-12.6.i386.rpm libxml2-2.6.16-12.6.ia64.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.ia64.rpm libxml2-devel-2.6.16-12.6.ia64.rpm libxml2-python-2.6.16-12.6.ia64.rpm x86_64: libxml2-2.6.16-12.6.i386.rpm libxml2-2.6.16-12.6.x86_64.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.x86_64.rpm libxml2-devel-2.6.16-12.6.x86_64.rpm libxml2-python-2.6.16-12.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libxml2-2.6.16-12.6.src.rpm i386: libxml2-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-devel-2.6.16-12.6.i386.rpm libxml2-python-2.6.16-12.6.i386.rpm ia64: libxml2-2.6.16-12.6.i386.rpm libxml2-2.6.16-12.6.ia64.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.ia64.rpm libxml2-devel-2.6.16-12.6.ia64.rpm libxml2-python-2.6.16-12.6.ia64.rpm x86_64: libxml2-2.6.16-12.6.i386.rpm libxml2-2.6.16-12.6.x86_64.rpm libxml2-debuginfo-2.6.16-12.6.i386.rpm libxml2-debuginfo-2.6.16-12.6.x86_64.rpm libxml2-devel-2.6.16-12.6.x86_64.rpm libxml2-python-2.6.16-12.6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.2.7.src.rpm i386: libxml2-2.6.26-2.1.2.7.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.7.i386.rpm libxml2-python-2.6.26-2.1.2.7.i386.rpm x86_64: libxml2-2.6.26-2.1.2.7.i386.rpm libxml2-2.6.26-2.1.2.7.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.2.7.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.7.x86_64.rpm libxml2-python-2.6.26-2.1.2.7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.2.7.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.2.7.i386.rpm libxml2-devel-2.6.26-2.1.2.7.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.2.7.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.7.x86_64.rpm libxml2-devel-2.6.26-2.1.2.7.i386.rpm libxml2-devel-2.6.26-2.1.2.7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.2.7.src.rpm i386: libxml2-2.6.26-2.1.2.7.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.7.i386.rpm libxml2-devel-2.6.26-2.1.2.7.i386.rpm libxml2-python-2.6.26-2.1.2.7.i386.rpm ia64: libxml2-2.6.26-2.1.2.7.i386.rpm libxml2-2.6.26-2.1.2.7.ia64.rpm libxml2-debuginfo-2.6.26-2.1.2.7.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.7.ia64.rpm libxml2-devel-2.6.26-2.1.2.7.ia64.rpm libxml2-python-2.6.26-2.1.2.7.ia64.rpm ppc: libxml2-2.6.26-2.1.2.7.ppc.rpm libxml2-2.6.26-2.1.2.7.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.2.7.ppc.rpm libxml2-debuginfo-2.6.26-2.1.2.7.ppc64.rpm libxml2-devel-2.6.26-2.1.2.7.ppc.rpm libxml2-devel-2.6.26-2.1.2.7.ppc64.rpm libxml2-python-2.6.26-2.1.2.7.ppc.rpm s390x: libxml2-2.6.26-2.1.2.7.s390.rpm libxml2-2.6.26-2.1.2.7.s390x.rpm libxml2-debuginfo-2.6.26-2.1.2.7.s390.rpm libxml2-debuginfo-2.6.26-2.1.2.7.s390x.rpm libxml2-devel-2.6.26-2.1.2.7.s390.rpm libxml2-devel-2.6.26-2.1.2.7.s390x.rpm libxml2-python-2.6.26-2.1.2.7.s390x.rpm x86_64: libxml2-2.6.26-2.1.2.7.i386.rpm libxml2-2.6.26-2.1.2.7.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.2.7.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.7.x86_64.rpm libxml2-devel-2.6.26-2.1.2.7.i386.rpm libxml2-devel-2.6.26-2.1.2.7.x86_64.rpm libxml2-python-2.6.26-2.1.2.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJIZ0DXlSAg2UNWIIRAmiuAKCr3U7izuUGJ2flJkgZmOl17Y967wCgv3Cs 0Z/B+QVZ5AewsaCGE4QcgPk= =61+f -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 19 14:03:13 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Nov 2008 09:03:13 -0500 Subject: [RHSA-2008:0972-01] Important: kernel security and bug fix update Message-ID: <200811191403.mAJE3DW6026104@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0972-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0972.html Issue date: 2008-11-19 CVE Names: CVE-2008-3272 CVE-2007-6716 CVE-2007-5093 CVE-2008-1514 CVE-2008-3528 CVE-2008-4210 ===================================================================== 1. Summary: Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * a flaw was found in the Linux kernel's Direct-IO implementation. This could have allowed a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important) * when