From bugzilla at redhat.com Wed Sep 10 18:23:07 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Sep 2008 14:23:07 -0400 Subject: [RHSA-2008:0858-01] Moderate: redhat-ds-base security and bug fix update Message-ID: <200809101823.m8AIN7F3003584@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: redhat-ds-base security and bug fix update Advisory ID: RHSA-2008:0858-01 Product: Red Hat Enterprise IPA Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0858.html Issue date: 2008-09-10 CVE Names: CVE-2008-2930 CVE-2008-3283 ===================================================================== 1. Summary: Updated redhat-ds-base packages are now available that fix security issues and various bugs for Red Hat Enterprise IPA. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat IPA 1 for RHEL 5 Server - i386, x86_64 3. Description: Red Hat Directory Server is an LDAPv3-compliant directory server. Multiple memory leaks were identified in the Directory Server. An unauthenticated remote attacker could use these flaws to trigger high memory consumption in the Directory Server, possibly causing it to crash or terminate unexpectedly when the server ran out of available memory. (CVE-2008-3283) Ulf Weltman of Hewlett-Packard discovered a flaw in the way Directory Server handled LDAP search requests with patterns. A remote attacker with access to the LDAP service could create a search request that, when the search pattern was matched against specially crafted data records, caused Directory Server to use a large amount of CPU time. Directory Server did not impose time limits on such search requests. In this updated package, Directory Server imposes a configurable limit on the pattern-search query run time, with the default limit set to 30 seconds. (CVE-2008-2930) In addition to these security fixes, the following bugs have been fixed in these updated packages: * The change sequence numbers in multi-master replication had a built-in time skew to accommodate differences in the clocks on master servers. Under certain circumstances, this skew exceeded the maximum allowable skew, causing replication to stop entirely. * If an entry with a large attribute value, such as over 32KB, was replicated, the replication could fail with a DB_BUFFER_SMALL error. * If a password policy attribute such as accountunlocktime was added to an entry, the server would attempt to replicate that attribute, causing replication to fail. * In replication scenarios, if an attribute value was scheduled to be deleted and also was indexed or had an attribute subtype which was indexed, the Directory Server would crash during the index operation. * On x86_64 systems, recursively adding groups as members to other groups could crash the server because the stack size for the memberOf plug-in on 64-bit systems was hard-coded to 256KB, regardless of the ulimit value. * A problem in the SASL IO handling meant that memory was not reallocated after SASL binds. For example, a simple bind coming immediately after a SASL bind might have failed. All users of Red Hat Directory Server 8.0 should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188. 5. Bugs fixed (http://bugzilla.redhat.com/): 454065 - CVE-2008-2930 Directory Server: temporary DoS via crafted pattern searches 458977 - CVE-2008-3283 Directory Server: multiple memory leaks 6. Package List: Red Hat IPA 1 for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEIPA/SRPMS/redhat-ds-base-8.0.4-7.el5dsrv.src.rpm i386: redhat-ds-base-8.0.4-7.el5dsrv.i386.rpm redhat-ds-base-debuginfo-8.0.4-7.el5dsrv.i386.rpm redhat-ds-base-devel-8.0.4-7.el5dsrv.i386.rpm x86_64: redhat-ds-base-8.0.4-7.el5dsrv.x86_64.rpm redhat-ds-base-debuginfo-8.0.4-7.el5dsrv.x86_64.rpm redhat-ds-base-devel-8.0.4-7.el5dsrv.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3283 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIyBB7XlSAg2UNWIIRAiy5AJ0V5vkKd0GSN12U9hyZ8DuYpEhFvgCfcplY EQm/p51ueJ+nF06D2+YEv1s= =sT9X -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 10 18:23:32 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Sep 2008 14:23:32 -0400 Subject: [RHSA-2008:0860-02] Important: ipa security update Message-ID: <200809101823.m8AINWSn003844@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ipa security update Advisory ID: RHSA-2008:0860-02 Product: Red Hat Enterprise IPA Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0860.html Issue date: 2008-09-10 CVE Names: CVE-2008-3274 ===================================================================== 1. Summary: Updated ipa packages that fix a security flaw are now available for Red Hat Enterprise IPA. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat IPA 1 for RHEL 5 Server - i386, x86_64 3. Description: Red Hat Enterprise IPA is an integrated solution to provide centrally-managed Identity (machines, users, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis) services. A flaw was found in the Red Hat Enterprise IPA installation procedure. The master Kerberos password was set up in the LDAP server in such a way that it was possible to retrieve the password via an anonymous LDAP connection. (CVE-2008-3274) Note: the master Kerberos password is used to encrypt keys. This flaw does not lead to individual keys being exposed. Users of Red Hat IPA should upgrade to these updated packages and perform the operations explained in the solution to resolve this issue. 4. Solution: To fully resolve this problem, you need to manually perform the following steps after installing the updated packages: Disclaimer: The following procedure performs critical, low-level operations on your IPA system, and it is imperative that you back up your system before carrying out any of the following steps. A failure during this procedure may compromise the readability of all or part of your Kerberos keys. 1. Upgrade all of your servers (masters and replicas) and restart the dirsrv service on all of them. No other daemon needs to be restarted at this stage. 2. On one master server, run the following tool: $ ipa-fix-2008-3274 --check This should report that the system is vulnerable. 3. On the same master server, run the following tool: $ ipa-fix-2008-3274 --fix This should dump all Kerberos principals, reload them, and then return a message stating that the operation completed successfully. If not, you should contact Red Hat GSS for immediate assistance. This step should also create a .gpg file symmetrically-encrypted with the Directory Manager password. This file contains a backup of all Kerberos key material and is written to /var/lib/ipa/. Attention: DO NOT RUN THIS COMMAND ON ANY OTHER SERVER. See the next step. 4. On all other IPA servers, run the following tool: $ ipa-fix-2008-3274 --fix-replica This will report that the system is NOT vulnerable and will then download the master key for the local KDC instance. This command will restart the KDC service. If the command reports a system as anything other than not vulnerable, verify that replication between masters is working correctly. The procedure will not successfully complete until replication failures are addressed. Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 457835 - CVE-2008-3274 IPA Kerberos master password disclosure 6. Package List: Red Hat IPA 1 for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEIPA/SRPMS/ipa-1.0.0-23.el5ipa.src.rpm i386: ipa-admintools-1.0.0-23.el5ipa.i386.rpm ipa-client-1.0.0-23.el5ipa.i386.rpm ipa-debuginfo-1.0.0-23.el5ipa.i386.rpm ipa-python-1.0.0-23.el5ipa.i386.rpm ipa-server-1.0.0-23.el5ipa.i386.rpm ipa-server-selinux-1.0.0-23.el5ipa.i386.rpm x86_64: ipa-admintools-1.0.0-23.el5ipa.x86_64.rpm ipa-client-1.0.0-23.el5ipa.x86_64.rpm ipa-debuginfo-1.0.0-23.el5ipa.x86_64.rpm ipa-python-1.0.0-23.el5ipa.x86_64.rpm ipa-server-1.0.0-23.el5ipa.x86_64.rpm ipa-server-selinux-1.0.0-23.el5ipa.