From bugzilla at redhat.com Mon Mar 2 17:34:59 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Mar 2009 12:34:59 -0500 Subject: [RHSA-2009:0297-01] Low: Red Hat Enterprise Linux 2.1 - 3 Month End Of Life Notice Message-ID: <200903021734.n22HYxW0021018@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 2.1 - 3 Month End Of Life Notice Advisory ID: RHSA-2009:0297-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0297.html Issue date: 2009-03-02 ===================================================================== 1. Summary: This is the 3-month notification of the End Of Life plans for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the 7 years life-cycle of Red Hat Enterprise Linux 2.1 will end on May 31 2009. ?After that date, Red Hat will discontinue the technical support services, bugfix, enhancement and security errata updates for the following products: * Red Hat Enterprise Linux AS 2.1 * Red Hat Enterprise Linux ES 2.1 * Red Hat Enterprise Linux WS 2.1 * Red Hat Linux Advanced Server 2.1 * Red Hat Linux Advanced Workstation 2.1 Customers running production workloads on Enterprise Linux 2.1 should plan to migrate to a later version before May 31, 2009. One benefit of a Red Hat subscription is the right to upgrade to never versions of Enterprise Linux for no extra cost. As an Enterprise Linux subscriber, you have the option of migrating to the following supported versions: * version 3 (Generally Available: Oct 2003, End-Of-Life: Oct 2010) * version 4 (GA: Feb 2005, EOL: Feb 2012) * version 5 (GA: Mar 2007, EOL: Mar 2014) These supported versions of Enterprise Linux are available for download from Red Hat Network. For those customers who cannot migrate from Enterprise Linux 2.1 before its end-of-life date, Red Hat will offer limited extended support contracts. For more information, contact your Red Hat sales representative. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: http://www.redhat.com/security/updates/errata/ 4. Solution: This errata contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Bugs fixed (http://bugzilla.redhat.com/): 485896 - Send Out RHEL 2.1 3-Month EOL Notice 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/redhat-release-as-2.1AS-124.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/redhat-release-as-2.1AS-24.src.rpm i386: redhat-release-as-2.1AS-24.i386.rpm ia64: redhat-release-as-2.1AS-124.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/redhat-release-aw-2.1AW-24.src.rpm ia64: redhat-release-aw-2.1AW-24.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/redhat-release-es-2.1ES-24.src.rpm i386: redhat-release-es-2.1ES-24.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/redhat-release-ws-2.1WS-24.src.rpm i386: redhat-release-ws-2.1WS-24.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.redhat.com/security/updates/errata/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJrBi3XlSAg2UNWIIRAj2cAJ9cjF7PCjQDZ7fRhBwF+F923bYnyACfSYps eOeN2neUQjVxdgraW7M5nHU= =w140 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 2 17:38:58 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Mar 2009 12:38:58 -0500 Subject: [RHSA-2009:0297-01] Low: Red Hat Enterprise Linux 2.1 - 3 Month End Of Life Notice Message-ID: <200903021738.n22Hcw2x023666@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 2.1 - 3 Month End Of Life Notice Advisory ID: RHSA-2009:0297-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0297.html Issue date: 2009-03-02 ===================================================================== 1. Summary: This is the 3-month notification of the End Of Life plans for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the 7 years life-cycle of Red Hat Enterprise Linux 2.1 will end on May 31 2009. ?After that date, Red Hat will discontinue the technical support services, bugfix, enhancement and security errata updates for the following products: * Red Hat Enterprise Linux AS 2.1 * Red Hat Enterprise Linux ES 2.1 * Red Hat Enterprise Linux WS 2.1 * Red Hat Linux Advanced Server 2.1 * Red Hat Linux Advanced Workstation 2.1 Customers running production workloads on Enterprise Linux 2.1 should plan to migrate to a later version before May 31, 2009. One benefit of a Red Hat subscription is the right to upgrade to never versions of Enterprise Linux for no extra cost. As an Enterprise Linux subscriber, you have the option of migrating to the following supported versions: * version 3 (Generally Available: Oct 2003, End-Of-Life: Oct 2010) * version 4 (GA: Feb 2005, EOL: Feb 2012) * version 5 (GA: Mar 2007, EOL: Mar 2014) These supported versions of Enterprise Linux are available for download from Red Hat Network. For those customers who cannot migrate from Enterprise Linux 2.1 before its end-of-life date, Red Hat will offer limited extended support contracts. For more information, contact your Red Hat sales representative. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: http://www.redhat.com/security/updates/errata/ 4. Solution: This errata contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Bugs fixed (http://bugzilla.redhat.com/): 485896 - Send Out RHEL 2.1 3-Month EOL Notice 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/redhat-release-as-2.1AS-124.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/redhat-release-as-2.1AS-24.src.rpm i386: redhat-release-as-2.1AS-24.i386.rpm ia64: redhat-release-as-2.1AS-124.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/redhat-release-aw-2.1AW-24.src.rpm ia64: redhat-release-aw-2.1AW-24.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/redhat-release-es-2.1ES-24.src.rpm i386: redhat-release-es-2.1ES-24.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/redhat-release-ws-2.1WS-24.src.rpm i386: redhat-release-ws-2.1WS-24.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.redhat.com/security/updates/errata/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJrBmuXlSAg2UNWIIRAlpgAJ4j8QwbdK2aXdFWvIEJoWvIxuESdACfdBm0 6T3ZF6q3o6k9VDnJNZSbPDo= =/2zd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 4 19:53:04 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Mar 2009 14:53:04 -0500 Subject: [RHSA-2009:0313-01] Moderate: wireshark security update Message-ID: <200903041953.n24Jr4eT013764@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2009:0313-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0313.html Issue date: 2009-03-04 CVE Names: CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 CVE-2008-5285 CVE-2009-0599 CVE-2009-0600 ===================================================================== 1. Summary: Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 468166 - CVE-2008-4680 wireshark: DoS (app crash or abort) via malformed USB Request Block (URB). 468167 - CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets 468169 - CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type 468171 - CVE-2008-4683 wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length 468174 - CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector 468175 - CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets 472737 - CVE-2008-5285 wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request 485888 - CVE-2009-0599 wireshark: buffer overflows in NetScreen snoop file reader 485889 - CVE-2009-0600 wireshark: denial of service (application crash) via a crafted Tektronix K12 text capture file 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/wireshark-1.0.6-EL3.3.src.rpm i386: wireshark-1.0.6-EL3.3.i386.rpm wireshark-debuginfo-1.0.6-EL3.3.i386.rpm wireshark-gnome-1.0.6-EL3.3.i386.rpm ia64: wireshark-1.0.6-EL3.3.ia64.rpm wireshark-debuginfo-1.0.6-EL3.3.ia64.rpm wireshark-gnome-1.0.6-EL3.3.ia64.rpm ppc: wireshark-1.0.6-EL3.3.ppc.rpm wireshark-debuginfo-1.0.6-EL3.3.ppc.rpm wireshark-gnome-1.0.6-EL3.3.ppc.rpm s390: wireshark-1.0.6-EL3.3.s390.rpm wireshark-debuginfo-1.0.6-EL3.3.s390.rpm wireshark-gnome-1.0.6-EL3.3.s390.rpm s390x: wireshark-1.0.6-EL3.3.s390x.rpm wireshark-debuginfo-1.0.6-EL3.3.s390x.rpm wireshark-gnome-1.0.6-EL3.3.s390x.rpm x86_64: wireshark-1.0.6-EL3.3.x86_64.rpm wireshark-debuginfo-1.0.6-EL3.3.x86_64.rpm wireshark-gnome-1.0.6-EL3.3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/wireshark-1.0.6-EL3.3.src.rpm i386: wireshark-1.0.6-EL3.3.i386.rpm wireshark-debuginfo-1.0.6-EL3.3.i386.rpm wireshark-gnome-1.0.6-EL3.3.i386.rpm x86_64: wireshark-1.0.6-EL3.3.x86_64.rpm wireshark-debuginfo-1.0.6-EL3.3.x86_64.rpm wireshark-gnome-1.0.6-EL3.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/wireshark-1.0.6-EL3.3.src.rpm i386: wireshark-1.0.6-EL3.3.i386.rpm wireshark-debuginfo-1.0.6-EL3.3.i386.rpm wireshark-gnome-1.0.6-EL3.3.i386.rpm ia64: wireshark-1.0.6-EL3.3.ia64.rpm wireshark-debuginfo-1.0.6-EL3.3.ia64.rpm wireshark-gnome-1.0.6-EL3.3.ia64.rpm x86_64: wireshark-1.0.6-EL3.3.x86_64.rpm wireshark-debuginfo-1.0.6-EL3.3.x86_64.rpm wireshark-gnome-1.0.6-EL3.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/wireshark-1.0.6-EL3.3.src.rpm i386: wireshark-1.0.6-EL3.3.i386.rpm wireshark-debuginfo-1.0.6-EL3.3.i386.rpm wireshark-gnome-1.0.6-EL3.3.i386.rpm ia64: wireshark-1.0.6-EL3.3.ia64.rpm wireshark-debuginfo-1.0.6-EL3.3.ia64.rpm wireshark-gnome-1.0.6-EL3.3.ia64.rpm x86_64: wireshark-1.0.6-EL3.3.x86_64.rpm wireshark-debuginfo-1.0.6-EL3.3.x86_64.rpm wireshark-gnome-1.0.6-EL3.3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/wireshark-1.0.6-2.el4_7.src.rpm i386: wireshark-1.0.6-2.el4_7.i386.rpm wireshark-debuginfo-1.0.6-2.el4_7.i386.rpm wireshark-gnome-1.0.6-2.el4_7.i386.rpm ia64: wireshark-1.0.6-2.el4_7.ia64.rpm wireshark-debuginfo-1.0.6-2.el4_7.ia64.rpm wireshark-gnome-1.0.6-2.el4_7.ia64.rpm ppc: wireshark-1.0.6-2.el4_7.ppc.rpm wireshark-debuginfo-1.0.6-2.el4_7.ppc.rpm wireshark-gnome-1.0.6-2.el4_7.ppc.rpm s390: wireshark-1.0.6-2.el4_7.s390.rpm wireshark-debuginfo-1.0.6-2.el4_7.s390.rpm wireshark-gnome-1.0.6-2.el4_7.s390.rpm s390x: wireshark-1.0.6-2.el4_7.s390x.rpm wireshark-debuginfo-1.0.6-2.el4_7.s390x.rpm wireshark-gnome-1.0.6-2.el4_7.s390x.rpm x86_64: wireshark-1.0.6-2.el4_7.x86_64.rpm wireshark-debuginfo-1.0.6-2.el4_7.x86_64.rpm wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/wireshark-1.0.6-2.el4_7.src.rpm i386: wireshark-1.0.6-2.el4_7.i386.rpm wireshark-debuginfo-1.0.6-2.el4_7.i386.rpm wireshark-gnome-1.0.6-2.el4_7.i386.rpm x86_64: wireshark-1.0.6-2.el4_7.x86_64.rpm wireshark-debuginfo-1.0.6-2.el4_7.x86_64.rpm wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/wireshark-1.0.6-2.el4_7.src.rpm i386: wireshark-1.0.6-2.el4_7.i386.rpm wireshark-debuginfo-1.0.6-2.el4_7.i386.rpm wireshark-gnome-1.0.6-2.el4_7.i386.rpm ia64: wireshark-1.0.6-2.el4_7.ia64.rpm wireshark-debuginfo-1.0.6-2.el4_7.ia64.rpm wireshark-gnome-1.0.6-2.el4_7.ia64.rpm x86_64: wireshark-1.0.6-2.el4_7.x86_64.rpm wireshark-debuginfo-1.0.6-2.el4_7.x86_64.rpm wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/wireshark-1.0.6-2.el4_7.src.rpm i386: wireshark-1.0.6-2.el4_7.i386.rpm wireshark-debuginfo-1.0.6-2.el4_7.i386.rpm wireshark-gnome-1.0.6-2.el4_7.i386.rpm ia64: wireshark-1.0.6-2.el4_7.ia64.rpm wireshark-debuginfo-1.0.6-2.el4_7.ia64.rpm wireshark-gnome-1.0.6-2.el4_7.ia64.rpm x86_64: wireshark-1.0.6-2.el4_7.x86_64.rpm wireshark-debuginfo-1.0.6-2.el4_7.x86_64.rpm wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.6-2.el5_3.src.rpm i386: wireshark-1.0.6-2.el5_3.i386.rpm wireshark-debuginfo-1.0.6-2.el5_3.i386.rpm x86_64: wireshark-1.0.6-2.el5_3.x86_64.rpm wireshark-debuginfo-1.0.6-2.el5_3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.6-2.el5_3.src.rpm i386: wireshark-debuginfo-1.0.6-2.el5_3.i386.rpm wireshark-gnome-1.0.6-2.el5_3.i386.rpm x86_64: wireshark-debuginfo-1.0.6-2.el5_3.x86_64.rpm wireshark-gnome-1.0.6-2.el5_3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-1.0.6-2.el5_3.src.rpm i386: wireshark-1.0.6-2.el5_3.i386.rpm wireshark-debuginfo-1.0.6-2.el5_3.i386.rpm wireshark-gnome-1.0.6-2.el5_3.i386.rpm ia64: wireshark-1.0.6-2.el5_3.ia64.rpm wireshark-debuginfo-1.0.6-2.el5_3.ia64.rpm wireshark-gnome-1.0.6-2.el5_3.ia64.rpm ppc: wireshark-1.0.6-2.el5_3.ppc.rpm wireshark-debuginfo-1.0.6-2.el5_3.ppc.rpm wireshark-gnome-1.0.6-2.el5_3.ppc.rpm s390x: wireshark-1.0.6-2.el5_3.s390x.rpm wireshark-debuginfo-1.0.6-2.el5_3.s390x.rpm wireshark-gnome-1.0.6-2.el5_3.s390x.rpm x86_64: wireshark-1.0.6-2.el5_3.x86_64.rpm wireshark-debuginfo-1.0.6-2.el5_3.x86_64.rpm wireshark-gnome-1.0.6-2.el5_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJrtwQXlSAg2UNWIIRAosnAJ4pcEqUE1QKvqUypMnzk/bdhR/gRgCdElAB mk+m6B6vwDVTGmfyajjCp0U= =GVWL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 4 20:06:08 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Mar 2009 15:06:08 -0500 Subject: [RHSA-2009:0333-01] Moderate: libpng security update Message-ID: <200903042006.n24K68Lw022806@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2009:0333-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0333.html Issue date: 2009-03-04 CVE Names: CVE-2008-1382 CVE-2009-0040 ===================================================================== 1. Summary: Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing "unknown" chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 441839 - CVE-2008-1382 libpng unknown chunk handling flaw 486355 - CVE-2009-0040 libpng arbitrary free() flaw 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libpng-1.0.14-12.src.rpm i386: libpng-1.0.14-12.i386.rpm libpng-devel-1.0.14-12.i386.rpm ia64: libpng-1.0.14-12.ia64.rpm libpng-devel-1.0.14-12.