running ptrace in 31-bit mode on an IBM S/390 or IBM System z kernel, a local unprivileged user could cause a denial of service by reading from or writing into a padding area in the user_regs_struct32 structure. (CVE-2008-1514, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could have allowed a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * Tobias Klein reported a missing check in the Linux kernel's Open Sound System (OSS) implementation. This deficiency could have led to an information leak. (CVE-2008-3272, Moderate) * a potential denial of service attack was discovered in the Linux kernel's PWC USB video driver. A local unprivileged user could have used this flaw to bring the kernel USB subsystem into the busy-waiting state. (CVE-2007-5093, Low) * the ext2 and ext3 file systems code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed. (CVE-2008-3528, Low) In addition, these updated packages fix the following bugs: * when using the CIFS "forcedirectio" option, appending to an open file on a CIFS share resulted in that file being overwritten with the data to be appended. * a kernel panic occurred when a device with PCI ID 8086:10c8 was present on a system with a loaded ixgbe driver. * due to an aacraid driver regression, the kernel failed to boot when trying to load the aacraid driver and printed the following error message: "aac_srb: aac_fib_send failed with status: 8195". * due to an mpt driver regression, when RAID 1 was configured on Primergy systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked during boot. * the mpt driver produced a large number of extraneous debugging messages when performing a "Host reset" operation. * due to a regression in the sym driver, the kernel panicked when a SCSI hot swap was performed using MCP18 hardware. * all cores on a multi-core system now scale their frequencies in accordance with the policy set by the system's CPU frequency governor. * the netdump subsystem suffered from several stability issues. These are addressed in this updated kernel. * under certain conditions, the ext3 file system reported a negative count of used blocks. * reading /proc/self/mem incorrectly returned "Invalid argument" instead of "input/output error" due to a regression. * under certain conditions, the kernel panicked when a USB device was removed while the system was busy accessing the device. * a race condition in the kernel could have led to a kernel crash during the creation of a new process. All Red Hat Enterprise Linux 4 Users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 306591 - CVE-2007-5093 kernel PWC driver DoS 438147 - CVE-2008-1514 kernel: ptrace: Padding area write - unprivileged kernel crash 455770 - RHEL 4.6: scsi hot swap broken (sym / Nokia MCP18) 457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak 459577 - CVE-2008-3528 Linux kernel ext[234] directory corruption denial of service 461082 - CVE-2007-6716 kernel: dio: zero struct dio with kzalloc instead of manually 463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group 464494 - CIFS option forcedirectio fails to allow the appending of text to files. 464496 - Negative used blocks reported with ext3 on RHEL4 464747 - regression, rhel4.7+, on the try to read /proc/self/mem getting improper return value 465232 - [4.7] When the USB device is removed while the system is accessing the USB device, the panic is done. 465265 - mpt 3.12.19.00rh on RHEL4.7 causes panic if a RAID 1 is configured. 465735 - RHEL 4.7 ixgbe driver has a recursive stack corruption problem. 466113 - netdump fails when bnx2 has remote copper PHY - Badness in local_bh_enable at kernel/softirq.c:141 466214 - kernel BUG at kernel/signal.c:369! (attempt to free tsk->signal twice) 466217 - [REG][4.7]Outputting large amount of log message when issuing host reset to adapter. 468151 - aac_fib_send failed with status 8195 469647 - add multi-core support to cpufreq driver 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm i386: kernel-2.6.9-78.0.8.