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3274 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIyBCTXlSAg2UNWIIRAif0AJ9+hCW+FlJ273eJYu3z8TDGA09q2QCgj7mo e7nybW8PRkBVPKCP7HE3qO8= =yV2h -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 11 13:56:46 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Sep 2008 09:56:46 -0400 Subject: [RHSA-2008:0884-01] Important: libxml2 security update Message-ID: <200809111356.m8BDuk8H030551@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2008:0884-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0884.html Issue date: 2008-09-11 CVE Names: CVE-2008-3529 ===================================================================== 1. Summary: Updated libxml2 packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 461015 - CVE-2008-3529 libxml2: long entity name heap buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libxml2-2.5.10-13.src.rpm i386: libxml2-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-devel-2.5.10-13.i386.rpm libxml2-python-2.5.10-13.i386.rpm ia64: libxml2-2.5.10-13.i386.rpm libxml2-2.5.10-13.ia64.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.ia64.rpm libxml2-devel-2.5.10-13.ia64.rpm libxml2-python-2.5.10-13.ia64.rpm ppc: libxml2-2.5.10-13.ppc.rpm libxml2-2.5.10-13.ppc64.rpm libxml2-debuginfo-2.5.10-13.ppc.rpm libxml2-debuginfo-2.5.10-13.ppc64.rpm libxml2-devel-2.5.10-13.ppc.rpm libxml2-python-2.5.10-13.ppc.rpm s390: libxml2-2.5.10-13.s390.rpm libxml2-debuginfo-2.5.10-13.s390.rpm libxml2-devel-2.5.10-13.s390.rpm libxml2-python-2.5.10-13.s390.rpm s390x: libxml2-2.5.10-13.s390.rpm libxml2-2.5.10-13.s390x.rpm libxml2-debuginfo-2.5.10-13.s390.rpm libxml2-debuginfo-2.5.10-13.s390x.rpm libxml2-devel-2.5.10-13.s390x.rpm libxml2-python-2.5.10-13.s390x.rpm x86_64: libxml2-2.5.10-13.i386.rpm libxml2-2.5.10-13.x86_64.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.x86_64.rpm libxml2-devel-2.5.10-13.x86_64.rpm libxml2-python-2.5.10-13.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libxml2-2.5.10-13.src.rpm i386: libxml2-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-devel-2.5.10-13.i386.rpm libxml2-python-2.5.10-13.i386.rpm x86_64: libxml2-2.5.10-13.i386.rpm libxml2-2.5.10-13.x86_64.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.x86_64.rpm libxml2-devel-2.5.10-13.x86_64.rpm libxml2-python-2.5.10-13.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libxml2-2.5.10-13.src.rpm i386: libxml2-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-devel-2.5.10-13.i386.rpm libxml2-python-2.5.10-13.i386.rpm ia64: libxml2-2.5.10-13.i386.rpm libxml2-2.5.10-13.ia64.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.ia64.rpm libxml2-devel-2.5.10-13.ia64.rpm libxml2-python-2.5.10-13.ia64.rpm x86_64: libxml2-2.5.10-13.i386.rpm libxml2-2.5.10-13.x86_64.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.x86_64.rpm libxml2-devel-2.5.10-13.x86_64.rpm libxml2-python-2.5.10-13.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libxml2-2.5.10-13.src.rpm i386: libxml2-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-devel-2.5.10-13.i386.rpm libxml2-python-2.5.10-13.i386.rpm ia64: libxml2-2.5.10-13.i386.rpm libxml2-2.5.10-13.ia64.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.ia64.rpm libxml2-devel-2.5.10-13.ia64.rpm libxml2-python-2.5.10-13.ia64.rpm x86_64: libxml2-2.5.10-13.i386.rpm libxml2-2.5.10-13.x86_64.rpm libxml2-debuginfo-2.5.10-13.i386.rpm libxml2-debuginfo-2.5.10-13.x86_64.rpm libxml2-devel-2.5.10-13.x86_64.rpm libxml2-python-2.5.10-13.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libxml2-2.6.16-12.5.src.rpm i386: libxml2-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-devel-2.6.16-12.5.i386.rpm libxml2-python-2.6.16-12.5.i386.rpm ia64: libxml2-2.6.16-12.5.i386.rpm libxml2-2.6.16-12.5.ia64.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.ia64.rpm libxml2-devel-2.6.16-12.5.ia64.rpm libxml2-python-2.6.16-12.5.ia64.rpm ppc: libxml2-2.6.16-12.5.ppc.rpm libxml2-2.6.16-12.5.ppc64.rpm libxml2-debuginfo-2.6.16-12.5.ppc.rpm libxml2-debuginfo-2.6.16-12.5.ppc64.rpm libxml2-devel-2.6.16-12.5.ppc.rpm libxml2-python-2.6.16-12.5.ppc.rpm s390: libxml2-2.6.16-12.5.s390.rpm libxml2-debuginfo-2.6.16-12.5.s390.rpm libxml2-devel-2.6.16-12.5.s390.rpm libxml2-python-2.6.16-12.5.s390.rpm s390x: libxml2-2.6.16-12.5.s390.rpm libxml2-2.6.16-12.5.s390x.rpm libxml2-debuginfo-2.6.16-12.5.s390.rpm libxml2-debuginfo-2.6.16-12.5.s390x.rpm libxml2-devel-2.6.16-12.5.s390x.rpm libxml2-python-2.6.16-12.5.s390x.rpm x86_64: libxml2-2.6.16-12.5.i386.rpm libxml2-2.6.16-12.5.x86_64.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.x86_64.rpm libxml2-devel-2.6.16-12.5.x86_64.rpm libxml2-python-2.6.16-12.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libxml2-2.6.16-12.5.src.rpm i386: libxml2-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-devel-2.6.16-12.5.i386.rpm libxml2-python-2.6.16-12.5.i386.rpm x86_64: libxml2-2.6.16-12.5.i386.rpm libxml2-2.6.16-12.5.x86_64.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.x86_64.rpm libxml2-devel-2.6.16-12.5.x86_64.rpm libxml2-python-2.6.16-12.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libxml2-2.6.16-12.5.src.rpm i386: libxml2-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-devel-2.6.16-12.5.i386.rpm libxml2-python-2.6.16-12.5.i386.rpm ia64: libxml2-2.6.16-12.5.i386.rpm libxml2-2.6.16-12.5.ia64.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.ia64.rpm libxml2-devel-2.6.16-12.5.ia64.rpm libxml2-python-2.6.16-12.5.ia64.rpm x86_64: libxml2-2.6.16-12.5.i386.rpm libxml2-2.6.16-12.5.x86_64.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.x86_64.rpm libxml2-devel-2.6.16-12.5.x86_64.rpm libxml2-python-2.6.16-12.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libxml2-2.6.16-12.5.src.rpm i386: libxml2-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-devel-2.6.16-12.5.i386.rpm libxml2-python-2.6.16-12.5.i386.rpm ia64: libxml2-2.6.16-12.5.i386.rpm libxml2-2.6.16-12.5.ia64.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.ia64.rpm libxml2-devel-2.6.16-12.5.ia64.rpm libxml2-python-2.6.16-12.5.ia64.rpm x86_64: libxml2-2.6.16-12.5.i386.rpm libxml2-2.6.16-12.5.x86_64.rpm libxml2-debuginfo-2.6.16-12.5.i386.rpm libxml2-debuginfo-2.6.16-12.5.x86_64.rpm libxml2-devel-2.6.16-12.5.x86_64.rpm libxml2-python-2.6.16-12.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.2.6.src.rpm i386: libxml2-2.6.26-2.1.2.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.6.i386.rpm libxml2-python-2.6.26-2.1.2.6.i386.rpm x86_64: libxml2-2.6.26-2.1.2.6.i386.rpm libxml2-2.6.26-2.1.2.6.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.2.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.6.x86_64.rpm libxml2-python-2.6.26-2.1.2.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.2.6.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.2.6.i386.rpm libxml2-devel-2.6.26-2.1.2.6.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.2.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.6.x86_64.rpm libxml2-devel-2.6.26-2.1.2.6.i386.rpm libxml2-devel-2.6.26-2.1.2.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.2.6.src.rpm i386: libxml2-2.6.26-2.1.2.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.6.i386.rpm libxml2-devel-2.6.26-2.1.2.6.i386.rpm libxml2-python-2.6.26-2.1.2.6.i386.rpm ia64: libxml2-2.6.26-2.1.2.6.i386.rpm libxml2-2.6.26-2.1.2.6.ia64.rpm libxml2-debuginfo-2.6.26-2.1.2.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.6.ia64.rpm libxml2-devel-2.6.26-2.1.2.6.ia64.rpm libxml2-python-2.6.26-2.1.2.6.ia64.rpm ppc: libxml2-2.6.26-2.1.2.6.ppc.rpm libxml2-2.6.26-2.1.2.6.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.2.6.ppc.rpm libxml2-debuginfo-2.6.26-2.1.2.6.ppc64.rpm libxml2-devel-2.6.26-2.1.2.6.ppc.rpm libxml2-devel-2.6.26-2.1.2.6.ppc64.rpm libxml2-python-2.6.26-2.1.2.6.ppc.rpm s390x: libxml2-2.6.26-2.1.2.6.s390.rpm libxml2-2.6.26-2.1.2.6.s390x.rpm libxml2-debuginfo-2.6.26-2.1.2.6.s390.rpm libxml2-debuginfo-2.6.26-2.1.2.6.s390x.rpm libxml2-devel-2.6.26-2.1.2.6.s390.rpm libxml2-devel-2.6.26-2.1.2.6.s390x.rpm libxml2-python-2.6.26-2.1.2.6.s390x.rpm x86_64: libxml2-2.6.26-2.1.2.6.i386.rpm libxml2-2.6.26-2.1.2.6.