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libpng-1.0.14-12.src.rpm ia64: libpng-1.0.14-12.ia64.rpm libpng-devel-1.0.14-12.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libpng-1.0.14-12.src.rpm i386: libpng-1.0.14-12.i386.rpm libpng-devel-1.0.14-12.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libpng-1.0.14-12.src.rpm i386: libpng-1.0.14-12.i386.rpm libpng-devel-1.0.14-12.i386.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-3.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-3.el4_7.3.src.rpm i386: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-devel-1.2.7-3.el4_7.2.i386.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-devel-1.0.16-3.el4_7.3.i386.rpm ia64: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.ia64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.ia64.rpm libpng-devel-1.2.7-3.el4_7.2.ia64.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.ia64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.ia64.rpm libpng10-devel-1.0.16-3.el4_7.3.ia64.rpm ppc: libpng-1.2.7-3.el4_7.2.ppc.rpm libpng-1.2.7-3.el4_7.2.ppc64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.ppc.rpm libpng-debuginfo-1.2.7-3.el4_7.2.ppc64.rpm libpng-devel-1.2.7-3.el4_7.2.ppc.rpm libpng10-1.0.16-3.el4_7.3.ppc.rpm libpng10-1.0.16-3.el4_7.3.ppc64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.ppc.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.ppc64.rpm libpng10-devel-1.0.16-3.el4_7.3.ppc.rpm s390: libpng-1.2.7-3.el4_7.2.s390.rpm libpng-debuginfo-1.2.7-3.el4_7.2.s390.rpm libpng-devel-1.2.7-3.el4_7.2.s390.rpm libpng10-1.0.16-3.el4_7.3.s390.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.s390.rpm libpng10-devel-1.0.16-3.el4_7.3.s390.rpm s390x: libpng-1.2.7-3.el4_7.2.s390.rpm libpng-1.2.7-3.el4_7.2.s390x.rpm libpng-debuginfo-1.2.7-3.el4_7.2.s390.rpm libpng-debuginfo-1.2.7-3.el4_7.2.s390x.rpm libpng-devel-1.2.7-3.el4_7.2.s390x.rpm libpng10-1.0.16-3.el4_7.3.s390.rpm libpng10-1.0.16-3.el4_7.3.s390x.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.s390.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.s390x.rpm libpng10-devel-1.0.16-3.el4_7.3.s390x.rpm x86_64: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.x86_64.rpm libpng-devel-1.2.7-3.el4_7.2.x86_64.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.x86_64.rpm libpng10-devel-1.0.16-3.el4_7.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-3.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-3.el4_7.3.src.rpm i386: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-devel-1.2.7-3.el4_7.2.i386.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-devel-1.0.16-3.el4_7.3.i386.rpm x86_64: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.x86_64.rpm libpng-devel-1.2.7-3.el4_7.2.x86_64.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.x86_64.rpm libpng10-devel-1.0.16-3.el4_7.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-3.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-3.el4_7.3.src.rpm i386: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-devel-1.2.7-3.el4_7.2.i386.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-devel-1.0.16-3.el4_7.3.i386.rpm ia64: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.ia64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.ia64.rpm libpng-devel-1.2.7-3.el4_7.2.ia64.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.ia64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.ia64.rpm libpng10-devel-1.0.16-3.el4_7.3.ia64.rpm x86_64: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.x86_64.rpm libpng-devel-1.2.7-3.el4_7.2.x86_64.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.x86_64.rpm libpng10-devel-1.0.16-3.el4_7.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-3.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-3.el4_7.3.src.rpm i386: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-devel-1.2.7-3.el4_7.2.i386.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-devel-1.0.16-3.el4_7.3.i386.rpm ia64: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.ia64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.ia64.rpm libpng-devel-1.2.7-3.el4_7.2.ia64.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.ia64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.ia64.rpm libpng10-devel-1.0.16-3.el4_7.3.ia64.rpm x86_64: libpng-1.2.7-3.el4_7.2.i386.rpm libpng-1.2.7-3.el4_7.2.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_7.2.i386.rpm libpng-debuginfo-1.2.7-3.el4_7.2.x86_64.rpm libpng-devel-1.2.7-3.el4_7.2.x86_64.rpm libpng10-1.0.16-3.el4_7.3.i386.rpm libpng10-1.0.16-3.el4_7.3.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.i386.rpm libpng10-debuginfo-1.0.16-3.el4_7.3.x86_64.rpm libpng10-devel-1.0.16-3.el4_7.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_3.2.src.rpm i386: libpng-1.2.10-7.1.el5_3.2.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.i386.rpm x86_64: libpng-1.2.10-7.1.el5_3.2.i386.rpm libpng-1.2.10-7.1.el5_3.2.x86_64.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_3.2.src.rpm i386: libpng-debuginfo-1.2.10-7.1.el5_3.2.i386.rpm libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm x86_64: libpng-debuginfo-1.2.10-7.1.el5_3.2.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.x86_64.rpm libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm libpng-devel-1.2.10-7.1.el5_3.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-7.1.el5_3.2.src.rpm i386: libpng-1.2.10-7.1.el5_3.2.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.i386.rpm libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ia64: libpng-1.2.10-7.1.el5_3.2.i386.rpm libpng-1.2.10-7.1.el5_3.2.ia64.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.ia64.rpm libpng-devel-1.2.10-7.1.el5_3.2.ia64.rpm ppc: libpng-1.2.10-7.1.el5_3.2.ppc.rpm libpng-1.2.10-7.1.el5_3.2.ppc64.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.ppc.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.ppc64.rpm libpng-devel-1.2.10-7.1.el5_3.2.ppc.rpm libpng-devel-1.2.10-7.1.el5_3.2.ppc64.rpm s390x: libpng-1.2.10-7.1.el5_3.2.s390.rpm libpng-1.2.10-7.1.el5_3.2.s390x.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.s390.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.s390x.rpm libpng-devel-1.2.10-7.1.el5_3.2.s390.rpm libpng-devel-1.2.10-7.1.el5_3.2.s390x.rpm x86_64: libpng-1.2.10-7.1.el5_3.2.i386.rpm libpng-1.2.10-7.1.el5_3.2.x86_64.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_3.2.x86_64.rpm libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm libpng-devel-1.2.10-7.1.el5_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJrt8hXlSAg2UNWIIRAr16AJ45epArXBpYAhV7id32w/DgBRF0dgCfYyNw 8PRXxSVp4F+nAMpYjh/GWmE= =16Pp -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 4 20:22:59 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Mar 2009 15:22:59 -0500 Subject: [RHSA-2009:0340-01] Moderate: libpng security update Message-ID: <200903042022.n24KMx0W002704@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2009:0340-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0340.html Issue date: 2009-03-04 CVE Names: CVE-2009-0040 ===================================================================== 1. Summary: Updated libpng and libpng10 packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 486355 - CVE-2009-0040 libpng arbitrary free() flaw 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng-1.2.2-29.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng10-1.0.13-20.src.rpm i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm ia64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.ia64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.ia64.rpm libpng-devel-1.2.2-29.ia64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.ia64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.ia64.rpm libpng10-devel-1.0.13-20.ia64.rpm ppc: libpng-1.2.2-29.ppc.rpm libpng-1.2.2-29.ppc64.rpm libpng-debuginfo-1.2.2-29.ppc.rpm libpng-debuginfo-1.2.2-29.ppc64.rpm libpng-devel-1.2.2-29.ppc.rpm libpng10-1.0.13-20.ppc.rpm libpng10-1.0.13-20.ppc64.rpm libpng10-debuginfo-1.0.13-20.ppc.rpm libpng10-debuginfo-1.0.13-20.ppc64.rpm libpng10-devel-1.0.13-20.ppc.rpm s390: libpng-1.2.2-29.s390.rpm libpng-debuginfo-1.2.2-29.s390.rpm libpng-devel-1.2.2-29.s390.rpm libpng10-1.0.13-20.s390.rpm libpng10-debuginfo-1.0.13-20.s390.rpm libpng10-devel-1.0.13-20.s390.rpm s390x: libpng-1.2.2-29.s390.rpm libpng-1.2.2-29.s390x.rpm libpng-debuginfo-1.2.2-29.s390.rpm libpng-debuginfo-1.2.2-29.s390x.rpm libpng-devel-1.2.2-29.s390x.rpm libpng10-1.0.13-20.s390.rpm libpng10-1.0.13-20.s390x.rpm libpng10-debuginfo-1.0.13-20.s390.rpm libpng10-debuginfo-1.0.13-20.s390x.rpm libpng10-devel-1.0.13-20.s390x.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng-1.2.2-29.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng10-1.0.13-20.src.rpm i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng-1.2.2-29.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng10-1.0.13-20.src.rpm i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm ia64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.ia64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.ia64.rpm libpng-devel-1.2.2-29.ia64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.ia64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.ia64.rpm libpng10-devel-1.0.13-20.ia64.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng-1.2.2-29.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng10-1.0.13-20.src.rpm i386: libpng-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-devel-1.2.2-29.i386.rpm libpng10-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-devel-1.0.13-20.i386.rpm ia64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.ia64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.ia64.rpm libpng-devel-1.2.2-29.ia64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.ia64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.ia64.rpm libpng10-devel-1.0.13-20.ia64.rpm x86_64: libpng-1.2.2-29.i386.rpm libpng-1.2.2-29.x86_64.rpm libpng-debuginfo-1.2.2-29.i386.rpm libpng-debuginfo-1.2.2-29.x86_64.rpm libpng-devel-1.2.2-29.x86_64.rpm libpng10-1.0.13-20.i386.rpm libpng10-1.0.13-20.x86_64.rpm libpng10-debuginfo-1.0.13-20.i386.rpm libpng10-debuginfo-1.0.13-20.x86_64.rpm libpng10-devel-1.0.13-20.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJruMZXlSAg2UNWIIRAonHAJ4pCGm8wT4RceW60JzLAQlcZNWZkgCgt1Sk oyTcH1jcq8OLvJIjjGxluvw= =FRDU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 5 00:19:56 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Mar 2009 19:19:56 -0500 Subject: [RHSA-2009:0315-00] Critical: firefox security update Message-ID: <200903050019.n250JuIN004400@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2009:0315-00 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0315.html Issue date: 2009-03-04 CVE Names: CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 ===================================================================== 1. Summary: An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 486355 - CVE-2009-0040 libpng arbitrary free() flaw 488272 - CVE-2009-0771 Firefox 3 Layout Engine Crashes 488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes 488276 - CVE-2009-0773 Firefox 3 crashes in the JavaScript engine 488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine 488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability 488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect 488292 - CVE-2009-0777 Firefox URL spoofing with invisible control characters 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.7-1.el4.src.rpm i386: firefox-3.0.7-1.el4.i386.rpm firefox-debuginfo-3.0.7-1.el4.i386.rpm ia64: firefox-3.0.7-1.el4.ia64.rpm firefox-debuginfo-3.0.7-1.el4.ia64.rpm ppc: firefox-3.0.7-1.el4.ppc.rpm firefox-debuginfo-3.0.7-1.el4.ppc.rpm s390: firefox-3.0.7-1.el4.s390.rpm firefox-debuginfo-3.0.7-1.el4.s390.rpm s390x: firefox-3.0.7-1.el4.s390x.rpm firefox-debuginfo-3.0.7-1.el4.s390x.rpm x86_64: firefox-3.0.7-1.el4.x86_64.rpm firefox-debuginfo-3.0.7-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.7-1.el4.src.rpm i386: firefox-3.0.7-1.el4.i386.rpm firefox-debuginfo-3.0.7-1.el4.i386.rpm x86_64: firefox-3.0.7-1.el4.x86_64.rpm firefox-debuginfo-3.0.7-1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.7-1.el4.src.rpm i386: firefox-3.0.7-1.el4.i386.rpm firefox-debuginfo-3.0.7-1.el4.i386.rpm ia64: firefox-3.0.7-1.el4.ia64.rpm firefox-debuginfo-3.0.7-1.el4.ia64.rpm x86_64: firefox-3.0.7-1.el4.x86_64.rpm firefox-debuginfo-3.0.7-1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.7-1.el4.src.rpm i386: firefox-3.0.7-1.el4.i386.rpm firefox-debuginfo-3.0.7-1.el4.i386.rpm ia64: firefox-3.0.7-1.el4.ia64.rpm firefox-debuginfo-3.0.7-1.el4.ia64.rpm x86_64: firefox-3.0.7-1.el4.x86_64.rpm