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm kernel-devel-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm kernel-smp-2.6.9-78.0.8.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm ia64: kernel-2.6.9-78.0.8.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm kernel-devel-2.6.9-78.0.8.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.8.EL.noarch.rpm ppc: kernel-2.6.9-78.0.8.EL.ppc64.rpm kernel-2.6.9-78.0.8.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-78.0.8.EL.ppc64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.ppc64iseries.rpm kernel-devel-2.6.9-78.0.8.EL.ppc64.rpm kernel-devel-2.6.9-78.0.8.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-78.0.8.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.ppc64.rpm s390: kernel-2.6.9-78.0.8.EL.s390.rpm kernel-debuginfo-2.6.9-78.0.8.EL.s390.rpm kernel-devel-2.6.9-78.0.8.EL.s390.rpm s390x: kernel-2.6.9-78.0.8.EL.s390x.rpm kernel-debuginfo-2.6.9-78.0.8.EL.s390x.rpm kernel-devel-2.6.9-78.0.8.EL.s390x.rpm x86_64: kernel-2.6.9-78.0.8.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm i386: kernel-2.6.9-78.0.8.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm kernel-devel-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm kernel-smp-2.6.9-78.0.8.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm noarch: kernel-doc-2.6.9-78.0.8.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.8.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm i386: kernel-2.6.9-78.0.8.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm kernel-devel-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm kernel-smp-2.6.9-78.0.8.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm ia64: kernel-2.6.9-78.0.8.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm kernel-devel-2.6.9-78.0.8.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.8.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.8.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm i386: kernel-2.6.9-78.0.8.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm kernel-devel-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm kernel-smp-2.6.9-78.0.8.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-2.6.9-78.0.8.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm ia64: kernel-2.6.9-78.0.8.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm kernel-devel-2.6.9-78.0.8.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.8.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.8.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1514 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJJBxUXlSAg2UNWIIRAnxGAJ9JUO/VmbhWd28xy61Q0b0KQMuguwCgsZ4A iKqjVwzHqrz7EJNLWSiDIOg= =lz+0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 20 01:45:51 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Nov 2008 20:45:51 -0500 Subject: [RHSA-2008:0976-01] Moderate: thunderbird security update Message-ID: <200811200145.mAK1jpr9024043@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2008:0976-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0976.html Issue date: 2008-11-19 CVE Names: CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5012 CVE-2008-5022 CVE-2008-5024 ===================================================================== 1. Summary: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024) All Thunderbird users should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 470864 - CVE-2008-5012 Mozilla Image stealing via canvas and HTTP redirect 470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering 470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption 470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption 470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption 470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager 470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin violation 470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-17.el4.src.rpm i386: thunderbird-1.5.0.12-17.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-17.el4.i386.rpm ia64: thunderbird-1.5.0.12-17.