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.2.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.2.6.x86_64.rpm libxml2-devel-2.6.26-2.1.2.6.i386.rpm libxml2-devel-2.6.26-2.1.2.6.x86_64.rpm libxml2-python-2.6.26-2.1.2.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIySNgXlSAg2UNWIIRAtUSAJ9+2FxUv6kujNxif3ayWUdpYVsfMACfcJoT PBFig7yT9f1Y/AnJjWaTdaw= =5KmQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 11 13:57:30 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Sep 2008 09:57:30 -0400 Subject: [RHSA-2008:0886-01] Important: libxml2 security update Message-ID: <200809111357.m8BDvUme030918@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2008:0886-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0886.html Issue date: 2008-09-11 CVE Names: CVE-2003-1564 CVE-2008-3529 ===================================================================== 1. Summary: Updated libxml2 packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Description: The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) A denial of service flaw was found in the way libxml2 processed certain content. If an application linked against libxml2 processed malformed XML content, it could cause the application to use an excessive amount of CPU time and memory, and stop responding. (CVE-2003-1564) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 461015 - CVE-2008-3529 libxml2: long entity name heap buffer overflow 461107 - CVE-2003-1564 libxml2: billion laughs DoS attack 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm ia64: libxml2-2.4.19-11.ent.ia64.rpm libxml2-devel-2.4.19-11.ent.ia64.rpm libxml2-python-2.4.19-11.ent.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm ia64: libxml2-2.4.19-11.ent.ia64.rpm libxml2-devel-2.4.19-11.ent.ia64.rpm libxml2-python-2.4.19-11.ent.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIySOiXlSAg2UNWIIRAkKJAJ9ahc0RK34FbK6E/7DWbgYoaq4w/ACaA1G0 9N7kIKj5u0axbxhq7YblFsM= =pWgV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 16 14:00:16 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Sep 2008 10:00:16 -0400 Subject: [RHSA-2008:0893-01] Moderate: bzip2 security update Message-ID: <200809161400.m8GE0WdK026951@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: bzip2 security update Advisory ID: RHSA-2008:0893-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0893.html Issue date: 2008-09-16 CVE Names: CVE-2008-1372 ===================================================================== 1. Summary: Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 438118 - CVE-2008-1372 bzip2: crash on malformed archive file 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/bzip2-1.0.1-5.EL2.1.src.rpm i386: bzip2-1.0.1-5.EL2.1.i386.rpm bzip2-devel-1.0.1-5.EL2.1.i386.rpm bzip2-libs-1.0.1-5.EL2.1.i386.rpm ia64: bzip2-1.0.1-5.EL2.1.ia64.rpm bzip2-devel-1.0.1-5.EL2.1.ia64.rpm bzip2-libs-1.0.1-5.EL2.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/bzip2-1.0.1-5.EL2.1.src.rpm ia64: bzip2-1.0.1-5.EL2.1.ia64.rpm bzip2-devel-1.0.1-5.EL2.1.ia64.rpm bzip2-libs-1.0.1-5.EL2.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/bzip2-1.0.1-5.EL2.1.src.rpm i386: bzip2-1.0.1-5.EL2.1.i386.rpm bzip2-devel-1.0.1-5.EL2.1.i386.rpm bzip2-libs-1.0.1-5.EL2.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/bzip2-1.0.1-5.EL2.1.src.rpm i386: bzip2-1.0.1-5.EL2.1.i386.rpm bzip2-devel-1.0.1-5.EL2.1.i386.rpm bzip2-libs-1.0.1-5.EL2.1.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/bzip2-1.0.2-12.EL3.src.rpm i386: bzip2-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-devel-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm ia64: bzip2-1.0.2-12.EL3.ia64.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.ia64.rpm bzip2-devel-1.0.2-12.EL3.ia64.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.ia64.rpm ppc: bzip2-1.0.2-12.EL3.ppc.rpm bzip2-debuginfo-1.0.2-12.EL3.ppc.rpm bzip2-debuginfo-1.0.2-12.EL3.ppc64.rpm bzip2-devel-1.0.2-12.EL3.ppc.rpm bzip2-libs-1.0.2-12.EL3.ppc.rpm bzip2-libs-1.0.2-12.EL3.ppc64.rpm s390: bzip2-1.0.2-12.EL3.s390.rpm bzip2-debuginfo-1.0.2-12.EL3.s390.rpm bzip2-devel-1.0.2-12.EL3.s390.rpm bzip2-libs-1.0.2-12.EL3.s390.rpm s390x: bzip2-1.0.2-12.EL3.s390x.rpm bzip2-debuginfo-1.0.2-12.EL3.s390.rpm bzip2-debuginfo-1.0.2-12.EL3.s390x.rpm bzip2-devel-1.0.2-12.EL3.s390x.rpm bzip2-libs-1.0.2-12.EL3.s390.rpm bzip2-libs-1.0.2-12.EL3.s390x.rpm x86_64: bzip2-1.0.2-12.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.x86_64.rpm bzip2-devel-1.0.2-12.EL3.x86_64.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/bzip2-1.0.2-12.EL3.src.rpm i386: bzip2-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-devel-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm x86_64: bzip2-1.0.2-12.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.x86_64.rpm bzip2-devel-1.0.2-12.EL3.x86_64.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/bzip2-1.0.2-12.EL3.src.rpm i386: bzip2-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-devel-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm ia64: bzip2-1.0.2-12.EL3.ia64.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.ia64.rpm bzip2-devel-1.0.2-12.EL3.ia64.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.ia64.rpm x86_64: bzip2-1.0.2-12.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.x86_64.rpm bzip2-devel-1.0.2-12.EL3.x86_64.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/bzip2-1.0.2-12.EL3.src.rpm i386: bzip2-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-devel-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm ia64: bzip2-1.0.2-12.EL3.ia64.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.ia64.rpm bzip2-devel-1.0.2-12.EL3.ia64.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.ia64.rpm x86_64: bzip2-1.0.2-12.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-12.EL3.i386.rpm bzip2-debuginfo-1.0.2-12.EL3.x86_64.rpm bzip2-devel-1.0.2-12.EL3.x86_64.rpm bzip2-libs-1.0.2-12.EL3.i386.rpm bzip2-libs-1.0.2-12.EL3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/bzip2-1.0.2-14.el4_7.src.rpm i386: bzip2-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-devel-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm ia64: bzip2-1.0.2-14.el4_7.ia64.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.ia64.rpm bzip2-devel-1.0.2-14.el4_7.ia64.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.ia64.rpm ppc: bzip2-1.0.2-14.el4_7.ppc.rpm bzip2-debuginfo-1.0.2-14.el4_7.ppc.rpm bzip2-debuginfo-1.0.2-14.el4_7.ppc64.rpm bzip2-devel-1.0.2-14.el4_7.ppc.rpm bzip2-libs-1.0.2-14.el4_7.ppc.rpm bzip2-libs-1.0.2-14.el4_7.ppc64.rpm s390: bzip2-1.0.2-14.el4_7.s390.rpm bzip2-debuginfo-1.0.2-14.el4_7.s390.rpm bzip2-devel-1.0.2-14.el4_7.s390.rpm bzip2-libs-1.0.2-14.el4_7.s390.rpm s390x: bzip2-1.0.2-14.el4_7.s390x.rpm bzip2-debuginfo-1.0.2-14.el4_7.s390.rpm bzip2-debuginfo-1.0.2-14.el4_7.s390x.rpm bzip2-devel-1.0.2-14.el4_7.s390x.rpm bzip2-libs-1.0.2-14.el4_7.s390.rpm bzip2-libs-1.0.2-14.el4_7.s390x.rpm x86_64: bzip2-1.0.2-14.el4_7.x86_64.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.x86_64.rpm bzip2-devel-1.0.2-14.el4_7.x86_64.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/bzip2-1.0.2-14.el4_7.src.rpm i386: bzip2-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-devel-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm x86_64: bzip2-1.0.2-14.el4_7.x86_64.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.x86_64.rpm bzip2-devel-1.0.2-14.el4_7.x86_64.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/bzip2-1.0.2-14.el4_7.src.rpm i386: bzip2-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-devel-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm ia64: bzip2-1.0.2-14.el4_7.ia64.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.ia64.rpm bzip2-devel-1.0.2-14.el4_7.ia64.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.ia64.rpm x86_64: bzip2-1.0.2-14.el4_7.x86_64.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.x86_64.rpm bzip2-devel-1.0.2-14.el4_7.x86_64.