firefox-debuginfo-3.0.7-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.7-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.7-1.el5.src.rpm i386: firefox-3.0.7-1.el5.i386.rpm firefox-debuginfo-3.0.7-1.el5.i386.rpm xulrunner-1.9.0.7-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-1.el5.i386.rpm x86_64: firefox-3.0.7-1.el5.i386.rpm firefox-3.0.7-1.el5.x86_64.rpm firefox-debuginfo-3.0.7-1.el5.i386.rpm firefox-debuginfo-3.0.7-1.el5.x86_64.rpm xulrunner-1.9.0.7-1.el5.i386.rpm xulrunner-1.9.0.7-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.7-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.7-1.el5.src.rpm i386: xulrunner-debuginfo-1.9.0.7-1.el5.i386.rpm xulrunner-devel-1.9.0.7-1.el5.i386.rpm xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm x86_64: xulrunner-debuginfo-1.9.0.7-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-1.el5.x86_64.rpm xulrunner-devel-1.9.0.7-1.el5.i386.rpm xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.7-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.7-1.el5.src.rpm i386: firefox-3.0.7-1.el5.i386.rpm firefox-debuginfo-3.0.7-1.el5.i386.rpm xulrunner-1.9.0.7-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-1.el5.i386.rpm xulrunner-devel-1.9.0.7-1.el5.i386.rpm xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm ia64: firefox-3.0.7-1.el5.ia64.rpm firefox-debuginfo-3.0.7-1.el5.ia64.rpm xulrunner-1.9.0.7-1.el5.ia64.rpm xulrunner-debuginfo-1.9.0.7-1.el5.ia64.rpm xulrunner-devel-1.9.0.7-1.el5.ia64.rpm xulrunner-devel-unstable-1.9.0.7-1.el5.ia64.rpm ppc: firefox-3.0.7-1.el5.ppc.rpm firefox-debuginfo-3.0.7-1.el5.ppc.rpm xulrunner-1.9.0.7-1.el5.ppc.rpm xulrunner-1.9.0.7-1.el5.ppc64.rpm xulrunner-debuginfo-1.9.0.7-1.el5.ppc.rpm xulrunner-debuginfo-1.9.0.7-1.el5.ppc64.rpm xulrunner-devel-1.9.0.7-1.el5.ppc.rpm xulrunner-devel-1.9.0.7-1.el5.ppc64.rpm xulrunner-devel-unstable-1.9.0.7-1.el5.ppc.rpm s390x: firefox-3.0.7-1.el5.s390.rpm firefox-3.0.7-1.el5.s390x.rpm firefox-debuginfo-3.0.7-1.el5.s390.rpm firefox-debuginfo-3.0.7-1.el5.s390x.rpm xulrunner-1.9.0.7-1.el5.s390.rpm xulrunner-1.9.0.7-1.el5.s390x.rpm xulrunner-debuginfo-1.9.0.7-1.el5.s390.rpm xulrunner-debuginfo-1.9.0.7-1.el5.s390x.rpm xulrunner-devel-1.9.0.7-1.el5.s390.rpm xulrunner-devel-1.9.0.7-1.el5.s390x.rpm xulrunner-devel-unstable-1.9.0.7-1.el5.s390x.rpm x86_64: firefox-3.0.7-1.el5.i386.rpm firefox-3.0.7-1.el5.x86_64.rpm firefox-debuginfo-3.0.7-1.el5.i386.rpm firefox-debuginfo-3.0.7-1.el5.x86_64.rpm xulrunner-1.9.0.7-1.el5.i386.rpm xulrunner-1.9.0.7-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.7-1.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-1.el5.x86_64.rpm xulrunner-devel-1.9.0.7-1.el5.i386.rpm xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777 http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJrxqeXlSAg2UNWIIRAlYFAKCus6q8xjY3uYAJ1dzIbrqqplvNIACbBJuS dHf0FRMmtvcV/Zf3ypE4ZLA= =+yaw -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 5 01:01:08 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Mar 2009 20:01:08 -0500 Subject: [RHSA-2009:0325-01] Critical: seamonkey security update Message-ID: <200903050101.n251183H027259@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2009:0325-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0325.html Issue date: 2009-03-04 CVE Names: CVE-2009-0040 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 ===================================================================== 1. Summary: Updated seamonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0040, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) A flaw was found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2009-0776) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 486355 - CVE-2009-0040 libpng arbitrary free() flaw 488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes 488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine 488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability 488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.9-0.30.el2.src.rpm i386: seamonkey-1.0.9-0.30.el2.i386.rpm seamonkey-chat-1.0.9-0.30.el2.i386.rpm seamonkey-devel-1.0.9-0.30.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.30.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.30.el2.i386.rpm seamonkey-mail-1.0.9-0.30.el2.i386.rpm seamonkey-nspr-1.0.9-0.30.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.30.el2.i386.rpm seamonkey-nss-1.0.9-0.30.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.30.el2.i386.rpm ia64: seamonkey-1.0.9-0.30.el2.ia64.rpm seamonkey-chat-1.0.9-0.30.el2.ia64.rpm seamonkey-devel-1.0.9-0.30.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.30.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.30.el2.ia64.rpm seamonkey-mail-1.0.9-0.30.el2.ia64.rpm seamonkey-nspr-1.0.9-0.30.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.30.el2.ia64.rpm seamonkey-nss-1.0.9-0.30.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.30.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.9-0.30.el2.src.rpm ia64: seamonkey-1.0.9-0.30.el2.ia64.rpm seamonkey-chat-1.0.9-0.30.el2.ia64.rpm seamonkey-devel-1.0.9-0.30.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.30.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.30.el2.ia64.rpm seamonkey-mail-1.0.9-0.30.el2.ia64.rpm seamonkey-nspr-1.0.9-0.30.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.30.el2.ia64.rpm seamonkey-nss-1.0.9-0.30.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.30.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.9-0.30.el2.src.rpm i386: seamonkey-1.0.9-0.30.el2.i386.rpm seamonkey-chat-1.0.9-0.30.el2.i386.rpm seamonkey-devel-1.0.9-0.30.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.30.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.30.el2.i386.rpm seamonkey-mail-1.0.9-0.30.el2.i386.rpm seamonkey-nspr-1.0.9-0.30.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.30.el2.i386.rpm seamonkey-nss-1.0.9-0.30.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.30.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.9-0.30.el2.src.rpm i386: seamonkey-1.0.9-0.30.el2.i386.rpm seamonkey-chat-1.0.9-0.30.el2.i386.rpm seamonkey-devel-1.0.9-0.30.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.30.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.30.el2.i386.rpm seamonkey-mail-1.0.9-0.30.el2.i386.rpm seamonkey-nspr-1.0.9-0.30.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.30.el2.i386.rpm seamonkey-nss-1.0.9-0.30.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.30.el2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.34.el3.src.rpm i386: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-chat-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-devel-1.0.9-0.34.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.34.el3.i386.rpm seamonkey-mail-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.34.el3.i386.rpm ia64: seamonkey-1.0.9-0.34.el3.ia64.rpm seamonkey-chat-1.0.9-0.34.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.ia64.rpm seamonkey-devel-1.0.9-0.34.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.34.el3.ia64.rpm seamonkey-mail-1.0.9-0.34.el3.ia64.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.ia64.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.34.el3.ia64.rpm ppc: seamonkey-1.0.9-0.34.el3.ppc.rpm seamonkey-chat-1.0.9-0.34.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.34.el3.ppc.rpm seamonkey-devel-1.0.9-0.34.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.34.el3.ppc.rpm seamonkey-mail-1.0.9-0.34.el3.ppc.rpm seamonkey-nspr-1.0.9-0.34.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.ppc.rpm seamonkey-nss-1.0.9-0.34.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.34.el3.ppc.rpm s390: seamonkey-1.0.9-0.34.el3.s390.rpm seamonkey-chat-1.0.9-0.34.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.34.el3.s390.rpm seamonkey-devel-1.0.9-0.34.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.34.el3.s390.rpm seamonkey-mail-1.0.9-0.34.el3.s390.rpm seamonkey-nspr-1.0.9-0.34.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.s390.rpm seamonkey-nss-1.0.9-0.34.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.34.el3.s390.rpm s390x: seamonkey-1.0.9-0.34.el3.s390x.rpm seamonkey-chat-1.0.9-0.34.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.34.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.34.el3.s390x.rpm seamonkey-devel-1.0.9-0.34.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.34.el3.s390x.rpm seamonkey-mail-1.0.9-0.34.el3.s390x.rpm seamonkey-nspr-1.0.9-0.34.el3.s390.rpm seamonkey-nspr-1.0.9-0.34.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.s390x.rpm seamonkey-nss-1.0.9-0.34.el3.s390.rpm seamonkey-nss-1.0.9-0.34.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.34.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-1.0.9-0.34.el3.x86_64.rpm seamonkey-chat-1.0.9-0.34.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.x86_64.rpm seamonkey-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.34.el3.x86_64.rpm seamonkey-mail-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.34.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.34.el3.src.rpm i386: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-chat-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-devel-1.0.9-0.34.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.34.el3.i386.rpm seamonkey-mail-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.34.el3.i386.rpm x86_64: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-1.0.9-0.34.el3.x86_64.rpm seamonkey-chat-1.0.9-0.34.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.x86_64.rpm seamonkey-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.34.el3.x86_64.rpm seamonkey-mail-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.34.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.34.el3.src.rpm i386: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-chat-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-devel-1.0.9-0.34.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.34.el3.i386.rpm seamonkey-mail-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.34.el3.i386.rpm ia64: seamonkey-1.0.9-0.34.el3.ia64.rpm seamonkey-chat-1.0.9-0.34.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.ia64.rpm seamonkey-devel-1.0.9-0.34.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.34.el3.ia64.rpm seamonkey-mail-1.0.9-0.34.el3.ia64.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.ia64.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.34.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-1.0.9-0.34.el3.x86_64.rpm seamonkey-chat-1.0.9-0.34.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.x86_64.rpm seamonkey-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.34.el3.x86_64.rpm seamonkey-mail-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.34.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.34.el3.src.rpm i386: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-chat-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-devel-1.0.9-0.34.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.34.el3.i386.rpm seamonkey-mail-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.34.el3.i386.rpm ia64: seamonkey-1.0.9-0.34.el3.ia64.rpm seamonkey-chat-1.0.9-0.34.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.ia64.rpm seamonkey-devel-1.0.9-0.34.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.34.el3.ia64.rpm seamonkey-mail-1.0.9-0.34.el3.ia64.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.ia64.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.34.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.34.el3.i386.rpm seamonkey-1.0.9-0.34.el3.x86_64.rpm seamonkey-chat-1.0.9-0.34.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.34.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.34.el3.x86_64.rpm seamonkey-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.34.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.34.el3.x86_64.rpm seamonkey-mail-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.34.el3.i386.rpm seamonkey-nspr-1.0.9-0.34.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-1.0.9-0.34.el3.i386.rpm seamonkey-nss-1.0.9-0.34.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.34.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-38.el4.src.rpm i386: seamonkey-1.0.9-38.el4.i386.rpm seamonkey-chat-1.0.9-38.el4.i386.rpm seamonkey-debuginfo-1.0.9-38.el4.i386.rpm seamonkey-devel-1.0.9-38.el4.i386.rpm seamonkey-dom-inspector-1.0.9-38.el4.i386.rpm seamonkey-js-debugger-1.0.9-38.el4.i386.rpm seamonkey-mail-1.0.9-38.el4.i386.rpm ia64: seamonkey-1.0.9-38.el4.ia64.rpm seamonkey-chat-1.0.9-38.el4.ia64.rpm seamonkey-debuginfo-1.0.9-38.el4.ia64.rpm seamonkey-devel-1.0.9-38.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-38.el4.ia64.rpm seamonkey-js-debugger-1.0.9-38.el4.ia64.rpm seamonkey-mail-1.0.9-38.el4.ia64.rpm ppc: seamonkey-1.0.9-38.el4.ppc.rpm seamonkey-chat-1.0.9-38.el4.ppc.rpm seamonkey-debuginfo-1.0.9-38.el4.ppc.rpm seamonkey-devel-1.0.9-38.