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-17.el4.ia64.rpm ppc: thunderbird-1.5.0.12-17.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-17.el4.ppc.rpm s390: thunderbird-1.5.0.12-17.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-17.el4.s390.rpm s390x: thunderbird-1.5.0.12-17.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-17.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-17.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-17.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-17.el4.src.rpm i386: thunderbird-1.5.0.12-17.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-17.el4.i386.rpm x86_64: thunderbird-1.5.0.12-17.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-17.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-17.el4.src.rpm i386: thunderbird-1.5.0.12-17.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-17.el4.i386.rpm ia64: thunderbird-1.5.0.12-17.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-17.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-17.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-17.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-17.el4.src.rpm i386: thunderbird-1.5.0.12-17.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-17.el4.i386.rpm ia64: thunderbird-1.5.0.12-17.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-17.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-17.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-17.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.18-1.el5.src.rpm i386: thunderbird-2.0.0.18-1.el5.i386.rpm thunderbird-debuginfo-2.0.0.18-1.el5.i386.rpm x86_64: thunderbird-2.0.0.18-1.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.18-1.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.18-1.el5.src.rpm i386: thunderbird-2.0.0.18-1.el5.i386.rpm thunderbird-debuginfo-2.0.0.18-1.el5.i386.rpm x86_64: thunderbird-2.0.0.18-1.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.18-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJJME6XlSAg2UNWIIRArUnAJ4uhNX0rlgsmj/94inrra6qVsTw/ACgr4vF QqKJW/N33FJsvzngKAJsk7Q= =1Zrj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 25 08:44:10 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Nov 2008 03:44:10 -0500 Subject: [RHSA-2008:0580-01] Moderate: vim security update Message-ID: <200811250844.mAP8iGrH020075@ns3.rdu.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: vim security update Advisory ID: RHSA-2008:0580-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0580.html Issue date: 2008-11-25 CVE Names: CVE-2007-2953 CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076 CVE-2008-4101 ===================================================================== 1. Summary: Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 248542 - CVE-2007-2953 vim format string flaw 451759 - CVE-2008-2712 vim: command execution via scripts not sanitizing inputs to execute and system 461927 - CVE-2008-4101 vim: arbitrary code execution in commands: K, Control-], g] 467428 - CVE-2008-3074 Vim tar.vim plugin: improper Implementation of shellescape() (arbitrary code execution) 467432 - CVE-2008-3075 Vim zip.vim plugin: improper Implementation of shellescape() (arbitrary code execution) 467439 - CVE-2008-3076 Vim netrw.vim plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vim-7.0.109-4.el5_2.4z.src.rpm i386: vim-X11-7.0.109-4.el5_2.4z.i386.rpm vim-common-7.0.109-4.el5_2.4z.i386.rpm vim-debuginfo-7.0.109-4.el5_2.4z.i386.rpm vim-enhanced-7.0.109-4.el5_2.4z.i386.rpm vim-minimal-7.0.109-4.el5_2.4z.i386.rpm x86_64: vim-X11-7.0.109-4.el5_2.4z.x86_64.rpm vim-common-7.0.109-4.el5_2.4z.x86_64.rpm vim-debuginfo-7.0.109-4.el5_2.4z.x86_64.rpm vim-enhanced-7.0.109-4.el5_2.4z.x86_64.rpm vim-minimal-7.0.109-4.el5_2.4z.