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/bzip2-1.0.2-14.el4_7.src.rpm i386: bzip2-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-devel-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm ia64: bzip2-1.0.2-14.el4_7.ia64.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.ia64.rpm bzip2-devel-1.0.2-14.el4_7.ia64.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.ia64.rpm x86_64: bzip2-1.0.2-14.el4_7.x86_64.rpm bzip2-debuginfo-1.0.2-14.el4_7.i386.rpm bzip2-debuginfo-1.0.2-14.el4_7.x86_64.rpm bzip2-devel-1.0.2-14.el4_7.x86_64.rpm bzip2-libs-1.0.2-14.el4_7.i386.rpm bzip2-libs-1.0.2-14.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bzip2-1.0.3-4.el5_2.src.rpm i386: bzip2-1.0.3-4.el5_2.i386.rpm bzip2-debuginfo-1.0.3-4.el5_2.i386.rpm bzip2-libs-1.0.3-4.el5_2.i386.rpm x86_64: bzip2-1.0.3-4.el5_2.x86_64.rpm bzip2-debuginfo-1.0.3-4.el5_2.i386.rpm bzip2-debuginfo-1.0.3-4.el5_2.x86_64.rpm bzip2-libs-1.0.3-4.el5_2.i386.rpm bzip2-libs-1.0.3-4.el5_2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bzip2-1.0.3-4.el5_2.src.rpm i386: bzip2-debuginfo-1.0.3-4.el5_2.i386.rpm bzip2-devel-1.0.3-4.el5_2.i386.rpm x86_64: bzip2-debuginfo-1.0.3-4.el5_2.i386.rpm bzip2-debuginfo-1.0.3-4.el5_2.x86_64.rpm bzip2-devel-1.0.3-4.el5_2.i386.rpm bzip2-devel-1.0.3-4.el5_2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bzip2-1.0.3-4.el5_2.src.rpm i386: bzip2-1.0.3-4.el5_2.i386.rpm bzip2-debuginfo-1.0.3-4.el5_2.i386.rpm bzip2-devel-1.0.3-4.el5_2.i386.rpm bzip2-libs-1.0.3-4.el5_2.i386.rpm ia64: bzip2-1.0.3-4.el5_2.ia64.rpm bzip2-debuginfo-1.0.3-4.el5_2.i386.rpm bzip2-debuginfo-1.0.3-4.el5_2.ia64.rpm bzip2-devel-1.0.3-4.el5_2.ia64.rpm bzip2-libs-1.0.3-4.el5_2.i386.rpm bzip2-libs-1.0.3-4.el5_2.ia64.rpm ppc: bzip2-1.0.3-4.el5_2.ppc.rpm bzip2-debuginfo-1.0.3-4.el5_2.ppc.rpm bzip2-debuginfo-1.0.3-4.el5_2.ppc64.rpm bzip2-devel-1.0.3-4.el5_2.ppc.rpm bzip2-devel-1.0.3-4.el5_2.ppc64.rpm bzip2-libs-1.0.3-4.el5_2.ppc.rpm bzip2-libs-1.0.3-4.el5_2.ppc64.rpm s390x: bzip2-1.0.3-4.el5_2.s390x.rpm bzip2-debuginfo-1.0.3-4.el5_2.s390.rpm bzip2-debuginfo-1.0.3-4.el5_2.s390x.rpm bzip2-devel-1.0.3-4.el5_2.s390.rpm bzip2-devel-1.0.3-4.el5_2.s390x.rpm bzip2-libs-1.0.3-4.el5_2.s390.rpm bzip2-libs-1.0.3-4.el5_2.s390x.rpm x86_64: bzip2-1.0.3-4.el5_2.x86_64.rpm bzip2-debuginfo-1.0.3-4.el5_2.i386.rpm bzip2-debuginfo-1.0.3-4.el5_2.x86_64.rpm bzip2-devel-1.0.3-4.el5_2.i386.rpm bzip2-devel-1.0.3-4.el5_2.x86_64.rpm bzip2-libs-1.0.3-4.el5_2.i386.rpm bzip2-libs-1.0.3-4.el5_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFIz7tUXlSAg2UNWIIRAi1iAKCYBfWs4Td8cf1L8dryvzTlppud6gCfbdsz MWv2waOPPnJSoMrMJ7hBPIA= =NfYv -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 17 15:08:13 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Sep 2008 11:08:13 -0400 Subject: [RHSA-2008:0812-02] Critical: RealPlayer security update Message-ID: <200809171508.m8HF8DPu006741@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: RealPlayer security update Advisory ID: RHSA-2008:0812-02 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0812.html Issue date: 2008-07-31 Updated on: 2008-09-17 CVE Names: CVE-2007-5400 ===================================================================== 1. Summary: RealPlayer 10.0.9 as shipped in Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary, contains a security flaw and should not be used. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 17 September 2008] We have updated this erratum to include packages which remove RealPlayer from Red Hat Enterprise Linux 3 Extras, 4 Extras and 5 Supplementary. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: RealPlayer is a media player that provides media playback locally and via streaming. RealPlayer 10.0.9 is vulnerable to a critical security flaw and should no longer be used. A remote attacker could leverage this flaw to execute arbitrary code as the user running RealPlayer. (CVE-2007-5400) This issue is addressed in RealPlayer 11. Red Hat is unable to ship RealPlayer 11 due to additional proprietary codecs included in that version. Therefore, users who wish to continue to use RealPlayer should get an update directly from www.real.com. This update removes the RealPlayer 10.0.9 packages due to their known security vulnerabilities. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 456855 - CVE-2007-5400 RealPlayer: SWF Frame Handling Buffer Overflow 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm x86_64: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm Red Hat Desktop version 3 Extras: i386: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm x86_64: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm x86_64: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm x86_64: realplayer-uninstall-10.0.9-0.rhel3.7.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: RealPlayer-uninstall-10.0.9-3.i386.rpm x86_64: RealPlayer-uninstall-10.0.9-3.i386.rpm Red Hat Desktop version 4 Extras: i386: RealPlayer-uninstall-10.0.9-3.i386.rpm x86_64: RealPlayer-uninstall-10.0.9-3.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: RealPlayer-uninstall-10.0.9-3.i386.rpm x86_64: RealPlayer-uninstall-10.0.9-3.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: RealPlayer-uninstall-10.0.9-3.i386.rpm x86_64: RealPlayer-uninstall-10.0.9-3.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: RealPlayer-uninstall-10.0.9-4.el5.i386.rpm x86_64: RealPlayer-uninstall-10.0.9-4.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: RealPlayer-uninstall-10.0.9-4.el5.i386.rpm x86_64: RealPlayer-uninstall-10.0.9-4.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5400 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFI0R1BXlSAg2UNWIIRAm18AJ0bEJfdaTd+0lVpq7+wDbAHixoVgQCeIHrC GMkckUlzHOH3yKYuSoCsVKk= =gQuo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 24 02:20:21 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Sep 2008 22:20:21 -0400 Subject: [RHSA-2008:0879-01] Critical: firefox security update Message-ID: <200809240220.m8O2KLhU019748@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2008:0879-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0879.html Issue date: 2008-09-23 CVE Names: CVE-2008-3837 CVE-2008-4058 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 ===================================================================== 1. Summary: An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A flaw was found in the way Firefox handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw was found in Firefox that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.2. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to this updated package, which contains backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 463189 - CVE-2008-3837 Forced mouse drag 463190 - CVE-2008-4058 Mozilla privilege escalation via XPCnativeWrapper pollution 463198 - CVE-2008-4060 Mozilla privilege escalation via XPCnativeWrapper pollution 463199 - CVE-2008-4061 Mozilla layout engine crash 463201 - CVE-2008-4062 Mozilla crashes with evidence of memory corruption 463203 - CVE-2008-4063 Mozilla crashes with evidence of memory corruption 463204 - CVE-2008-4064 Mozilla crashes with evidence of memory corruption 463234 - CVE-2008-4065 Mozilla BOM characters stripped from JavaScript before execution 463246 - CVE-2008-4067 Mozilla resource: traversal vulnerability 463248 - CVE-2008-4068 Mozilla local HTML file recource: bypass 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm i386: firefox-3.0.2-3.el4.i386.rpm firefox-debuginfo-3.0.2-3.el4.i386.rpm ia64: firefox-3.0.2-3.el4.ia64.rpm firefox-debuginfo-3.0.2-3.el4.ia64.rpm ppc: firefox-3.0.2-3.el4.ppc.rpm firefox-debuginfo-3.0.2-3.el4.ppc.rpm s390: firefox-3.0.2-3.el4.s390.rpm firefox-debuginfo-3.0.2-3.el4.s390.rpm s390x: firefox-3.0.2-3.el4.s390x.rpm firefox-debuginfo-3.0.2-3.el4.s390x.rpm x86_64: firefox-3.0.2-3.el4.x86_64.rpm firefox-debuginfo-3.0.2-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm i386: firefox-3.0.2-3.el4.i386.rpm firefox-debuginfo-3.0.2-3.el4.i386.rpm x86_64: firefox-3.0.2-3.el4.x86_64.rpm firefox-debuginfo-3.0.2-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm i386: firefox-3.0.2-3.el4.i386.rpm firefox-debuginfo-3.0.2-3.el4.i386.rpm ia64: firefox-3.0.2-3.el4.ia64.rpm firefox-debuginfo-3.0.2-3.el4.ia64.rpm x86_64: firefox-3.0.2-3.el4.x86_64.rpm firefox-debuginfo-3.0.2-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.2-3.el4.src.rpm i386: firefox-3.0.2-3.el4.i386.rpm firefox-debuginfo-3.0.2-3.el4.i386.rpm ia64: firefox-3.0.2-3.el4.ia64.rpm firefox-debuginfo-3.0.2-3.el4.ia64.rpm x86_64: firefox-3.0.2-3.el4.x86_64.rpm firefox-debuginfo-3.0.2-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-19.