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-38.el4.ppc.rpm seamonkey-js-debugger-1.0.9-38.el4.ppc.rpm seamonkey-mail-1.0.9-38.el4.ppc.rpm s390: seamonkey-1.0.9-38.el4.s390.rpm seamonkey-chat-1.0.9-38.el4.s390.rpm seamonkey-debuginfo-1.0.9-38.el4.s390.rpm seamonkey-devel-1.0.9-38.el4.s390.rpm seamonkey-dom-inspector-1.0.9-38.el4.s390.rpm seamonkey-js-debugger-1.0.9-38.el4.s390.rpm seamonkey-mail-1.0.9-38.el4.s390.rpm s390x: seamonkey-1.0.9-38.el4.s390x.rpm seamonkey-chat-1.0.9-38.el4.s390x.rpm seamonkey-debuginfo-1.0.9-38.el4.s390x.rpm seamonkey-devel-1.0.9-38.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-38.el4.s390x.rpm seamonkey-js-debugger-1.0.9-38.el4.s390x.rpm seamonkey-mail-1.0.9-38.el4.s390x.rpm x86_64: seamonkey-1.0.9-38.el4.x86_64.rpm seamonkey-chat-1.0.9-38.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-38.el4.x86_64.rpm seamonkey-devel-1.0.9-38.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-38.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-38.el4.x86_64.rpm seamonkey-mail-1.0.9-38.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-38.el4.src.rpm i386: seamonkey-1.0.9-38.el4.i386.rpm seamonkey-chat-1.0.9-38.el4.i386.rpm seamonkey-debuginfo-1.0.9-38.el4.i386.rpm seamonkey-devel-1.0.9-38.el4.i386.rpm seamonkey-dom-inspector-1.0.9-38.el4.i386.rpm seamonkey-js-debugger-1.0.9-38.el4.i386.rpm seamonkey-mail-1.0.9-38.el4.i386.rpm x86_64: seamonkey-1.0.9-38.el4.x86_64.rpm seamonkey-chat-1.0.9-38.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-38.el4.x86_64.rpm seamonkey-devel-1.0.9-38.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-38.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-38.el4.x86_64.rpm seamonkey-mail-1.0.9-38.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-38.el4.src.rpm i386: seamonkey-1.0.9-38.el4.i386.rpm seamonkey-chat-1.0.9-38.el4.i386.rpm seamonkey-debuginfo-1.0.9-38.el4.i386.rpm seamonkey-devel-1.0.9-38.el4.i386.rpm seamonkey-dom-inspector-1.0.9-38.el4.i386.rpm seamonkey-js-debugger-1.0.9-38.el4.i386.rpm seamonkey-mail-1.0.9-38.el4.i386.rpm ia64: seamonkey-1.0.9-38.el4.ia64.rpm seamonkey-chat-1.0.9-38.el4.ia64.rpm seamonkey-debuginfo-1.0.9-38.el4.ia64.rpm seamonkey-devel-1.0.9-38.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-38.el4.ia64.rpm seamonkey-js-debugger-1.0.9-38.el4.ia64.rpm seamonkey-mail-1.0.9-38.el4.ia64.rpm x86_64: seamonkey-1.0.9-38.el4.x86_64.rpm seamonkey-chat-1.0.9-38.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-38.el4.x86_64.rpm seamonkey-devel-1.0.9-38.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-38.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-38.el4.x86_64.rpm seamonkey-mail-1.0.9-38.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-38.el4.src.rpm i386: seamonkey-1.0.9-38.el4.i386.rpm seamonkey-chat-1.0.9-38.el4.i386.rpm seamonkey-debuginfo-1.0.9-38.el4.i386.rpm seamonkey-devel-1.0.9-38.el4.i386.rpm seamonkey-dom-inspector-1.0.9-38.el4.i386.rpm seamonkey-js-debugger-1.0.9-38.el4.i386.rpm seamonkey-mail-1.0.9-38.el4.i386.rpm ia64: seamonkey-1.0.9-38.el4.ia64.rpm seamonkey-chat-1.0.9-38.el4.ia64.rpm seamonkey-debuginfo-1.0.9-38.el4.ia64.rpm seamonkey-devel-1.0.9-38.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-38.el4.ia64.rpm seamonkey-js-debugger-1.0.9-38.el4.ia64.rpm seamonkey-mail-1.0.9-38.el4.ia64.rpm x86_64: seamonkey-1.0.9-38.el4.x86_64.rpm seamonkey-chat-1.0.9-38.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-38.el4.x86_64.rpm seamonkey-devel-1.0.9-38.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-38.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-38.el4.x86_64.rpm seamonkey-mail-1.0.9-38.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJryREXlSAg2UNWIIRAmduAKCvEezNYjeP609TEafXtt4VpF08KwCfaJqT z0F2XItGEGxqUg19v/r6YMs= =nCiQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 12 14:52:37 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Mar 2009 10:52:37 -0400 Subject: [RHSA-2009:0296-01] Moderate: icu security update Message-ID: <200903121452.n2CEqdi7017164@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: icu security update Advisory ID: RHSA-2009:0296-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0296.html Issue date: 2009-03-12 CVE Names: CVE-2008-1036 ===================================================================== 1. Summary: Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid, encoded data. If an application used ICU to decode malformed, multibyte, character data, it may have been possible to bypass certain content protection mechanisms, or display information in a manner misleading to the user. (CVE-2008-1036) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 464168 - CVE-2008-1036 ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/icu-3.6-5.11.2.src.rpm i386: icu-3.6-5.11.2.i386.rpm icu-debuginfo-3.6-5.11.2.i386.rpm libicu-3.6-5.11.2.i386.rpm libicu-doc-3.6-5.11.2.i386.rpm x86_64: icu-3.6-5.11.2.x86_64.rpm icu-debuginfo-3.6-5.11.2.i386.rpm icu-debuginfo-3.6-5.11.2.x86_64.rpm libicu-3.6-5.11.2.i386.rpm libicu-3.6-5.11.2.x86_64.rpm libicu-doc-3.6-5.11.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/icu-3.6-5.11.2.src.rpm i386: icu-debuginfo-3.6-5.11.2.i386.rpm libicu-devel-3.6-5.11.2.i386.rpm x86_64: icu-debuginfo-3.6-5.11.2.i386.rpm icu-debuginfo-3.6-5.11.2.x86_64.rpm libicu-devel-3.6-5.11.2.i386.rpm libicu-devel-3.6-5.11.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/icu-3.6-5.11.2.src.rpm i386: icu-3.6-5.11.2.i386.rpm icu-debuginfo-3.6-5.11.2.i386.rpm libicu-3.6-5.11.2.i386.rpm libicu-devel-3.6-5.11.2.i386.rpm libicu-doc-3.6-5.11.2.i386.rpm ia64: icu-3.6-5.11.2.ia64.rpm icu-debuginfo-3.6-5.11.2.ia64.rpm libicu-3.6-5.11.2.ia64.rpm libicu-devel-3.6-5.11.2.ia64.rpm libicu-doc-3.6-5.11.2.ia64.rpm ppc: icu-3.6-5.11.2.ppc.rpm icu-debuginfo-3.6-5.11.2.ppc.rpm icu-debuginfo-3.6-5.11.2.ppc64.rpm libicu-3.6-5.11.2.ppc.rpm libicu-3.6-5.11.2.ppc64.rpm libicu-devel-3.6-5.11.2.ppc.rpm libicu-devel-3.6-5.11.2.ppc64.rpm libicu-doc-3.6-5.11.2.ppc.rpm s390x: icu-3.6-5.11.2.s390x.rpm icu-debuginfo-3.6-5.11.2.s390.rpm icu-debuginfo-3.6-5.11.2.s390x.rpm libicu-3.6-5.11.2.s390.rpm libicu-3.6-5.11.2.s390x.rpm libicu-devel-3.6-5.11.2.s390.rpm libicu-devel-3.6-5.11.2.s390x.rpm libicu-doc-3.6-5.11.2.s390x.rpm x86_64: icu-3.6-5.11.2.x86_64.rpm icu-debuginfo-3.6-5.11.2.i386.rpm icu-debuginfo-3.6-5.11.2.x86_64.rpm libicu-3.6-5.11.2.i386.rpm libicu-3.6-5.11.2.x86_64.rpm libicu-devel-3.6-5.11.2.i386.rpm libicu-devel-3.6-5.11.2.x86_64.rpm libicu-doc-3.6-5.11.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1036 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJuSGsXlSAg2UNWIIRArAyAKClbTjn6SAk3/0sX4BweID/3/Tt8wCfbDsF j+ZmWVanG1BJsLP2tKjesc0= =lnBQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 12 14:52:49 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Mar 2009 10:52:49 -0400 Subject: [RHSA-2009:0331-01] Important: kernel security and bug fix update Message-ID: <200903121452.n2CEqowN017293@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:0331-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0331.html Issue date: 2009-03-12 CVE Names: CVE-2008-5700 CVE-2009-0031 CVE-2009-0065 CVE-2009-0322 ===================================================================== 1. Summary: Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues: * a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important) * a memory leak was found in keyctl handling. A local, unprivileged user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important) * a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size file in "/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Important) * a deficiency was found in the libATA implementation. This could, potentially, lead to a denial of service. Note: by default, "/dev/sg*" devices are accessible only to the root user. (CVE-2008-5700, Low) This update also fixes the following bugs: * when the hypervisor changed a page table entry (pte) mapping from read-only to writable via a make_writable hypercall, accessing the changed page immediately following the change caused a spurious page fault. When trying to install a para-virtualized Red Hat Enterprise Linux 4 guest on a Red Hat Enterprise Linux 5.3 dom0 host, this fault crashed the installer with a kernel backtrace. With this update, the "spurious" page fault is handled properly. (BZ#483748) * net_rx_action could detect its cpu poll_list as non-empty, but have that same list reduced to empty by the poll_napi path. This resulted in garbage data being returned when net_rx_action calls list_entry, which subsequently resulted in several possible crash conditions. The race condition in the network code which caused this has been fixed. (BZ#475970, BZ#479681 & BZ#480741) * a misplaced memory barrier at unlock_buffer() could lead to a concurrent h_refcounter update which produced a reference counter leak and, later, a double free in ext3_xattr_release_block(). Consequent to the double free, ext3 reported an error ext3_free_blocks_sb: bit already cleared for block [block number] and mounted itself as read-only. With this update, the memory barrier is now placed before the buffer head lock bit, forcing the write order and preventing the double free. (BZ#476533) * when the iptables module was unloaded, it was assumed the correct entry for removal had been found if "wrapper->ops->pf" matched the value passed in by "reg->pf". If several ops ranges were registered against the same protocol family, however, (which was likely if you had both ip_conntrack and ip_contrack_* loaded) this assumption could lead to NULL list pointers and cause a kernel panic. With this update, "wrapper->ops" is matched to pointer values "reg", which ensures the correct entry is removed and results in no NULL list pointers. (BZ#477147) * when the pidmap page (used for tracking process ids, pids) incremented to an even page (ie the second, fourth, sixth, etc. pidmap page), the alloc_pidmap() routine skipped the page. This resulted in "holes" in the allocated pids. For example, after pid 32767, you would expect 32768 to be allocated. If the page skipping behavior presented, however, the pid allocated after 32767 was 65536. With this update, alloc_pidmap() no longer skips alternate pidmap pages and allocated pid holes no longer occur. This fix also corrects an error which allowed pid_max to be set higher than the pid_max limit has been corrected. (BZ#479182) All Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 474495 - CVE-2008-5700 kernel: enforce a minimum SG_IO timeout 475970 - oops in e1000_clean (list corruption due to race with e1000_down) 476533 - Read-only filesystem after 'ext3_free_blocks_sb: bit already cleared for block' errors 477147 - Kernel panic when unloading ip conntrack modules 478800 - CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID 479182 - RHEL4 64 bit skips all pids with bit 15 set (32768-65535, 98304-131071 etc) 479681 - oops in net_rx_action on double free of dev->poll_list 480592 - CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring 480741 - RHEL4.8 kernel crashed in net_rx_action() on IA64 machine in RHTS connectathon test 482866 - CVE-2009-0322 kernel: dell_rbu local oops 483748 - rhel4 PV guest installations busted on rhel 5.3 i386 intel dom0 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm i386: kernel-2.6.9-78.0.17.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm kernel-devel-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm kernel-smp-2.6.9-78.0.17.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm ia64: kernel-2.6.9-78.0.17.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm kernel-devel-2.6.9-78.0.17.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.17.EL.noarch.rpm ppc: kernel-2.6.9-78.0.17.EL.ppc64.rpm kernel-2.6.9-78.0.17.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-78.0.17.EL.ppc64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.ppc64iseries.rpm kernel-devel-2.6.9-78.0.17.EL.ppc64.rpm kernel-devel-2.6.9-78.0.17.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-78.0.17.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.ppc64.rpm s390: kernel-2.6.9-78.0.17.EL.s390.rpm kernel-debuginfo-2.6.9-78.0.17.EL.s390.rpm kernel-devel-2.6.9-78.0.17.EL.s390.rpm s390x: kernel-2.6.9-78.0.17.EL.s390x.rpm kernel-debuginfo-2.6.9-78.0.17.EL.s390x.rpm kernel-devel-2.6.9-78.0.17.EL.s390x.rpm x86_64: kernel-2.6.9-78.0.17.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm i386: kernel-2.6.9-78.0.17.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm kernel-devel-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm kernel-smp-2.6.9-78.0.17.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm noarch: kernel-doc-2.6.9-78.0.17.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.17.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm i386: kernel-2.6.9-78.0.17.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm kernel-devel-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm kernel-smp-2.6.9-78.0.17.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm ia64: kernel-2.6.9-78.0.17.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm kernel-devel-2.6.9-78.0.17.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.17.