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vim-7.0.109-4.el5_2.4z.src.rpm i386: vim-X11-7.0.109-4.el5_2.4z.i386.rpm vim-common-7.0.109-4.el5_2.4z.i386.rpm vim-debuginfo-7.0.109-4.el5_2.4z.i386.rpm vim-enhanced-7.0.109-4.el5_2.4z.i386.rpm vim-minimal-7.0.109-4.el5_2.4z.i386.rpm ia64: vim-X11-7.0.109-4.el5_2.4z.ia64.rpm vim-common-7.0.109-4.el5_2.4z.ia64.rpm vim-debuginfo-7.0.109-4.el5_2.4z.ia64.rpm vim-enhanced-7.0.109-4.el5_2.4z.ia64.rpm vim-minimal-7.0.109-4.el5_2.4z.ia64.rpm ppc: vim-X11-7.0.109-4.el5_2.4z.ppc.rpm vim-common-7.0.109-4.el5_2.4z.ppc.rpm vim-debuginfo-7.0.109-4.el5_2.4z.ppc.rpm vim-enhanced-7.0.109-4.el5_2.4z.ppc.rpm vim-minimal-7.0.109-4.el5_2.4z.ppc.rpm s390x: vim-X11-7.0.109-4.el5_2.4z.s390x.rpm vim-common-7.0.109-4.el5_2.4z.s390x.rpm vim-debuginfo-7.0.109-4.el5_2.4z.s390x.rpm vim-enhanced-7.0.109-4.el5_2.4z.s390x.rpm vim-minimal-7.0.109-4.el5_2.4z.s390x.rpm x86_64: vim-X11-7.0.109-4.el5_2.4z.x86_64.rpm vim-common-7.0.109-4.el5_2.4z.x86_64.rpm vim-debuginfo-7.0.109-4.el5_2.4z.x86_64.rpm vim-enhanced-7.0.109-4.el5_2.4z.x86_64.rpm vim-minimal-7.0.109-4.el5_2.4z.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJK7qUXlSAg2UNWIIRApD6AKCl3yX2mvfOR1eH+yMVz0KOLBh5WQCePFrk siao5l2XegHs5nJD6bTjwe4= =OvzW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 25 08:58:32 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Nov 2008 03:58:32 -0500 Subject: [RHSA-2008:0617-01] Moderate: vim security update Message-ID: <200811250858.mAP8wWA6021679@ns3.rdu.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: vim security update Advisory ID: RHSA-2008:0617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0617.html Issue date: 2008-11-25 CVE Names: CVE-2007-2953 CVE-2008-2712 CVE-2008-3432 CVE-2008-4101 ===================================================================== 1. Summary: Updated vim packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf H?rnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 248542 - CVE-2007-2953 vim format string flaw 451759 - CVE-2008-2712 vim: command execution via scripts not sanitizing inputs to execute and system 455455 - CVE-2008-3432 vim: heap buffer overflow in mch_expand_wildcards() 461927 - CVE-2008-4101 vim: arbitrary code execution in commands: K, Control-], g] 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vim-6.3.046-0.30E.11.src.rpm i386: vim-X11-6.3.046-0.30E.11.i386.rpm vim-common-6.3.046-0.30E.11.i386.rpm vim-debuginfo-6.3.046-0.30E.11.i386.rpm vim-enhanced-6.3.046-0.30E.11.i386.rpm vim-minimal-6.3.046-0.30E.11.i386.rpm ia64: vim-X11-6.3.046-0.30E.11.ia64.rpm vim-common-6.3.046-0.30E.11.ia64.rpm vim-debuginfo-6.3.046-0.30E.11.ia64.rpm vim-enhanced-6.3.046-0.30E.11.ia64.rpm vim-minimal-6.3.046-0.30E.11.ia64.rpm ppc: vim-X11-6.3.046-0.30E.11.ppc.rpm vim-common-6.3.046-0.30E.11.ppc.rpm vim-debuginfo-6.3.046-0.30E.11.ppc.rpm vim-enhanced-6.3.046-0.30E.11.ppc.rpm vim-minimal-6.3.046-0.30E.11.ppc.rpm s390: vim-X11-6.3.046-0.30E.11.s390.rpm vim-common-6.3.046-0.30E.11.s390.rpm vim-debuginfo-6.3.046-0.30E.11.s390.rpm vim-enhanced-6.3.046-0.30E.11.s390.rpm vim-minimal-6.3.046-0.30E.11.s390.rpm s390x: vim-X11-6.3.046-0.30E.11.s390x.rpm vim-common-6.3.046-0.30E.11.s390x.rpm vim-debuginfo-6.3.046-0.30E.11.s390x.rpm vim-enhanced-6.3.046-0.30E.11.s390x.rpm vim-minimal-6.3.046-0.30E.11.s390x.rpm x86_64: vim-X11-6.3.046-0.30E.11.x86_64.rpm vim-common-6.3.046-0.30E.11.x86_64.rpm vim-debuginfo-6.3.046-0.30E.11.x86_64.rpm vim-enhanced-6.3.046-0.30E.11.x86_64.rpm vim-minimal-6.3.046-0.30E.11.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vim-6.3.046-0.30E.11.src.rpm i386: vim-X11-6.3.046-0.30E.11.i386.rpm vim-common-6.3.046-0.30E.11.i386.rpm vim-debuginfo-6.3.046-0.30E.11.i386.rpm vim-enhanced-6.3.046-0.30E.11.i386.rpm vim-minimal-6.3.046-0.30E.11.i386.rpm x86_64: vim-X11-6.3.046-0.30E.11.x86_64.rpm vim-common-6.3.046-0.30E.11.x86_64.rpm vim-debuginfo-6.3.046-0.30E.11.x86_64.rpm vim-enhanced-6.3.046-0.30E.11.x86_64.rpm vim-minimal-6.3.046-0.30E.11.