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.2-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.2-5.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-21.el5.src.rpm i386: devhelp-0.12-19.el5.i386.rpm devhelp-debuginfo-0.12-19.el5.i386.rpm firefox-3.0.2-3.el5.i386.rpm firefox-debuginfo-3.0.2-3.el5.i386.rpm nss-3.12.1.1-1.el5.i386.rpm nss-debuginfo-3.12.1.1-1.el5.i386.rpm nss-tools-3.12.1.1-1.el5.i386.rpm xulrunner-1.9.0.2-5.el5.i386.rpm xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm yelp-2.16.0-21.el5.i386.rpm yelp-debuginfo-2.16.0-21.el5.i386.rpm x86_64: devhelp-0.12-19.el5.i386.rpm devhelp-0.12-19.el5.x86_64.rpm devhelp-debuginfo-0.12-19.el5.i386.rpm devhelp-debuginfo-0.12-19.el5.x86_64.rpm firefox-3.0.2-3.el5.i386.rpm firefox-3.0.2-3.el5.x86_64.rpm firefox-debuginfo-3.0.2-3.el5.i386.rpm firefox-debuginfo-3.0.2-3.el5.x86_64.rpm nss-3.12.1.1-1.el5.i386.rpm nss-3.12.1.1-1.el5.x86_64.rpm nss-debuginfo-3.12.1.1-1.el5.i386.rpm nss-debuginfo-3.12.1.1-1.el5.x86_64.rpm nss-tools-3.12.1.1-1.el5.x86_64.rpm xulrunner-1.9.0.2-5.el5.i386.rpm xulrunner-1.9.0.2-5.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm xulrunner-debuginfo-1.9.0.2-5.el5.x86_64.rpm yelp-2.16.0-21.el5.x86_64.rpm yelp-debuginfo-2.16.0-21.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-19.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.1.1-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.2-5.el5.src.rpm i386: devhelp-debuginfo-0.12-19.el5.i386.rpm devhelp-devel-0.12-19.el5.i386.rpm nss-debuginfo-3.12.1.1-1.el5.i386.rpm nss-devel-3.12.1.1-1.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm xulrunner-devel-1.9.0.2-5.el5.i386.rpm xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm x86_64: devhelp-debuginfo-0.12-19.el5.i386.rpm devhelp-debuginfo-0.12-19.el5.x86_64.rpm devhelp-devel-0.12-19.el5.i386.rpm devhelp-devel-0.12-19.el5.x86_64.rpm nss-debuginfo-3.12.1.1-1.el5.i386.rpm nss-debuginfo-3.12.1.1-1.el5.x86_64.rpm nss-devel-3.12.1.1-1.el5.i386.rpm nss-devel-3.12.1.1-1.el5.x86_64.rpm nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm xulrunner-debuginfo-1.9.0.2-5.el5.x86_64.rpm xulrunner-devel-1.9.0.2-5.el5.i386.rpm xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-19.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.2-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.1.1-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.2-5.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-21.el5.src.rpm i386: devhelp-0.12-19.el5.i386.rpm devhelp-debuginfo-0.12-19.el5.i386.rpm devhelp-devel-0.12-19.el5.i386.rpm firefox-3.0.2-3.el5.i386.rpm firefox-debuginfo-3.0.2-3.el5.i386.rpm nss-3.12.1.1-1.el5.i386.rpm nss-debuginfo-3.12.1.1-1.el5.i386.rpm nss-devel-3.12.1.1-1.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm nss-tools-3.12.1.1-1.el5.i386.rpm xulrunner-1.9.0.2-5.el5.i386.rpm xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm xulrunner-devel-1.9.0.2-5.el5.i386.rpm xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm yelp-2.16.0-21.el5.i386.rpm yelp-debuginfo-2.16.0-21.el5.i386.rpm ia64: devhelp-0.12-19.el5.ia64.rpm devhelp-debuginfo-0.12-19.el5.ia64.rpm devhelp-devel-0.12-19.el5.ia64.rpm firefox-3.0.2-3.el5.ia64.rpm firefox-debuginfo-3.0.2-3.el5.ia64.rpm nss-3.12.1.1-1.el5.i386.rpm nss-3.12.1.1-1.el5.ia64.rpm nss-debuginfo-3.12.1.1-1.el5.i386.rpm nss-debuginfo-3.12.1.1-1.el5.ia64.rpm nss-devel-3.12.1.1-1.el5.ia64.rpm nss-pkcs11-devel-3.12.1.1-1.el5.ia64.rpm nss-tools-3.12.1.1-1.el5.ia64.rpm xulrunner-1.9.0.2-5.el5.ia64.rpm xulrunner-debuginfo-1.9.0.2-5.el5.ia64.rpm xulrunner-devel-1.9.0.2-5.el5.ia64.rpm xulrunner-devel-unstable-1.9.0.2-5.el5.ia64.rpm yelp-2.16.0-21.el5.ia64.rpm yelp-debuginfo-2.16.0-21.el5.ia64.rpm ppc: devhelp-0.12-19.el5.ppc.rpm devhelp-debuginfo-0.12-19.el5.ppc.rpm devhelp-devel-0.12-19.el5.ppc.rpm firefox-3.0.2-3.el5.ppc.rpm firefox-debuginfo-3.0.2-3.el5.ppc.rpm nss-3.12.1.1-1.el5.ppc.rpm nss-3.12.1.1-1.el5.ppc64.rpm nss-debuginfo-3.12.1.1-1.el5.ppc.rpm nss-debuginfo-3.12.1.1-1.el5.ppc64.rpm nss-devel-3.12.1.1-1.el5.ppc.rpm nss-devel-3.12.1.1-1.el5.ppc64.rpm nss-pkcs11-devel-3.12.1.1-1.el5.ppc.rpm nss-pkcs11-devel-3.12.1.1-1.el5.ppc64.rpm nss-tools-3.12.1.1-1.el5.ppc.rpm xulrunner-1.9.0.2-5.el5.ppc.rpm xulrunner-1.9.0.2-5.el5.ppc64.rpm xulrunner-debuginfo-1.9.0.2-5.el5.ppc.rpm xulrunner-debuginfo-1.9.0.2-5.el5.ppc64.rpm xulrunner-devel-1.9.0.2-5.el5.ppc.rpm xulrunner-devel-1.9.0.2-5.el5.ppc64.rpm xulrunner-devel-unstable-1.9.0.2-5.el5.ppc.rpm yelp-2.16.0-21.el5.ppc.rpm yelp-debuginfo-2.16.0-21.el5.ppc.rpm s390x: devhelp-0.12-19.el5.s390.rpm devhelp-0.12-19.el5.s390x.rpm devhelp-debuginfo-0.12-19.el5.s390.rpm devhelp-debuginfo-0.12-19.el5.s390x.rpm devhelp-devel-0.12-19.el5.s390.rpm devhelp-devel-0.12-19.el5.s390x.rpm firefox-3.0.2-3.el5.s390.rpm firefox-3.0.2-3.el5.s390x.rpm firefox-debuginfo-3.0.2-3.el5.s390.rpm firefox-debuginfo-3.0.2-3.el5.s390x.rpm nss-3.12.1.1-1.el5.s390.rpm nss-3.12.1.1-1.el5.s390x.rpm nss-debuginfo-3.12.1.1-1.el5.s390.rpm nss-debuginfo-3.12.1.1-1.el5.s390x.rpm nss-devel-3.12.1.1-1.el5.s390.rpm nss-devel-3.12.1.1-1.el5.s390x.rpm nss-pkcs11-devel-3.12.1.1-1.el5.s390.rpm nss-pkcs11-devel-3.12.1.1-1.el5.s390x.rpm nss-tools-3.12.1.1-1.el5.s390x.rpm xulrunner-1.9.0.2-5.el5.s390.rpm xulrunner-1.9.0.2-5.el5.s390x.rpm xulrunner-debuginfo-1.9.0.2-5.el5.s390.rpm xulrunner-debuginfo-1.9.0.2-5.el5.s390x.rpm xulrunner-devel-1.9.0.2-5.el5.s390.rpm xulrunner-devel-1.9.0.2-5.el5.s390x.rpm xulrunner-devel-unstable-1.9.0.2-5.el5.s390x.rpm yelp-2.16.0-21.el5.s390x.rpm yelp-debuginfo-2.16.0-21.el5.s390x.rpm x86_64: devhelp-0.12-19.el5.i386.rpm devhelp-0.12-19.el5.x86_64.rpm devhelp-debuginfo-0.12-19.el5.i386.rpm devhelp-debuginfo-0.12-19.el5.x86_64.rpm devhelp-devel-0.12-19.el5.i386.rpm devhelp-devel-0.12-19.el5.x86_64.rpm firefox-3.0.2-3.el5.i386.rpm firefox-3.0.2-3.el5.x86_64.rpm firefox-debuginfo-3.0.2-3.el5.i386.rpm firefox-debuginfo-3.0.2-3.el5.x86_64.rpm nss-3.12.1.1-1.el5.i386.rpm nss-3.12.1.1-1.el5.x86_64.rpm nss-debuginfo-3.12.1.1-1.el5.i386.rpm nss-debuginfo-3.12.1.1-1.el5.x86_64.rpm nss-devel-3.12.1.1-1.el5.i386.rpm nss-devel-3.12.1.1-1.el5.x86_64.rpm nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm nss-tools-3.12.1.1-1.el5.x86_64.rpm xulrunner-1.9.0.2-5.el5.i386.rpm xulrunner-1.9.0.2-5.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.2-5.el5.i386.rpm xulrunner-debuginfo-1.9.0.2-5.el5.x86_64.rpm xulrunner-devel-1.9.0.2-5.el5.i386.rpm xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm yelp-2.16.0-21.el5.x86_64.rpm yelp-debuginfo-2.16.0-21.