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.17.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm i386: kernel-2.6.9-78.0.17.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm kernel-devel-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm kernel-smp-2.6.9-78.0.17.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-2.6.9-78.0.17.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm ia64: kernel-2.6.9-78.0.17.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm kernel-devel-2.6.9-78.0.17.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.17.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.17.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJuSG1XlSAg2UNWIIRAq4+AKC0WI0DQ5fzioWJlRaW0MyWrjS24gCfYECc akyEDC7EwkyI0e61bLDjhVA= =HZfD -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 16 15:00:25 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Mar 2009 11:00:25 -0400 Subject: [RHSA-2009:0344-01] Moderate: libsoup security update Message-ID: <200903161500.n2GF0Zst006226@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libsoup security update Advisory ID: RHSA-2009:0344-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0344.html Issue date: 2009-03-16 CVE Names: CVE-2009-0585 ===================================================================== 1. Summary: Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All users of libsoup and evolution28-libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 488026 - CVE-2009-0585 libsoup: integer overflow in soup_base64_encode() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution28-libsoup-2.2.98-5.el4.1.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libsoup-2.2.1-4.el4.1.src.rpm i386: evolution28-libsoup-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-devel-2.2.1-4.el4.1.i386.rpm ia64: evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.ia64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.ia64.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.ia64.rpm libsoup-devel-2.2.1-4.el4.1.ia64.rpm ppc: evolution28-libsoup-2.2.98-5.el4.1.ppc.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.ppc.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.ppc.rpm libsoup-2.2.1-4.el4.1.ppc.rpm libsoup-2.2.1-4.el4.1.ppc64.rpm libsoup-debuginfo-2.2.1-4.el4.1.ppc.rpm libsoup-debuginfo-2.2.1-4.el4.1.ppc64.rpm libsoup-devel-2.2.1-4.el4.1.ppc.rpm s390: evolution28-libsoup-2.2.98-5.el4.1.s390.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.s390.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.s390.rpm libsoup-2.2.1-4.el4.1.s390.rpm libsoup-debuginfo-2.2.1-4.el4.1.s390.rpm libsoup-devel-2.2.1-4.el4.1.s390.rpm s390x: evolution28-libsoup-2.2.98-5.el4.1.s390x.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.s390x.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.s390x.rpm libsoup-2.2.1-4.el4.1.s390.rpm libsoup-2.2.1-4.el4.1.s390x.rpm libsoup-debuginfo-2.2.1-4.el4.1.s390.rpm libsoup-debuginfo-2.2.1-4.el4.1.s390x.rpm libsoup-devel-2.2.1-4.el4.1.s390x.rpm x86_64: evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.x86_64.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.x86_64.rpm libsoup-devel-2.2.1-4.el4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution28-libsoup-2.2.98-5.el4.1.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libsoup-2.2.1-4.el4.1.src.rpm i386: evolution28-libsoup-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-devel-2.2.1-4.el4.1.i386.rpm x86_64: evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.x86_64.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.x86_64.rpm libsoup-devel-2.2.1-4.el4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution28-libsoup-2.2.98-5.el4.1.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libsoup-2.2.1-4.el4.1.src.rpm i386: evolution28-libsoup-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-devel-2.2.1-4.el4.1.i386.rpm ia64: evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.ia64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.ia64.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.ia64.rpm libsoup-devel-2.2.1-4.el4.1.ia64.rpm x86_64: evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.x86_64.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.x86_64.rpm libsoup-devel-2.2.1-4.el4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution28-libsoup-2.2.98-5.el4.1.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libsoup-2.2.1-4.el4.1.src.rpm i386: evolution28-libsoup-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-devel-2.2.1-4.el4.1.i386.rpm ia64: evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.ia64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.ia64.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.ia64.rpm libsoup-devel-2.2.1-4.el4.1.ia64.rpm x86_64: evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-debuginfo-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.x86_64.rpm libsoup-debuginfo-2.2.1-4.el4.1.i386.rpm libsoup-debuginfo-2.2.1-4.el4.1.x86_64.rpm libsoup-devel-2.2.1-4.el4.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libsoup-2.2.98-2.el5_3.1.src.rpm i386: libsoup-2.2.98-2.el5_3.1.i386.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.i386.rpm x86_64: libsoup-2.2.98-2.el5_3.1.i386.rpm libsoup-2.2.98-2.el5_3.1.x86_64.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.i386.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libsoup-2.2.98-2.el5_3.1.src.rpm i386: libsoup-debuginfo-2.2.98-2.el5_3.1.i386.rpm libsoup-devel-2.2.98-2.el5_3.1.i386.rpm x86_64: libsoup-debuginfo-2.2.98-2.el5_3.1.i386.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.x86_64.rpm libsoup-devel-2.2.98-2.el5_3.1.i386.rpm libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libsoup-2.2.98-2.el5_3.1.src.rpm i386: libsoup-2.2.98-2.el5_3.1.i386.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.i386.rpm libsoup-devel-2.2.98-2.el5_3.1.i386.rpm ia64: libsoup-2.2.98-2.el5_3.1.ia64.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.ia64.rpm libsoup-devel-2.2.98-2.el5_3.1.ia64.rpm ppc: libsoup-2.2.98-2.el5_3.1.ppc.rpm libsoup-2.2.98-2.el5_3.1.ppc64.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.ppc.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.ppc64.rpm libsoup-devel-2.2.98-2.el5_3.1.ppc.rpm libsoup-devel-2.2.98-2.el5_3.1.ppc64.rpm s390x: libsoup-2.2.98-2.el5_3.1.s390.rpm libsoup-2.2.98-2.el5_3.1.s390x.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.s390.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.s390x.rpm libsoup-devel-2.2.98-2.el5_3.1.s390.rpm libsoup-devel-2.2.98-2.el5_3.1.s390x.rpm x86_64: libsoup-2.2.98-2.el5_3.1.i386.rpm libsoup-2.2.98-2.el5_3.1.x86_64.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.i386.rpm libsoup-debuginfo-2.2.98-2.el5_3.1.x86_64.rpm libsoup-devel-2.2.98-2.el5_3.1.i386.rpm libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0585 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJvmlyXlSAg2UNWIIRAkY6AKCDMM0GH7+U2gzpyzS0Ak1ETrLFYACfUJmI rHbu3l+yqI87vT6MoD58hpI= =PBFZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 16 15:00:54 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Mar 2009 11:00:54 -0400 Subject: [RHSA-2009:0354-01] Moderate: evolution-data-server security update Message-ID: <200903161500.n2GF0tpC006391@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: evolution-data-server security update Advisory ID: RHSA-2009:0354-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0354.html Issue date: 2009-03-16 CVE Names: CVE-2009-0547 CVE-2009-0582 CVE-2009-0587 ===================================================================== 1. Summary: Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution-data-server and evolution28-evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution Data Server and applications using it (such as Evolution) must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 484925 - CVE-2009-0547 evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM) 487685 - CVE-2009-0582 evolution-data-server: insufficient checking of NTLM authentication challenge packets 488226 - CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution28-evolution-data-server-1.8.0-37.el4_7.2.src.rpm i386: evolution28-evolution-data-server-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.i386.rpm ia64: evolution28-evolution-data-server-1.8.0-37.el4_7.2.ia64.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.ia64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.ia64.rpm ppc: evolution28-evolution-data-server-1.8.0-37.el4_7.2.ppc.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.ppc.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.ppc.rpm s390: evolution28-evolution-data-server-1.8.0-37.el4_7.2.s390.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.s390.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.s390.rpm s390x: evolution28-evolution-data-server-1.8.0-37.el4_7.2.s390x.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.s390x.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.s390x.rpm x86_64: evolution28-evolution-data-server-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution28-evolution-data-server-1.8.0-37.el4_7.2.src.rpm i386: evolution28-evolution-data-server-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.i386.rpm x86_64: evolution28-evolution-data-server-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution28-evolution-data-server-1.8.0-37.el4_7.2.src.rpm i386: evolution28-evolution-data-server-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.i386.rpm ia64: evolution28-evolution-data-server-1.8.0-37.el4_7.2.ia64.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.ia64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.ia64.rpm x86_64: evolution28-evolution-data-server-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution28-evolution-data-server-1.8.0-37.el4_7.2.src.rpm i386: evolution28-evolution-data-server-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.i386.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.i386.rpm ia64: evolution28-evolution-data-server-1.8.0-37.el4_7.2.ia64.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.ia64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.ia64.rpm x86_64: evolution28-evolution-data-server-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-debuginfo-1.8.0-37.el4_7.2.x86_64.rpm evolution28-evolution-data-server-devel-1.8.0-37.el4_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/evolution-data-server-1.12.3-10.el5_3.3.src.rpm i386: evolution-data-server-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-doc-1.12.3-10.el5_3.3.i386.rpm x86_64: evolution-data-server-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-1.12.3-10.el5_3.3.x86_64.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.x86_64.rpm evolution-data-server-doc-1.12.3-10.el5_3.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/evolution-data-server-1.12.3-10.el5_3.3.src.rpm i386: evolution-data-server-debuginfo-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.i386.rpm x86_64: evolution-data-server-debuginfo-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.x86_64.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/evolution-data-server-1.12.3-10.el5_3.3.src.rpm i386: evolution-data-server-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-doc-1.12.3-10.el5_3.3.i386.rpm ia64: evolution-data-server-1.12.3-10.el5_3.3.ia64.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.ia64.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.ia64.rpm evolution-data-server-doc-1.12.3-10.el5_3.3.ia64.rpm ppc: evolution-data-server-1.12.3-10.el5_3.3.ppc.rpm evolution-data-server-1.12.3-10.el5_3.3.ppc64.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.ppc.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.ppc64.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.ppc.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.ppc64.rpm evolution-data-server-doc-1.12.3-10.el5_3.3.ppc.rpm s390x: evolution-data-server-1.12.3-10.el5_3.3.s390.rpm evolution-data-server-1.12.3-10.el5_3.3.s390x.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.s390.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.s390x.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.s390.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.s390x.rpm evolution-data-server-doc-1.12.3-10.el5_3.3.s390x.rpm x86_64: evolution-data-server-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-1.12.3-10.el5_3.3.x86_64.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-debuginfo-1.12.3-10.el5_3.3.x86_64.