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vim-6.3.046-0.30E.11.src.rpm i386: vim-X11-6.3.046-0.30E.11.i386.rpm vim-common-6.3.046-0.30E.11.i386.rpm vim-debuginfo-6.3.046-0.30E.11.i386.rpm vim-enhanced-6.3.046-0.30E.11.i386.rpm vim-minimal-6.3.046-0.30E.11.i386.rpm ia64: vim-X11-6.3.046-0.30E.11.ia64.rpm vim-common-6.3.046-0.30E.11.ia64.rpm vim-debuginfo-6.3.046-0.30E.11.ia64.rpm vim-enhanced-6.3.046-0.30E.11.ia64.rpm vim-minimal-6.3.046-0.30E.11.ia64.rpm x86_64: vim-X11-6.3.046-0.30E.11.x86_64.rpm vim-common-6.3.046-0.30E.11.x86_64.rpm vim-debuginfo-6.3.046-0.30E.11.x86_64.rpm vim-enhanced-6.3.046-0.30E.11.x86_64.rpm vim-minimal-6.3.046-0.30E.11.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vim-6.3.046-0.30E.11.src.rpm i386: vim-X11-6.3.046-0.30E.11.i386.rpm vim-common-6.3.046-0.30E.11.i386.rpm vim-debuginfo-6.3.046-0.30E.11.i386.rpm vim-enhanced-6.3.046-0.30E.11.i386.rpm vim-minimal-6.3.046-0.30E.11.i386.rpm ia64: vim-X11-6.3.046-0.30E.11.ia64.rpm vim-common-6.3.046-0.30E.11.ia64.rpm vim-debuginfo-6.3.046-0.30E.11.ia64.rpm vim-enhanced-6.3.046-0.30E.11.ia64.rpm vim-minimal-6.3.046-0.30E.11.ia64.rpm x86_64: vim-X11-6.3.046-0.30E.11.x86_64.rpm vim-common-6.3.046-0.30E.11.x86_64.rpm vim-debuginfo-6.3.046-0.30E.11.x86_64.rpm vim-enhanced-6.3.046-0.30E.11.x86_64.rpm vim-minimal-6.3.046-0.30E.11.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vim-6.3.046-1.el4_7.5z.src.rpm i386: vim-X11-6.3.046-1.el4_7.5z.i386.rpm vim-common-6.3.046-1.el4_7.5z.i386.rpm vim-debuginfo-6.3.046-1.el4_7.5z.i386.rpm vim-enhanced-6.3.046-1.el4_7.5z.i386.rpm vim-minimal-6.3.046-1.el4_7.5z.i386.rpm ia64: vim-X11-6.3.046-1.el4_7.5z.ia64.rpm vim-common-6.3.046-1.el4_7.5z.ia64.rpm vim-debuginfo-6.3.046-1.el4_7.5z.ia64.rpm vim-enhanced-6.3.046-1.el4_7.5z.ia64.rpm vim-minimal-6.3.046-1.el4_7.5z.ia64.rpm ppc: vim-X11-6.3.046-1.el4_7.5z.ppc.rpm vim-common-6.3.046-1.el4_7.5z.ppc.rpm vim-debuginfo-6.3.046-1.el4_7.5z.ppc.rpm vim-enhanced-6.3.046-1.el4_7.5z.ppc.rpm vim-minimal-6.3.046-1.el4_7.5z.ppc.rpm s390: vim-X11-6.3.046-1.el4_7.5z.s390.rpm vim-common-6.3.046-1.el4_7.5z.s390.rpm vim-debuginfo-6.3.046-1.el4_7.5z.s390.rpm vim-enhanced-6.3.046-1.el4_7.5z.s390.rpm vim-minimal-6.3.046-1.el4_7.5z.s390.rpm s390x: vim-X11-6.3.046-1.el4_7.5z.s390x.rpm vim-common-6.3.046-1.el4_7.5z.s390x.rpm vim-debuginfo-6.3.046-1.el4_7.5z.s390x.rpm vim-enhanced-6.3.046-1.el4_7.5z.s390x.rpm vim-minimal-6.3.046-1.el4_7.5z.s390x.rpm x86_64: vim-X11-6.3.046-1.el4_7.5z.x86_64.rpm vim-common-6.3.046-1.el4_7.5z.x86_64.rpm vim-debuginfo-6.3.046-1.el4_7.5z.x86_64.rpm vim-enhanced-6.3.046-1.el4_7.5z.x86_64.rpm vim-minimal-6.3.046-1.el4_7.5z.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vim-6.3.046-1.el4_7.5z.src.rpm i386: vim-X11-6.3.046-1.el4_7.5z.i386.rpm vim-common-6.3.046-1.el4_7.5z.i386.rpm vim-debuginfo-6.3.046-1.el4_7.5z.i386.rpm vim-enhanced-6.3.046-1.el4_7.5z.i386.rpm vim-minimal-6.3.046-1.el4_7.5z.i386.rpm x86_64: vim-X11-6.3.046-1.el4_7.5z.x86_64.rpm vim-common-6.3.046-1.el4_7.5z.x86_64.rpm vim-debuginfo-6.3.046-1.el4_7.5z.x86_64.rpm vim-enhanced-6.3.046-1.el4_7.5z.x86_64.rpm vim-minimal-6.3.046-1.el4_7.5z.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vim-6.3.046-1.el4_7.5z.src.rpm i386: vim-X11-6.3.046-1.el4_7.5z.i386.rpm vim-common-6.3.046-1.el4_7.5z.i386.rpm vim-debuginfo-6.3.046-1.el4_7.5z.i386.rpm vim-enhanced-6.3.046-1.el4_7.5z.i386.rpm vim-minimal-6.3.046-1.el4_7.5z.i386.rpm ia64: vim-X11-6.3.046-1.el4_7.5z.ia64.rpm vim-common-6.3.046-1.el4_7.5z.ia64.rpm vim-debuginfo-6.3.046-1.el4_7.5z.ia64.rpm vim-enhanced-6.3.046-1.el4_7.5z.ia64.rpm vim-minimal-6.3.046-1.el4_7.5z.ia64.rpm x86_64: vim-X11-6.3.046-1.el4_7.5z.x86_64.rpm vim-common-6.3.046-1.el4_7.5z.x86_64.rpm vim-debuginfo-6.3.046-1.el4_7.5z.x86_64.rpm vim-enhanced-6.3.046-1.el4_7.5z.x86_64.rpm vim-minimal-6.3.046-1.el4_7.5z.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vim-6.3.046-1.el4_7.5z.src.rpm i386: vim-X11-6.3.046-1.el4_7.5z.i386.rpm vim-common-6.3.046-1.el4_7.5z.i386.rpm vim-debuginfo-6.3.046-1.el4_7.5z.i386.rpm vim-enhanced-6.3.046-1.el4_7.5z.i386.rpm vim-minimal-6.3.046-1.el4_7.5z.i386.rpm ia64: vim-X11-6.3.046-1.el4_7.5z.ia64.rpm vim-common-6.3.046-1.el4_7.5z.ia64.rpm vim-debuginfo-6.3.046-1.el4_7.5z.ia64.rpm vim-enhanced-6.3.046-1.el4_7.5z.ia64.rpm vim-minimal-6.3.046-1.el4_7.5z.ia64.rpm x86_64: vim-X11-6.3.046-1.el4_7.5z.x86_64.rpm vim-common-6.3.046-1.el4_7.5z.x86_64.rpm vim-debuginfo-6.3.046-1.el4_7.5z.x86_64.rpm vim-enhanced-6.3.046-1.el4_7.5z.x86_64.rpm vim-minimal-6.3.046-1.el4_7.5z.