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.2 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFI2aPGXlSAg2UNWIIRAjOKAJ9HDll1WzlDoGIxaGb9LQBp/Pj79QCgiS7P /TaVMwxAFB9D96eC+I95s5s= =+cOv -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 24 02:21:51 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Sep 2008 22:21:51 -0400 Subject: [RHSA-2008:0882-01] Critical: seamonkey security update Message-ID: <200809240221.m8O2LpL6020493@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2008:0882-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0882.html Issue date: 2008-09-23 CVE Names: CVE-2008-0016 CVE-2008-3835 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 ===================================================================== 1. Summary: Updated seamonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 463181 - CVE-2008-0016 Mozilla UTF-8 stack buffer overflow 463182 - CVE-2008-3835 nsXMLDocument::OnChannelRedirect() same-origin violation 463189 - CVE-2008-3837 Forced mouse drag 463190 - CVE-2008-4058 Mozilla privilege escalation via XPCnativeWrapper pollution 463192 - CVE-2008-4059 Mozilla privilege escalation via XPCnativeWrapper pollution 463198 - CVE-2008-4060 Mozilla privilege escalation via XPCnativeWrapper pollution 463199 - CVE-2008-4061 Mozilla layout engine crash 463201 - CVE-2008-4062 Mozilla crashes with evidence of memory corruption 463234 - CVE-2008-4065 Mozilla BOM characters stripped from JavaScript before execution 463243 - CVE-2008-4066 Mozilla low surrogates stripped from JavaScript before execution 463246 - CVE-2008-4067 Mozilla resource: traversal vulnerability 463248 - CVE-2008-4068 Mozilla local HTML file recource: bypass 463251 - CVE-2008-4069 Mozilla XBM decoder information disclosure 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.9-0.20.el2.src.rpm i386: seamonkey-1.0.9-0.20.el2.i386.rpm seamonkey-chat-1.0.9-0.20.el2.i386.rpm seamonkey-devel-1.0.9-0.20.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.20.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.20.el2.i386.rpm seamonkey-mail-1.0.9-0.20.el2.i386.rpm seamonkey-nspr-1.0.9-0.20.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.20.el2.i386.rpm seamonkey-nss-1.0.9-0.20.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.20.el2.i386.rpm ia64: seamonkey-1.0.9-0.20.el2.ia64.rpm seamonkey-chat-1.0.9-0.20.el2.ia64.rpm seamonkey-devel-1.0.9-0.20.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.20.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.20.el2.ia64.rpm seamonkey-mail-1.0.9-0.20.el2.ia64.rpm seamonkey-nspr-1.0.9-0.20.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.20.el2.ia64.rpm seamonkey-nss-1.0.9-0.20.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.20.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.9-0.20.el2.src.rpm ia64: seamonkey-1.0.9-0.20.el2.ia64.rpm seamonkey-chat-1.0.9-0.20.el2.ia64.rpm seamonkey-devel-1.0.9-0.20.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.20.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.20.el2.ia64.rpm seamonkey-mail-1.0.9-0.20.el2.ia64.rpm seamonkey-nspr-1.0.9-0.20.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.20.el2.ia64.rpm seamonkey-nss-1.0.9-0.20.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.20.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.9-0.20.el2.src.rpm i386: seamonkey-1.0.9-0.20.el2.i386.rpm seamonkey-chat-1.0.9-0.20.el2.i386.rpm seamonkey-devel-1.0.9-0.20.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.20.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.20.el2.i386.rpm seamonkey-mail-1.0.9-0.20.el2.i386.rpm seamonkey-nspr-1.0.9-0.20.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.20.el2.i386.rpm seamonkey-nss-1.0.9-0.20.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.20.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.9-0.20.el2.src.rpm i386: seamonkey-1.0.9-0.20.el2.i386.rpm seamonkey-chat-1.0.9-0.20.el2.i386.rpm seamonkey-devel-1.0.9-0.20.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.20.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.20.el2.i386.rpm seamonkey-mail-1.0.9-0.20.el2.i386.rpm seamonkey-nspr-1.0.9-0.20.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.20.el2.i386.rpm seamonkey-nss-1.0.9-0.20.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.20.el2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.24.el3.src.rpm i386: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-chat-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-devel-1.0.9-0.24.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.24.el3.i386.rpm seamonkey-mail-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.24.el3.i386.rpm ia64: seamonkey-1.0.9-0.24.el3.ia64.rpm seamonkey-chat-1.0.9-0.24.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.ia64.rpm seamonkey-devel-1.0.9-0.24.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.24.el3.ia64.rpm seamonkey-mail-1.0.9-0.24.el3.ia64.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.ia64.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.24.el3.ia64.rpm ppc: seamonkey-1.0.9-0.24.el3.ppc.rpm seamonkey-chat-1.0.9-0.24.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.24.el3.ppc.rpm seamonkey-devel-1.0.9-0.24.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.24.el3.ppc.rpm seamonkey-mail-1.0.9-0.24.el3.ppc.rpm seamonkey-nspr-1.0.9-0.24.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.ppc.rpm seamonkey-nss-1.0.9-0.24.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.24.el3.ppc.rpm s390: seamonkey-1.0.9-0.24.el3.s390.rpm seamonkey-chat-1.0.9-0.24.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.24.el3.s390.rpm seamonkey-devel-1.0.9-0.24.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.24.el3.s390.rpm seamonkey-mail-1.0.9-0.24.el3.s390.rpm seamonkey-nspr-1.0.9-0.24.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.s390.rpm seamonkey-nss-1.0.9-0.24.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.24.el3.s390.rpm s390x: seamonkey-1.0.9-0.24.el3.s390x.rpm seamonkey-chat-1.0.9-0.24.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.24.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.24.el3.s390x.rpm seamonkey-devel-1.0.9-0.24.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.24.el3.s390x.rpm seamonkey-mail-1.0.9-0.24.el3.s390x.rpm seamonkey-nspr-1.0.9-0.24.el3.s390.rpm seamonkey-nspr-1.0.9-0.24.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.s390x.rpm seamonkey-nss-1.0.9-0.24.el3.s390.rpm seamonkey-nss-1.0.9-0.24.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.24.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-1.0.9-0.24.el3.x86_64.rpm seamonkey-chat-1.0.9-0.24.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.x86_64.rpm seamonkey-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.24.el3.x86_64.rpm seamonkey-mail-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.24.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.24.el3.src.rpm i386: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-chat-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-devel-1.0.9-0.24.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.24.el3.i386.rpm seamonkey-mail-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.24.el3.i386.rpm x86_64: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-1.0.9-0.24.el3.x86_64.rpm seamonkey-chat-1.0.9-0.24.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.x86_64.rpm seamonkey-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.24.el3.x86_64.rpm seamonkey-mail-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.24.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.24.el3.src.rpm i386: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-chat-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-devel-1.0.9-0.24.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.24.el3.i386.rpm seamonkey-mail-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.24.el3.i386.rpm ia64: seamonkey-1.0.9-0.24.el3.ia64.rpm seamonkey-chat-1.0.9-0.24.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.ia64.rpm seamonkey-devel-1.0.9-0.24.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.24.el3.ia64.rpm seamonkey-mail-1.0.9-0.24.el3.ia64.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.ia64.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.24.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-1.0.9-0.24.el3.x86_64.rpm seamonkey-chat-1.0.9-0.24.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.x86_64.rpm seamonkey-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.24.el3.x86_64.rpm seamonkey-mail-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.24.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.24.el3.src.rpm i386: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-chat-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-devel-1.0.9-0.24.