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.i386.rpm evolution-data-server-devel-1.12.3-10.el5_3.3.x86_64.rpm evolution-data-server-doc-1.12.3-10.el5_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJvmmkXlSAg2UNWIIRAmtPAJ4odLDPBGNGMRvt124HVBxKp9duxACgubCj qelr92gT4Zzh0KTZ4LYtJ30= =KFFI -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 16 15:01:07 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Mar 2009 11:01:07 -0400 Subject: [RHSA-2009:0355-01] Moderate: evolution and evolution-data-server security update Message-ID: <200903161501.n2GF17Eb006646@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: evolution and evolution-data-server security update Advisory ID: RHSA-2009:0355-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0355.html Issue date: 2009-03-16 CVE Names: CVE-2009-0547 CVE-2009-0582 CVE-2009-0587 ===================================================================== 1. Summary: Updated evolution and evolution-data-server packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution and evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution and evolution-data-server must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 484925 - CVE-2009-0547 evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM) 487685 - CVE-2009-0582 evolution-data-server: insufficient checking of NTLM authentication challenge packets 488226 - CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution-2.0.2-41.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution-data-server-1.0.2-14.el4_7.1.src.rpm i386: evolution-2.0.2-41.el4_7.2.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.i386.rpm evolution-debuginfo-2.0.2-41.el4_7.2.i386.rpm evolution-devel-2.0.2-41.el4_7.2.i386.rpm ia64: evolution-2.0.2-41.el4_7.2.ia64.rpm evolution-data-server-1.0.2-14.el4_7.1.ia64.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.ia64.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.ia64.rpm evolution-debuginfo-2.0.2-41.el4_7.2.ia64.rpm evolution-devel-2.0.2-41.el4_7.2.ia64.rpm ppc: evolution-2.0.2-41.el4_7.2.ppc.rpm evolution-data-server-1.0.2-14.el4_7.1.ppc.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.ppc.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.ppc.rpm evolution-debuginfo-2.0.2-41.el4_7.2.ppc.rpm evolution-devel-2.0.2-41.el4_7.2.ppc.rpm s390: evolution-2.0.2-41.el4_7.2.s390.rpm evolution-data-server-1.0.2-14.el4_7.1.s390.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.s390.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.s390.rpm evolution-debuginfo-2.0.2-41.el4_7.2.s390.rpm evolution-devel-2.0.2-41.el4_7.2.s390.rpm s390x: evolution-2.0.2-41.el4_7.2.s390x.rpm evolution-data-server-1.0.2-14.el4_7.1.s390x.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.s390x.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.s390x.rpm evolution-debuginfo-2.0.2-41.el4_7.2.s390x.rpm evolution-devel-2.0.2-41.el4_7.2.s390x.rpm x86_64: evolution-2.0.2-41.el4_7.2.x86_64.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.x86_64.rpm evolution-debuginfo-2.0.2-41.el4_7.2.x86_64.rpm evolution-devel-2.0.2-41.el4_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution-2.0.2-41.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution-data-server-1.0.2-14.el4_7.1.src.rpm i386: evolution-2.0.2-41.el4_7.2.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.i386.rpm evolution-debuginfo-2.0.2-41.el4_7.2.i386.rpm evolution-devel-2.0.2-41.el4_7.2.i386.rpm x86_64: evolution-2.0.2-41.el4_7.2.x86_64.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.x86_64.rpm evolution-debuginfo-2.0.2-41.el4_7.2.x86_64.rpm evolution-devel-2.0.2-41.el4_7.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution-2.0.2-41.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution-data-server-1.0.2-14.el4_7.1.src.rpm i386: evolution-2.0.2-41.el4_7.2.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.i386.rpm evolution-debuginfo-2.0.2-41.el4_7.2.i386.rpm evolution-devel-2.0.2-41.el4_7.2.i386.rpm ia64: evolution-2.0.2-41.el4_7.2.ia64.rpm evolution-data-server-1.0.2-14.el4_7.1.ia64.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.ia64.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.ia64.rpm evolution-debuginfo-2.0.2-41.el4_7.2.ia64.rpm evolution-devel-2.0.2-41.el4_7.2.ia64.rpm x86_64: evolution-2.0.2-41.el4_7.2.x86_64.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.x86_64.rpm evolution-debuginfo-2.0.2-41.el4_7.2.x86_64.rpm evolution-devel-2.0.2-41.el4_7.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution-2.0.2-41.el4_7.2.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution-data-server-1.0.2-14.el4_7.1.src.rpm i386: evolution-2.0.2-41.el4_7.2.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.i386.rpm evolution-debuginfo-2.0.2-41.el4_7.2.i386.rpm evolution-devel-2.0.2-41.el4_7.2.i386.rpm ia64: evolution-2.0.2-41.el4_7.2.ia64.rpm evolution-data-server-1.0.2-14.el4_7.1.ia64.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.ia64.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.ia64.rpm evolution-debuginfo-2.0.2-41.el4_7.2.ia64.rpm evolution-devel-2.0.2-41.el4_7.2.ia64.rpm x86_64: evolution-2.0.2-41.el4_7.2.x86_64.rpm evolution-data-server-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.i386.rpm evolution-data-server-debuginfo-1.0.2-14.el4_7.1.x86_64.rpm evolution-data-server-devel-1.0.2-14.el4_7.1.x86_64.rpm evolution-debuginfo-2.0.2-41.el4_7.2.x86_64.rpm evolution-devel-2.0.2-41.el4_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJvmmoXlSAg2UNWIIRAsS3AKCnVFCP9gXrCYDrZUdRErdmb9dPAwCfTQoq Lt5ENGwKKv776zBJPeYYJsE= =znFC -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 16 15:50:34 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Mar 2009 11:50:34 -0400 Subject: [RHSA-2009:0358-01] Moderate: evolution security update Message-ID: <200903161550.n2GFoYk8015336@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: evolution security update Advisory ID: RHSA-2009:0358-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0358.html Issue date: 2009-03-16 CVE Names: CVE-2009-0582 CVE-2009-0587 ===================================================================== 1. Summary: Updated evolution packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) An integer overflow flaw which could cause heap-based buffer overflow was found in the Base64 encoding routine used by evolution. This could cause evolution to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 487685 - CVE-2009-0582 evolution-data-server: insufficient checking of NTLM authentication challenge packets 488226 - CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/evolution-1.4.5-25.el3.src.rpm i386: evolution-1.4.5-25.el3.i386.rpm evolution-debuginfo-1.4.5-25.el3.i386.rpm evolution-devel-1.4.5-25.el3.i386.rpm ia64: evolution-1.4.5-25.el3.ia64.rpm evolution-debuginfo-1.4.5-25.el3.ia64.rpm evolution-devel-1.4.5-25.el3.ia64.rpm ppc: evolution-1.4.5-25.el3.ppc.rpm evolution-debuginfo-1.4.5-25.el3.ppc.rpm evolution-devel-1.4.5-25.el3.ppc.rpm s390: evolution-1.4.5-25.el3.s390.rpm evolution-debuginfo-1.4.5-25.el3.s390.rpm evolution-devel-1.4.5-25.el3.s390.rpm s390x: evolution-1.4.5-25.el3.s390x.rpm evolution-debuginfo-1.4.5-25.el3.s390x.rpm evolution-devel-1.4.5-25.el3.s390x.rpm x86_64: evolution-1.4.5-25.el3.x86_64.rpm evolution-debuginfo-1.4.5-25.el3.x86_64.rpm evolution-devel-1.4.5-25.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/evolution-1.4.5-25.el3.src.rpm i386: evolution-1.4.5-25.el3.i386.rpm evolution-debuginfo-1.4.5-25.el3.i386.rpm evolution-devel-1.4.5-25.el3.i386.rpm x86_64: evolution-1.4.5-25.el3.x86_64.rpm evolution-debuginfo-1.4.5-25.el3.x86_64.rpm evolution-devel-1.4.5-25.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/evolution-1.4.5-25.el3.src.rpm i386: evolution-1.4.5-25.el3.i386.rpm evolution-debuginfo-1.4.5-25.el3.i386.rpm evolution-devel-1.4.5-25.el3.i386.rpm ia64: evolution-1.4.5-25.el3.ia64.rpm evolution-debuginfo-1.4.5-25.el3.ia64.rpm evolution-devel-1.4.5-25.el3.ia64.rpm x86_64: evolution-1.4.5-25.el3.x86_64.rpm evolution-debuginfo-1.4.5-25.el3.x86_64.rpm evolution-devel-1.4.5-25.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/evolution-1.4.5-25.el3.src.rpm i386: evolution-1.4.5-25.el3.i386.rpm evolution-debuginfo-1.4.5-25.el3.i386.rpm evolution-devel-1.4.5-25.el3.i386.rpm ia64: evolution-1.4.5-25.el3.ia64.rpm evolution-debuginfo-1.4.5-25.el3.ia64.rpm evolution-devel-1.4.5-25.el3.ia64.rpm x86_64: evolution-1.4.5-25.el3.x86_64.rpm evolution-debuginfo-1.4.5-25.el3.x86_64.rpm evolution-devel-1.4.5-25.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0582 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0587 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJvnVGXlSAg2UNWIIRAuNhAJ9rre+TXlEGZjDuaJopN8XsMDpR3wCdEMNZ 67VEWQUyXcFY8nYUxBtFAwE= =+E5o -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 19 16:12:22 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Mar 2009 12:12:22 -0400 Subject: [RHSA-2009:0339-01] Moderate: lcms security update Message-ID: <200903191612.n2JGCOn1014919@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: lcms security update Advisory ID: RHSA-2009:0339-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0339.html Issue date: 2009-03-19 CVE Names: CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 ===================================================================== 1. Summary: Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Little Color Management System (LittleCMS, or simply "lcms") is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733) A memory leak flaw was found in LittleCMS. An application using LittleCMS could use excessive amount of memory, and possibly crash after using all available memory, if used to open specially-crafted images. (CVE-2009-0581) Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues. All users of LittleCMS should install these updated packages, which upgrade LittleCMS to version 1.18. All running applications using the lcms library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 487508 - CVE-2009-0723 LittleCms integer overflow 487509 - CVE-2009-0581 LittleCms memory leak 487512 - CVE-2009-0733 LittleCms lack of upper-bounds check on sizes 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/lcms-1.18-0.1.beta1.el5_3.2.src.rpm i386: lcms-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.i386.rpm python-lcms-1.18-0.1.beta1.el5_3.2.i386.rpm x86_64: lcms-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.x86_64.rpm python-lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/lcms-1.18-0.1.beta1.el5_3.2.src.rpm i386: lcms-debuginfo-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm x86_64: lcms-debuginfo-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.x86_64.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/lcms-1.18-0.1.beta1.el5_3.2.src.rpm i386: lcms-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm python-lcms-1.18-0.1.beta1.el5_3.2.i386.rpm ia64: lcms-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-1.18-0.1.beta1.el5_3.2.ia64.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.ia64.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.ia64.rpm python-lcms-1.18-0.1.beta1.el5_3.2.ia64.rpm ppc: lcms-1.18-0.1.beta1.el5_3.2.ppc.rpm lcms-1.18-0.1.beta1.el5_3.2.ppc64.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.ppc.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.ppc64.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.ppc.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.ppc64.rpm python-lcms-1.18-0.1.beta1.el5_3.2.ppc.rpm s390x: lcms-1.18-0.1.beta1.el5_3.2.s390.rpm lcms-1.18-0.1.beta1.el5_3.2.s390x.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.s390.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.s390x.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.s390.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.s390x.rpm python-lcms-1.18-0.1.beta1.el5_3.2.s390x.rpm x86_64: lcms-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-debuginfo-1.18-0.1.beta1.el5_3.2.x86_64.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpm lcms-devel-1.18-0.1.beta1.el5_3.2.x86_64.rpm python-lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJwm7PXlSAg2UNWIIRAiuOAJkBWmEEmlCS+nUhTtSnYvgtqK8g6QCgntf0 YlCwYMT+IfOs+Xhy+xqEizA= =/vxi -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 19 16:12:45 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Mar 2009 12:12:45 -0400 Subject: [RHSA-2009:0341-01] Moderate: curl security update Message-ID: <200903191612.n2JGCkAN015214@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2009:0341-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0341.html Issue date: 2009-03-19 CVE Names: CVE-2009-0037 ===================================================================== 1. Summary: Updated curl packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Description: cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different target URLs when handling automatic redirects. This caused libcurl to follow any new URL that it understood, including the "file://" URL type. This could allow a remote server to force a local libcurl-using application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2009-0037) Note: Applications using libcurl that are expected to follow redirects to "file://" protocol must now explicitly call curl_easy_setopt(3) and set the newly introduced CURLOPT_REDIR_PROTOCOLS option as required. cURL users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libcurl must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 485271 - CVE-2009-0037 curl: local file access via unsafe redirects 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/curl-7.8-3.rhel2.src.rpm i386: curl-7.8-3.rhel2.i386.rpm curl-devel-7.8-3.rhel2.i386.rpm ia64: curl-7.8-3.rhel2.ia64.rpm curl-devel-7.8-3.rhel2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/curl-7.8-3.rhel2.src.rpm ia64: curl-7.8-3.rhel2.ia64.rpm curl-devel-7.8-3.rhel2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/curl-7.8-3.rhel2.src.rpm i386: curl-7.8-3.rhel2.i386.rpm curl-devel-7.8-3.rhel2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/curl-7.8-3.rhel2.src.rpm i386: curl-7.8-3.rhel2.i386.rpm curl-devel-7.8-3.rhel2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/curl-7.10.6-9.rhel3.src.rpm i386: curl-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-devel-7.10.6-9.rhel3.i386.rpm ia64: curl-7.10.6-9.rhel3.i386.rpm curl-7.10.6-9.rhel3.ia64.