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJK74zXlSAg2UNWIIRAkEaAJsE4GdaXALhpGBHKFIY91w2PFGq/QCgiMy/ 16jCP9zbKgNqx6iHEUzpga8= =306T -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 25 09:00:45 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Nov 2008 04:00:45 -0500 Subject: [RHSA-2008:0618-01] Moderate: vim security update Message-ID: <200811250900.mAP90kYH022143@ns3.rdu.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: vim security update Advisory ID: RHSA-2008:0618-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0618.html Issue date: 2008-11-25 CVE Names: CVE-2008-2712 CVE-2008-4101 ===================================================================== 1. Summary: Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Description: Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 451759 - CVE-2008-2712 vim: command execution via scripts not sanitizing inputs to execute and system 461927 - CVE-2008-4101 vim: arbitrary code execution in commands: K, Control-], g] 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/vim-6.0-7.25.src.rpm i386: vim-X11-6.0-7.25.i386.rpm vim-common-6.0-7.25.i386.rpm vim-enhanced-6.0-7.25.i386.rpm vim-minimal-6.0-7.25.i386.rpm ia64: vim-X11-6.0-7.25.ia64.rpm vim-common-6.0-7.25.ia64.rpm vim-enhanced-6.0-7.25.ia64.rpm vim-minimal-6.0-7.25.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/vim-6.0-7.25.src.rpm ia64: vim-X11-6.0-7.25.ia64.rpm vim-common-6.0-7.25.ia64.rpm vim-enhanced-6.0-7.25.ia64.rpm vim-minimal-6.0-7.25.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/vim-6.0-7.25.src.rpm i386: vim-X11-6.0-7.25.i386.rpm vim-common-6.0-7.25.i386.rpm vim-enhanced-6.0-7.25.i386.rpm vim-minimal-6.0-7.25.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/vim-6.0-7.25.src.rpm i386: vim-X11-6.0-7.25.i386.rpm vim-common-6.0-7.25.i386.rpm vim-enhanced-6.0-7.25.i386.rpm vim-minimal-6.0-7.25.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJK76zXlSAg2UNWIIRAlfMAJ49jvlkwgpJCRvRUQ15d66rYVTMhQCgmYob EHfIJ/0gkPusICXsv2IIlkY= =1G6l -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 25 09:46:13 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Nov 2008 04:46:13 -0500 Subject: [RHSA-2008:0955-01] Critical: java-1.4.2-ibm security update Message-ID: <200811250946.mAP9kD8h028932@ns3.rdu.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2008:0955-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0955.html Issue date: 2008-11-25 Keywords: Security CVE Names: CVE-2008-3104 CVE-2008-3112 CVE-2008-3113 CVE-2008-3114 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: IBM's 1.4.2 SR12 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) Two file processing vulnerabilities in Java Web Start were found. Using an untrusted Java Web Start application, a remote attacker was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain IBM's 1.4.2 SR12 Java release which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 454601 - CVE-2008-3104 Java RE allows Same Origin Policy to be Bypassed (6687932) 454606 - CVE-2008-3112 Java Web Start, arbitrary file creation (6703909) 454607 - CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077) 454608 - CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074) 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.ppc.rpm s390: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.s390.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.s390.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el3.s390.