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.24.el3.i386.rpm seamonkey-mail-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.24.el3.i386.rpm ia64: seamonkey-1.0.9-0.24.el3.ia64.rpm seamonkey-chat-1.0.9-0.24.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.ia64.rpm seamonkey-devel-1.0.9-0.24.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.24.el3.ia64.rpm seamonkey-mail-1.0.9-0.24.el3.ia64.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.ia64.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.24.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.24.el3.i386.rpm seamonkey-1.0.9-0.24.el3.x86_64.rpm seamonkey-chat-1.0.9-0.24.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.24.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.24.el3.x86_64.rpm seamonkey-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.24.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.24.el3.x86_64.rpm seamonkey-mail-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.24.el3.i386.rpm seamonkey-nspr-1.0.9-0.24.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-1.0.9-0.24.el3.i386.rpm seamonkey-nss-1.0.9-0.24.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.24.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/devhelp-0.10-0.10.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-26.el4.src.rpm i386: devhelp-0.10-0.10.el4.i386.rpm devhelp-debuginfo-0.10-0.10.el4.i386.rpm devhelp-devel-0.10-0.10.el4.i386.rpm seamonkey-1.0.9-26.el4.i386.rpm seamonkey-chat-1.0.9-26.el4.i386.rpm seamonkey-debuginfo-1.0.9-26.el4.i386.rpm seamonkey-devel-1.0.9-26.el4.i386.rpm seamonkey-dom-inspector-1.0.9-26.el4.i386.rpm seamonkey-js-debugger-1.0.9-26.el4.i386.rpm seamonkey-mail-1.0.9-26.el4.i386.rpm ia64: seamonkey-1.0.9-26.el4.ia64.rpm seamonkey-chat-1.0.9-26.el4.ia64.rpm seamonkey-debuginfo-1.0.9-26.el4.ia64.rpm seamonkey-devel-1.0.9-26.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-26.el4.ia64.rpm seamonkey-js-debugger-1.0.9-26.el4.ia64.rpm seamonkey-mail-1.0.9-26.el4.ia64.rpm ppc: devhelp-0.10-0.10.el4.ppc.rpm devhelp-debuginfo-0.10-0.10.el4.ppc.rpm devhelp-devel-0.10-0.10.el4.ppc.rpm seamonkey-1.0.9-26.el4.ppc.rpm seamonkey-chat-1.0.9-26.el4.ppc.rpm seamonkey-debuginfo-1.0.9-26.el4.ppc.rpm seamonkey-devel-1.0.9-26.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-26.el4.ppc.rpm seamonkey-js-debugger-1.0.9-26.el4.ppc.rpm seamonkey-mail-1.0.9-26.el4.ppc.rpm s390: seamonkey-1.0.9-26.el4.s390.rpm seamonkey-chat-1.0.9-26.el4.s390.rpm seamonkey-debuginfo-1.0.9-26.el4.s390.rpm seamonkey-devel-1.0.9-26.el4.s390.rpm seamonkey-dom-inspector-1.0.9-26.el4.s390.rpm seamonkey-js-debugger-1.0.9-26.el4.s390.rpm seamonkey-mail-1.0.9-26.el4.s390.rpm s390x: seamonkey-1.0.9-26.el4.s390x.rpm seamonkey-chat-1.0.9-26.el4.s390x.rpm seamonkey-debuginfo-1.0.9-26.el4.s390x.rpm seamonkey-devel-1.0.9-26.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-26.el4.s390x.rpm seamonkey-js-debugger-1.0.9-26.el4.s390x.rpm seamonkey-mail-1.0.9-26.el4.s390x.rpm x86_64: devhelp-0.10-0.10.el4.x86_64.rpm devhelp-debuginfo-0.10-0.10.el4.x86_64.rpm devhelp-devel-0.10-0.10.el4.x86_64.rpm seamonkey-1.0.9-26.el4.x86_64.rpm seamonkey-chat-1.0.9-26.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-26.el4.x86_64.rpm seamonkey-devel-1.0.9-26.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-26.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-26.el4.x86_64.rpm seamonkey-mail-1.0.9-26.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/devhelp-0.10-0.10.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-26.el4.src.rpm i386: devhelp-0.10-0.10.el4.i386.rpm devhelp-debuginfo-0.10-0.10.el4.i386.rpm devhelp-devel-0.10-0.10.el4.i386.rpm seamonkey-1.0.9-26.el4.i386.rpm seamonkey-chat-1.0.9-26.el4.i386.rpm seamonkey-debuginfo-1.0.9-26.el4.i386.rpm seamonkey-devel-1.0.9-26.el4.i386.rpm seamonkey-dom-inspector-1.0.9-26.el4.i386.rpm seamonkey-js-debugger-1.0.9-26.el4.i386.rpm seamonkey-mail-1.0.9-26.el4.i386.rpm x86_64: devhelp-0.10-0.10.el4.x86_64.rpm devhelp-debuginfo-0.10-0.10.el4.x86_64.rpm devhelp-devel-0.10-0.10.el4.x86_64.rpm seamonkey-1.0.9-26.el4.x86_64.rpm seamonkey-chat-1.0.9-26.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-26.el4.x86_64.rpm seamonkey-devel-1.0.9-26.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-26.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-26.el4.x86_64.rpm seamonkey-mail-1.0.9-26.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/devhelp-0.10-0.10.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-26.el4.src.rpm i386: devhelp-0.10-0.10.el4.i386.rpm devhelp-debuginfo-0.10-0.10.el4.i386.rpm devhelp-devel-0.10-0.10.el4.i386.rpm seamonkey-1.0.9-26.el4.i386.rpm seamonkey-chat-1.0.9-26.el4.i386.rpm seamonkey-debuginfo-1.0.9-26.el4.i386.rpm seamonkey-devel-1.0.9-26.el4.i386.rpm seamonkey-dom-inspector-1.0.9-26.el4.i386.rpm seamonkey-js-debugger-1.0.9-26.el4.i386.rpm seamonkey-mail-1.0.9-26.el4.i386.rpm ia64: seamonkey-1.0.9-26.el4.ia64.rpm seamonkey-chat-1.0.9-26.el4.ia64.rpm seamonkey-debuginfo-1.0.9-26.el4.ia64.rpm seamonkey-devel-1.0.9-26.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-26.el4.ia64.rpm seamonkey-js-debugger-1.0.9-26.el4.ia64.rpm seamonkey-mail-1.0.9-26.el4.ia64.rpm x86_64: devhelp-0.10-0.10.el4.x86_64.rpm devhelp-debuginfo-0.10-0.10.el4.x86_64.rpm devhelp-devel-0.10-0.10.el4.x86_64.rpm seamonkey-1.0.9-26.el4.x86_64.rpm seamonkey-chat-1.0.9-26.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-26.el4.x86_64.rpm seamonkey-devel-1.0.9-26.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-26.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-26.el4.x86_64.rpm seamonkey-mail-1.0.9-26.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/devhelp-0.10-0.10.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-26.el4.src.rpm i386: devhelp-0.10-0.10.el4.i386.rpm devhelp-debuginfo-0.10-0.10.el4.i386.rpm devhelp-devel-0.10-0.10.el4.i386.rpm seamonkey-1.0.9-26.el4.i386.rpm seamonkey-chat-1.0.9-26.el4.i386.rpm seamonkey-debuginfo-1.0.9-26.el4.i386.rpm seamonkey-devel-1.0.9-26.el4.i386.rpm seamonkey-dom-inspector-1.0.9-26.el4.i386.rpm seamonkey-js-debugger-1.0.9-26.el4.i386.rpm seamonkey-mail-1.0.9-26.el4.i386.rpm ia64: seamonkey-1.0.9-26.el4.ia64.rpm seamonkey-chat-1.0.9-26.el4.ia64.rpm seamonkey-debuginfo-1.0.9-26.el4.ia64.rpm seamonkey-devel-1.0.9-26.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-26.el4.ia64.rpm seamonkey-js-debugger-1.0.9-26.el4.ia64.rpm seamonkey-mail-1.0.9-26.el4.ia64.rpm x86_64: devhelp-0.10-0.10.el4.x86_64.rpm devhelp-debuginfo-0.10-0.10.el4.x86_64.rpm devhelp-devel-0.10-0.10.el4.x86_64.rpm seamonkey-1.0.9-26.el4.x86_64.rpm seamonkey-chat-1.0.9-26.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-26.el4.x86_64.rpm seamonkey-devel-1.0.9-26.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-26.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-26.el4.x86_64.rpm seamonkey-mail-1.0.9-26.