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.ia64.rpm curl-devel-7.10.6-9.rhel3.ia64.rpm ppc: curl-7.10.6-9.rhel3.ppc.rpm curl-7.10.6-9.rhel3.ppc64.rpm curl-debuginfo-7.10.6-9.rhel3.ppc.rpm curl-debuginfo-7.10.6-9.rhel3.ppc64.rpm curl-devel-7.10.6-9.rhel3.ppc.rpm s390: curl-7.10.6-9.rhel3.s390.rpm curl-debuginfo-7.10.6-9.rhel3.s390.rpm curl-devel-7.10.6-9.rhel3.s390.rpm s390x: curl-7.10.6-9.rhel3.s390.rpm curl-7.10.6-9.rhel3.s390x.rpm curl-debuginfo-7.10.6-9.rhel3.s390.rpm curl-debuginfo-7.10.6-9.rhel3.s390x.rpm curl-devel-7.10.6-9.rhel3.s390x.rpm x86_64: curl-7.10.6-9.rhel3.i386.rpm curl-7.10.6-9.rhel3.x86_64.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.x86_64.rpm curl-devel-7.10.6-9.rhel3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/curl-7.10.6-9.rhel3.src.rpm i386: curl-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-devel-7.10.6-9.rhel3.i386.rpm x86_64: curl-7.10.6-9.rhel3.i386.rpm curl-7.10.6-9.rhel3.x86_64.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.x86_64.rpm curl-devel-7.10.6-9.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/curl-7.10.6-9.rhel3.src.rpm i386: curl-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-devel-7.10.6-9.rhel3.i386.rpm ia64: curl-7.10.6-9.rhel3.i386.rpm curl-7.10.6-9.rhel3.ia64.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.ia64.rpm curl-devel-7.10.6-9.rhel3.ia64.rpm x86_64: curl-7.10.6-9.rhel3.i386.rpm curl-7.10.6-9.rhel3.x86_64.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.x86_64.rpm curl-devel-7.10.6-9.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/curl-7.10.6-9.rhel3.src.rpm i386: curl-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-devel-7.10.6-9.rhel3.i386.rpm ia64: curl-7.10.6-9.rhel3.i386.rpm curl-7.10.6-9.rhel3.ia64.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.ia64.rpm curl-devel-7.10.6-9.rhel3.ia64.rpm x86_64: curl-7.10.6-9.rhel3.i386.rpm curl-7.10.6-9.rhel3.x86_64.rpm curl-debuginfo-7.10.6-9.rhel3.i386.rpm curl-debuginfo-7.10.6-9.rhel3.x86_64.rpm curl-devel-7.10.6-9.rhel3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-11.1.el4_7.1.src.rpm i386: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-devel-7.12.1-11.1.el4_7.1.i386.rpm ia64: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-7.12.1-11.1.el4_7.1.ia64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.ia64.rpm curl-devel-7.12.1-11.1.el4_7.1.ia64.rpm ppc: curl-7.12.1-11.1.el4_7.1.ppc.rpm curl-7.12.1-11.1.el4_7.1.ppc64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.ppc.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.ppc64.rpm curl-devel-7.12.1-11.1.el4_7.1.ppc.rpm s390: curl-7.12.1-11.1.el4_7.1.s390.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.s390.rpm curl-devel-7.12.1-11.1.el4_7.1.s390.rpm s390x: curl-7.12.1-11.1.el4_7.1.s390.rpm curl-7.12.1-11.1.el4_7.1.s390x.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.s390.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.s390x.rpm curl-devel-7.12.1-11.1.el4_7.1.s390x.rpm x86_64: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-7.12.1-11.1.el4_7.1.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.x86_64.rpm curl-devel-7.12.1-11.1.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-11.1.el4_7.1.src.rpm i386: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-devel-7.12.1-11.1.el4_7.1.i386.rpm x86_64: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-7.12.1-11.1.el4_7.1.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.x86_64.rpm curl-devel-7.12.1-11.1.el4_7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-11.1.el4_7.1.src.rpm i386: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-devel-7.12.1-11.1.el4_7.1.i386.rpm ia64: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-7.12.1-11.1.el4_7.1.ia64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.ia64.rpm curl-devel-7.12.1-11.1.el4_7.1.ia64.rpm x86_64: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-7.12.1-11.1.el4_7.1.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.x86_64.rpm curl-devel-7.12.1-11.1.el4_7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-11.1.el4_7.1.src.rpm i386: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-devel-7.12.1-11.1.el4_7.1.i386.rpm ia64: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-7.12.1-11.1.el4_7.1.ia64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.ia64.rpm curl-devel-7.12.1-11.1.el4_7.1.ia64.rpm x86_64: curl-7.12.1-11.1.el4_7.1.i386.rpm curl-7.12.1-11.1.el4_7.1.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.i386.rpm curl-debuginfo-7.12.1-11.1.el4_7.1.x86_64.rpm curl-devel-7.12.1-11.1.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-2.1.el5_3.4.src.rpm i386: curl-7.15.5-2.1.el5_3.4.i386.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.i386.rpm x86_64: curl-7.15.5-2.1.el5_3.4.i386.rpm curl-7.15.5-2.1.el5_3.4.x86_64.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.i386.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-2.1.el5_3.4.src.rpm i386: curl-debuginfo-7.15.5-2.1.el5_3.4.i386.rpm curl-devel-7.15.5-2.1.el5_3.4.i386.rpm x86_64: curl-debuginfo-7.15.5-2.1.el5_3.4.i386.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.x86_64.rpm curl-devel-7.15.5-2.1.el5_3.4.i386.rpm curl-devel-7.15.5-2.1.el5_3.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/curl-7.15.5-2.1.el5_3.4.src.rpm i386: curl-7.15.5-2.1.el5_3.4.i386.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.i386.rpm curl-devel-7.15.5-2.1.el5_3.4.i386.rpm ia64: curl-7.15.5-2.1.el5_3.4.ia64.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.ia64.rpm curl-devel-7.15.5-2.1.el5_3.4.ia64.rpm ppc: curl-7.15.5-2.1.el5_3.4.ppc.rpm curl-7.15.5-2.1.el5_3.4.ppc64.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.ppc.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.ppc64.rpm curl-devel-7.15.5-2.1.el5_3.4.ppc.rpm curl-devel-7.15.5-2.1.el5_3.4.ppc64.rpm s390x: curl-7.15.5-2.1.el5_3.4.s390.rpm curl-7.15.5-2.1.el5_3.4.s390x.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.s390.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.s390x.rpm curl-devel-7.15.5-2.1.el5_3.4.s390.rpm curl-devel-7.15.5-2.1.el5_3.4.s390x.rpm x86_64: curl-7.15.5-2.1.el5_3.4.i386.rpm curl-7.15.5-2.1.el5_3.4.x86_64.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.i386.rpm curl-debuginfo-7.15.5-2.1.el5_3.4.x86_64.rpm curl-devel-7.15.5-2.1.el5_3.4.i386.rpm curl-devel-7.15.5-2.1.el5_3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJwm7vXlSAg2UNWIIRAroFAKCKDeunP0rbrBA4fvgQX+CS2i3rPACff22Y ILjVK6SGd0jni2ahCuMeuUk= =BV0F -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 19 16:13:01 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Mar 2009 12:13:01 -0400 Subject: [RHSA-2009:0345-01] Moderate: ghostscript security update Message-ID: <200903191613.n2JGD2qj015329@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ghostscript security update Advisory ID: RHSA-2009:0345-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0345.html Issue date: 2009-03-19 CVE Names: CVE-2009-0583 CVE-2009-0584 ===================================================================== 1. Summary: Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. (CVE-2009-0583, CVE-2009-0584) All users of ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 487742 - CVE-2009-0583 ghostscript: Multiple integer overflows in the International Color Consortium Format Library 487744 - CVE-2009-0584 ghostscript: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ghostscript-7.05-32.1.17.src.rpm i386: ghostscript-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-devel-7.05-32.1.17.i386.rpm hpijs-1.3-32.1.17.i386.rpm ia64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.ia64.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.ia64.rpm ghostscript-devel-7.05-32.1.17.ia64.rpm hpijs-1.3-32.1.17.ia64.rpm ppc: ghostscript-7.05-32.1.17.ppc.rpm ghostscript-7.05-32.1.17.ppc64.rpm ghostscript-debuginfo-7.05-32.1.17.ppc.rpm ghostscript-debuginfo-7.05-32.1.17.ppc64.rpm ghostscript-devel-7.05-32.1.17.ppc.rpm hpijs-1.3-32.1.17.ppc.rpm s390: ghostscript-7.05-32.1.17.s390.rpm ghostscript-debuginfo-7.05-32.1.17.s390.rpm ghostscript-devel-7.05-32.1.17.s390.rpm hpijs-1.3-32.1.17.s390.rpm s390x: ghostscript-7.05-32.1.17.s390.rpm ghostscript-7.05-32.1.17.s390x.rpm ghostscript-debuginfo-7.05-32.1.17.s390.rpm ghostscript-debuginfo-7.05-32.1.17.s390x.rpm ghostscript-devel-7.05-32.1.17.s390x.rpm hpijs-1.3-32.1.17.s390x.rpm x86_64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.x86_64.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.x86_64.rpm ghostscript-devel-7.05-32.1.17.x86_64.rpm hpijs-1.3-32.1.17.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ghostscript-7.05-32.1.17.src.rpm i386: ghostscript-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-devel-7.05-32.1.17.i386.rpm hpijs-1.3-32.1.17.i386.rpm x86_64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.x86_64.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.x86_64.rpm ghostscript-devel-7.05-32.1.17.x86_64.rpm hpijs-1.3-32.1.17.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ghostscript-7.05-32.1.17.src.rpm i386: ghostscript-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-devel-7.05-32.1.17.i386.rpm hpijs-1.3-32.1.17.i386.rpm ia64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.ia64.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.ia64.rpm ghostscript-devel-7.05-32.1.17.ia64.rpm hpijs-1.3-32.1.17.ia64.rpm x86_64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.x86_64.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.x86_64.rpm ghostscript-devel-7.05-32.1.17.x86_64.rpm hpijs-1.3-32.1.17.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ghostscript-7.05-32.1.17.src.rpm i386: ghostscript-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-devel-7.05-32.1.17.i386.rpm hpijs-1.3-32.1.17.i386.rpm ia64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.ia64.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.ia64.rpm ghostscript-devel-7.05-32.1.17.ia64.rpm hpijs-1.3-32.1.17.ia64.rpm x86_64: ghostscript-7.05-32.1.17.i386.rpm ghostscript-7.05-32.1.17.x86_64.rpm ghostscript-debuginfo-7.05-32.1.17.i386.rpm ghostscript-debuginfo-7.05-32.1.17.x86_64.rpm ghostscript-devel-7.05-32.1.17.x86_64.rpm hpijs-1.3-32.1.17.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ghostscript-7.07-33.2.el4_7.5.src.rpm i386: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm ia64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.ia64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.ia64.rpm ghostscript-devel-7.07-33.2.el4_7.5.ia64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.ia64.rpm ppc: ghostscript-7.07-33.2.el4_7.5.ppc.rpm ghostscript-7.07-33.2.el4_7.5.ppc64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.ppc.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.ppc64.rpm ghostscript-devel-7.07-33.2.el4_7.5.ppc.rpm ghostscript-gtk-7.07-33.2.el4_7.5.ppc.rpm s390: ghostscript-7.07-33.2.el4_7.5.s390.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.s390.rpm ghostscript-devel-7.07-33.2.el4_7.5.s390.rpm ghostscript-gtk-7.07-33.2.el4_7.5.s390.rpm s390x: ghostscript-7.07-33.2.el4_7.5.s390.rpm ghostscript-7.07-33.2.el4_7.5.s390x.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.s390.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.s390x.rpm ghostscript-devel-7.07-33.2.el4_7.5.s390x.rpm ghostscript-gtk-7.07-33.2.el4_7.5.s390x.rpm x86_64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ghostscript-7.07-33.2.el4_7.5.src.rpm i386: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm x86_64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ghostscript-7.07-33.2.el4_7.5.src.rpm i386: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm ia64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.ia64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.ia64.rpm ghostscript-devel-7.07-33.2.el4_7.5.ia64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.ia64.rpm x86_64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ghostscript-7.07-33.2.el4_7.5.src.rpm i386: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-devel-7.07-33.2.el4_7.5.i386.rpm ghostscript-gtk-7.07-33.2.el4_7.5.i386.rpm ia64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.ia64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.ia64.rpm ghostscript-devel-7.07-33.2.el4_7.5.ia64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.ia64.rpm x86_64: ghostscript-7.07-33.2.el4_7.5.i386.rpm ghostscript-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.i386.rpm ghostscript-debuginfo-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-devel-7.07-33.2.el4_7.5.