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.s390.rpm s390x: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.ppc.rpm s390: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.12-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.12-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJK8lfXlSAg2UNWIIRAnoBAJ0Rv0DRjOVHDvRP2A0zFOf4gUjmtwCgrhrq skUpb5k6aC0LecWC73p+Fo8= =q/kv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 25 09:46:23 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Nov 2008 04:46:23 -0500 Subject: [RHSA-2008:1001-01] Important: tog-pegasus security update Message-ID: <200811250946.mAP9kNKW028943@ns3.rdu.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tog-pegasus security update Advisory ID: RHSA-2008:1001-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-1001.html Issue date: 2008-11-25 CVE Names: CVE-2008-4313 CVE-2008-4315 ===================================================================== 1. Summary: Updated tog-pegasus packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model and communication protocol for monitoring and controlling resources. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file "README.RedHat.Security", included in the Red Hat tog-pegasus package. After re-basing to version 2.7.0 of the OpenGroup Pegasus code, these additional security enhancements were no longer being applied. As a consequence, access to OpenPegasus WBEM services was not restricted to the dedicated users as described in README.RedHat.Security. An attacker able to authenticate using a valid user account could use this flaw to send requests to WBEM services. (CVE-2008-4313) Note: default SELinux policy prevents tog-pegasus from modifying system files. This flaw's impact depends on whether or not tog-pegasus is confined by SELinux, and on any additional CMPI providers installed and enabled on a particular system. Failed authentication attempts against the OpenPegasus CIM server were not logged to the system log as documented in README.RedHat.Security. An attacker could use this flaw to perform password guessing attacks against a user account without leaving traces in the system log. (CVE-2008-4315) All tog-pegasus users are advised to upgrade to these updated packages, which contain patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 459217 - CVE-2008-4313 tog-pegasus: WBEM services access not restricted to dedicated user after 2.7.0 rebase 472017 - CVE-2008-4315 tog-pegasus: failed authentication attempts not logged via PAM 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tog-pegasus-2.7.0-2.el5_2.1.src.rpm i386: tog-pegasus-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.i386.rpm x86_64: tog-pegasus-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-2.7.0-2.el5_2.1.x86_64.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.x86_64.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tog-pegasus-2.7.0-2.el5_2.1.src.rpm i386: tog-pegasus-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.i386.rpm ia64: tog-pegasus-2.7.0-2.el5_2.1.ia64.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.ia64.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.ia64.rpm ppc: tog-pegasus-2.7.0-2.el5_2.1.ppc.rpm tog-pegasus-2.7.0-2.el5_2.1.ppc64.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.ppc.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.ppc64.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.ppc.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.ppc64.rpm s390x: tog-pegasus-2.7.0-2.el5_2.1.s390.rpm tog-pegasus-2.7.0-2.el5_2.1.s390x.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.s390.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.s390x.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.s390.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.s390x.rpm x86_64: tog-pegasus-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-2.7.0-2.el5_2.1.x86_64.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-debuginfo-2.7.0-2.el5_2.1.x86_64.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.i386.rpm tog-pegasus-devel-2.7.0-2.el5_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4315 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJK8lqXlSAg2UNWIIRAn7QAJ4449rpWWajJ+cszCFpZLNsILUbUACgmDs3 hGhO+GoY6u9ptfumG0UShhE= =uX6C -----END PGP SIGNATURE-----