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFI2aPrXlSAg2UNWIIRAiZeAKCwbydIVTXyaI4VP5uwL1ffP8FXjwCgsBBW oH9DGEgm+KZdiCyH5sYurtQ= =ZILr -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 24 19:02:36 2008 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 24 Sep 2008 15:02:36 -0400 Subject: [RHSA-2008:0885-01] Important: kernel security and bug fix update Message-ID: <200809241902.m8OJ2acb017768@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0885-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0885.html Issue date: 2008-09-24 CVE Names: CVE-2008-2931 CVE-2008-3275 CVE-2007-6417 CVE-2007-6716 CVE-2008-3272 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a missing capability check was found in the Linux kernel do_change_type routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service. (CVE-2008-2931, Important) * a flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important) * Tobias Klein reported a missing check in the Linux kernel Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) * a flaw was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to read sensitive information from the kernel. (CVE-2007-6417, Moderate) Bug fixes: * when copying a small IPoIB packet from the original skb it was received in to a new, smaller skb, all fields in the new skb were not initialized. This may have caused a kernel oops. * previously, data may have been written beyond the end of an array, causing memory corruption on certain systems, resulting in hypervisor crashes during context switching. * a kernel crash may have occurred on heavily-used Samba servers after 24 to 48 hours of use. * under heavy memory pressure, pages may have been swapped out from under the SGI Altix XPMEM driver, causing silent data corruption in the kernel. * the ixgbe driver is untested, but support was advertised for the Intel 82598 network card. If this card was present when the ixgbe driver was loaded, a NULL pointer dereference and a panic occurred. * on certain systems, if multiple InfiniBand queue pairs simultaneously fell into an error state, an overrun may have occurred, stopping traffic. * with bridging, when forward delay was set to zero, setting an interface to the forwarding state was delayed by one or possibly two timers, depending on whether STP was enabled. This may have caused long delays in moving an interface to the forwarding state. This issue caused packet loss when migrating virtual machines, preventing them from being migrated without interrupting applications. * on certain multinode systems, IPMI device nodes were created in reverse order of where they physically resided. * process hangs may have occurred while accessing application data files via asynchronous direct I/O system calls. * on systems with heavy lock traffic, a possible deadlock may have caused anything requiring locks over NFS to stop, or be very slow. Errors such as "lockd: server [IP] not responding, timed out" were logged on client systems. * unexpected removals of USB devices may have caused a NULL pointer dereference in kobject_get_path. * on Itanium-based systems, repeatedly creating and destroying Windows guests may have caused Dom0 to crash, due to the "XENMEM_add_to_physmap" hypercall, used by para-virtualized drivers on HVM, being SMP-unsafe. * when using an MD software RAID, crashes may have occurred when devices were removed or changed while being iterated through. Correct locking is now used. * break requests had no effect when using "Serial Over Lan" with the Intel 82571 network card. This issue may have caused log in problems. * on Itanium-based systems, module_free() referred the first parameter before checking it was valid. This may have caused a kernel panic when exiting SystemTap. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 426081 - CVE-2007-6417 tmpfs: restore missing clear_highpage (kernels from 2.6.11 up) 447913 - LTC43854-trap 700 Program check on uli05, pc: c000000000323910: .skb_under_panic+0x50/0x68 [rhel-5.2.z] 454388 - CVE-2008-2931 kernel: missing check before setting mount propagation 455768 - Guest OS install causes host machine to crash 456235 - [RHEL5] Kernel panic triggered by smbd 456946 - Silent memory corruption with xpmem 457484 - ixgbe panics system when installing RHEL 5.2 with 82598AT (copper 10 gig) adapter 457858 - CVE-2008-3275 Linux kernel local filesystem DoS 457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak 458779 - LTC44570-Event Queue overflow on eHCA adapters 458783 - lost packets when live migrating 459071 - LTC41679-IPMI device nodes created in reverse order on multinode systems 459082 - process hangs in async direct IO / possible race between dio_bio_end_aio() and dio_await_one() ? 459083 - deadlock when lockd tries to take f_sema that it already has 459776 - [Stratus 5.2.z bug] kernel NULL pointer dereference in kobject_get_path 459780 - [IA64] Fix SMP-unsafe with XENMEM_add_to_physmap on HVM 460128 - [NEC/Stratus 5.2.z bug] various crashes in md - rdev removed in the middle of ITERATE_RDEV 460509 - SysRq handling issue in serial driver 460639 - kprobes remove causing kernel panic on ia64 with 2.6.18-92.1.10.el5 kernel 461082 - CVE-2007-6716 kernel: dio: zero struct dio with kzalloc instead of manually 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.13.el5.src.rpm i386: kernel-2.6.18-92.1.13.el5.i686.rpm kernel-PAE-2.6.18-92.1.13.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.13.el5.i686.rpm kernel-debug-2.6.18-92.1.13.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.13.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.13.el5.i686.rpm kernel-devel-2.6.18-92.1.13.el5.i686.rpm kernel-headers-2.6.18-92.1.13.el5.i386.rpm kernel-xen-2.6.18-92.1.13.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.13.el5.i686.rpm noarch: kernel-doc-2.6.18-92.1.13.el5.noarch.rpm x86_64: kernel-2.6.18-92.1.13.el5.x86_64.rpm kernel-debug-2.6.18-92.1.13.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.13.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.13.el5.x86_64.rpm kernel-devel-2.6.18-92.1.13.el5.x86_64.rpm kernel-headers-2.6.18-92.1.13.el5.x86_64.rpm kernel-xen-2.6.18-92.1.13.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.13.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.13.el5.src.rpm i386: kernel-2.6.18-92.1.13.el5.i686.rpm kernel-PAE-2.6.18-92.1.13.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.13.el5.i686.rpm kernel-debug-2.6.18-92.1.13.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.13.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.13.el5.i686.rpm kernel-devel-2.6.18-92.1.13.el5.i686.rpm kernel-headers-2.6.18-92.1.13.el5.i386.rpm kernel-xen-2.6.18-92.1.13.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.13.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.13.el5.i686.rpm ia64: kernel-2.6.18-92.1.13.el5.ia64.rpm kernel-debug-2.6.18-92.1.13.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.13.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.13.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.13.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.13.el5.ia64.rpm kernel-devel-2.6.18-92.1.13.el5.ia64.rpm kernel-headers-2.6.18-92.1.13.el5.ia64.rpm kernel-xen-2.6.18-92.1.13.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.13.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.13.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.13.el5.noarch.rpm ppc: kernel-2.6.18-92.1.13.el5.ppc64.rpm kernel-debug-2.6.18-92.1.13.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.13.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.13.el5.ppc64.rpm kernel-devel-2.6.18-92.1.13.el5.ppc64.rpm kernel-headers-2.6.18-92.1.13.el5.ppc.rpm kernel-headers-2.6.18-92.1.13.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.13.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.13.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.13.el5.s390x.rpm kernel-debug-2.6.18-92.1.13.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.13.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.13.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.13.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.13.el5.s390x.rpm kernel-devel-2.6.18-92.1.13.el5.s390x.rpm kernel-headers-2.6.18-92.1.13.el5.s390x.rpm kernel-kdump-2.6.18-92.1.13.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.13.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.13.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.13.el5.x86_64.rpm kernel-debug-2.6.18-92.1.13.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.13.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.13.el5.x86_64.rpm kernel-devel-2.6.18-92.1.13.el5.x86_64.rpm kernel-headers-2.6.18-92.1.13.el5.x86_64.rpm kernel-xen-2.6.18-92.1.13.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.13.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFI2o7AXlSAg2UNWIIRAkEKAJ0cNMNouqFi5c+Ev+4eUTXjKsDxBwCgqj9w 2bTT9J514h503tzyCXsAqbk= =LGJv -----END PGP SIGNATURE-----