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_7.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.15.2-9.4.el5_3.4.src.rpm i386: ghostscript-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.i386.rpm x86_64: ghostscript-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.15.2-9.4.el5_3.4.src.rpm i386: ghostscript-debuginfo-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm x86_64: ghostscript-debuginfo-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ghostscript-8.15.2-9.4.el5_3.4.src.rpm i386: ghostscript-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.i386.rpm ia64: ghostscript-8.15.2-9.4.el5_3.4.ia64.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.ia64.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.ia64.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.ia64.rpm ppc: ghostscript-8.15.2-9.4.el5_3.4.ppc.rpm ghostscript-8.15.2-9.4.el5_3.4.ppc64.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.ppc.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.ppc64.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.ppc.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.ppc64.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.ppc.rpm s390x: ghostscript-8.15.2-9.4.el5_3.4.s390.rpm ghostscript-8.15.2-9.4.el5_3.4.s390x.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.s390.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.s390x.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.s390.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.s390x.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.s390x.rpm x86_64: ghostscript-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-debuginfo-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.4.x86_64.rpm ghostscript-gtk-8.15.2-9.4.el5_3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJwm8EXlSAg2UNWIIRAjSaAKCb/pTzBf3CW4Z3ajz2GU8ZbzjAgwCgiWSN kpZoxbKNVRKN5Pgw6l0Fc+s= =RI13 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 19 16:13:20 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Mar 2009 12:13:20 -0400 Subject: [RHSA-2009:0382-01] Moderate: libvirt security update Message-ID: <200903191613.n2JGDMEf015532@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security update Advisory ID: RHSA-2009:0382-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0382.html Issue date: 2009-03-19 CVE Names: CVE-2008-5086 CVE-2009-0036 ===================================================================== 1. Summary: Updated libvirt packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: libvirt is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. libvirt also provides tools for remotely managing virtualized systems. The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections. (CVE-2008-5086) libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges. (CVE-2009-0036) All users are advised to upgrade to these updated packages, which contain backported patches which resolve these issues. After installing the update, libvirtd must be restarted manually (for example, by issuing a "service libvirtd restart" command) for this change to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 476560 - CVE-2008-5086 libvirt: missing checks for read-only connection 484947 - CVE-2009-0036 libvirt: libvirt_proxy buffer overflow 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvirt-0.3.3-14.el5_3.1.src.rpm i386: libvirt-0.3.3-14.el5_3.1.i386.rpm libvirt-debuginfo-0.3.3-14.el5_3.1.i386.rpm libvirt-devel-0.3.3-14.el5_3.1.i386.rpm libvirt-python-0.3.3-14.el5_3.1.i386.rpm x86_64: libvirt-0.3.3-14.el5_3.1.i386.rpm libvirt-0.3.3-14.el5_3.1.x86_64.rpm libvirt-debuginfo-0.3.3-14.el5_3.1.i386.rpm libvirt-debuginfo-0.3.3-14.el5_3.1.x86_64.rpm libvirt-devel-0.3.3-14.el5_3.1.i386.rpm libvirt-devel-0.3.3-14.el5_3.1.x86_64.rpm libvirt-python-0.3.3-14.el5_3.1.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libvirt-0.3.3-14.el5_3.1.src.rpm i386: libvirt-0.3.3-14.el5_3.1.i386.rpm libvirt-debuginfo-0.3.3-14.el5_3.1.i386.rpm libvirt-devel-0.3.3-14.el5_3.1.i386.rpm libvirt-python-0.3.3-14.el5_3.1.i386.rpm ia64: libvirt-0.3.3-14.el5_3.1.ia64.rpm libvirt-debuginfo-0.3.3-14.el5_3.1.ia64.rpm libvirt-devel-0.3.3-14.el5_3.1.ia64.rpm libvirt-python-0.3.3-14.el5_3.1.ia64.rpm x86_64: libvirt-0.3.3-14.el5_3.1.i386.rpm libvirt-0.3.3-14.el5_3.1.x86_64.rpm libvirt-debuginfo-0.3.3-14.el5_3.1.i386.rpm libvirt-debuginfo-0.3.3-14.el5_3.1.x86_64.rpm libvirt-devel-0.3.3-14.el5_3.1.i386.rpm libvirt-devel-0.3.3-14.el5_3.1.x86_64.rpm libvirt-python-0.3.3-14.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0036 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJwm8TXlSAg2UNWIIRAsfOAJoCPC961OmiQmDcdZPKtiDmRefLGwCeLnej kkEO1d+kBJnxhdhCjf8Vr4s= =0k6U -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 24 12:06:38 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Mar 2009 08:06:38 -0400 Subject: [RHSA-2009:0258-01] Moderate: thunderbird security update Message-ID: <200903241206.n2OC6g7v021957@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2009:0258-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0258.html Issue date: 2009-03-24 CVE Names: CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 483139 - CVE-2009-0352 Firefox layout crashes with evidence of memory corruption 483141 - CVE-2009-0353 Firefox javascript crashes with evidence of memory corruption 483143 - CVE-2009-0355 Firefox local file stealing with SessionStore 488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes 488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine 488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability 488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-19.el4.src.rpm i386: thunderbird-1.5.0.12-19.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-19.el4.i386.rpm ia64: thunderbird-1.5.0.12-19.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-19.el4.ia64.rpm ppc: thunderbird-1.5.0.12-19.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-19.el4.ppc.rpm s390: thunderbird-1.5.0.12-19.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-19.el4.s390.rpm s390x: thunderbird-1.5.0.12-19.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-19.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-19.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-19.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-19.el4.src.rpm i386: thunderbird-1.5.0.12-19.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-19.el4.i386.rpm x86_64: thunderbird-1.5.0.12-19.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-19.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-19.el4.src.rpm i386: thunderbird-1.5.0.12-19.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-19.el4.i386.rpm ia64: thunderbird-1.5.0.12-19.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-19.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-19.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-19.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-19.el4.src.rpm i386: thunderbird-1.5.0.12-19.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-19.el4.i386.rpm ia64: thunderbird-1.5.0.12-19.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-19.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-19.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-19.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.21-1.el5.src.rpm i386: thunderbird-2.0.0.21-1.el5.i386.rpm thunderbird-debuginfo-2.0.0.21-1.el5.i386.rpm x86_64: thunderbird-2.0.0.21-1.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.21-1.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.21-1.el5.src.rpm i386: thunderbird-2.0.0.21-1.el5.i386.rpm thunderbird-debuginfo-2.0.0.21-1.el5.i386.rpm x86_64: thunderbird-2.0.0.21-1.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.21-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJyMzLXlSAg2UNWIIRAhWgAJ0aMeVL85qqUr/N57ZjQow9C2+Y2ACgrFgt 74DvMbpRXp1lxzKYAhhaQ6o= =zvS+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 24 12:06:55 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Mar 2009 08:06:55 -0400 Subject: [RHSA-2009:0336-01] Moderate: glib2 security update Message-ID: <200903241206.n2OC6xmM022151@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glib2 security update Advisory ID: RHSA-2009:0336-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0336.html Issue date: 2009-03-24 CVE Names: CVE-2008-4316 ===================================================================== 1. Summary: Updated glib2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. Diego Petten? discovered multiple integer overflows causing heap-based buffer overflows in GLib's Base64 encoding and decoding functions. An attacker could use these flaws to crash an application using GLib's Base64 functions to encode or decode large, untrusted inputs, or, possibly, execute arbitrary code as the user running the application. (CVE-2008-4316) Note: No application shipped with Red Hat Enterprise Linux 5 uses the affected functions. Third-party applications may, however, be affected. All users of glib2 should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 474770 - CVE-2008-4316 glib2: integer overflows in the base64 handling functions (oCERT-2008-015) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/glib2-2.12.3-4.el5_3.1.src.rpm i386: glib2-2.12.3-4.el5_3.1.i386.rpm glib2-debuginfo-2.12.3-4.el5_3.1.i386.rpm x86_64: glib2-2.12.3-4.el5_3.1.i386.rpm glib2-2.12.3-4.el5_3.1.x86_64.rpm glib2-debuginfo-2.12.3-4.el5_3.1.i386.rpm glib2-debuginfo-2.12.3-4.el5_3.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/glib2-2.12.3-4.el5_3.1.src.rpm i386: glib2-debuginfo-2.12.3-4.el5_3.1.i386.rpm glib2-devel-2.12.3-4.el5_3.1.i386.rpm x86_64: glib2-debuginfo-2.12.3-4.el5_3.1.i386.rpm glib2-debuginfo-2.12.3-4.el5_3.1.x86_64.rpm glib2-devel-2.12.3-4.el5_3.1.i386.rpm glib2-devel-2.12.3-4.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/glib2-2.12.3-4.el5_3.1.src.rpm i386: glib2-2.12.3-4.el5_3.1.i386.rpm glib2-debuginfo-2.12.3-4.el5_3.1.i386.rpm glib2-devel-2.12.3-4.el5_3.1.i386.rpm ia64: glib2-2.12.3-4.el5_3.1.i386.rpm glib2-2.12.3-4.el5_3.1.ia64.rpm glib2-debuginfo-2.12.3-4.el5_3.1.i386.rpm glib2-debuginfo-2.12.3-4.el5_3.1.ia64.rpm glib2-devel-2.12.3-4.el5_3.1.ia64.rpm ppc: glib2-2.12.3-4.el5_3.1.ppc.rpm glib2-2.12.3-4.el5_3.1.ppc64.rpm glib2-debuginfo-2.12.3-4.el5_3.1.ppc.rpm glib2-debuginfo-2.12.3-4.el5_3.1.ppc64.rpm glib2-devel-2.12.3-4.el5_3.1.ppc.rpm glib2-devel-2.12.3-4.el5_3.1.ppc64.rpm s390x: glib2-2.12.3-4.el5_3.1.s390.rpm glib2-2.12.3-4.el5_3.1.s390x.rpm glib2-debuginfo-2.12.3-4.el5_3.1.s390.rpm glib2-debuginfo-2.12.3-4.el5_3.1.s390x.rpm glib2-devel-2.12.3-4.el5_3.1.s390.rpm glib2-devel-2.12.3-4.el5_3.1.s390x.rpm x86_64: glib2-2.12.3-4.el5_3.1.i386.rpm glib2-2.12.3-4.el5_3.1.x86_64.rpm glib2-debuginfo-2.12.3-4.el5_3.1.i386.rpm glib2-debuginfo-2.12.3-4.el5_3.1.x86_64.rpm glib2-devel-2.12.3-4.el5_3.1.i386.rpm glib2-devel-2.12.3-4.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJyMzUXlSAg2UNWIIRAhwEAKCcBg1Yb/0OPq4XOjv0pM+VWtRABgCggPu5 tbW+6D2xP1JxuJsOKfrQorw= =k3YS -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 25 14:03:11 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Mar 2009 10:03:11 -0400 Subject: [RHSA-2009:0361-01] Moderate: NetworkManager security update Message-ID: <200903251403.n2PE3GAp019550@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: NetworkManager security update Advisory ID: RHSA-2009:0361-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0361.html Issue date: 2009-03-25 CVE Names: CVE-2009-0365 CVE-2009-0578 ===================================================================== 1. Summary: Updated NetworkManager packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365) A potential denial of service flaw was found in NetworkManager's D-Bus interface. A local user could leverage this flaw to modify local connection settings, preventing the system's network connection from functioning properly. (CVE-2009-0578) Red Hat would like to thank Ludwig Nussel for reporting these flaws responsibly. Users of NetworkManager should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 487722 - CVE-2009-0365 NetworkManager: GetSecrets disclosure 487752 - CVE-2009-0578 NetworkManager: local users can modify the connection settings 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/NetworkManager-0.7.0-4.el5_3.src.rpm i386: NetworkManager-0.7.0-4.el5_3.i386.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-0.7.0-4.el5_3.i386.rpm NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm x86_64: NetworkManager-0.7.0-4.el5_3.i386.rpm NetworkManager-0.7.0-4.el5_3.x86_64.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.i386.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.x86_64.rpm NetworkManager-glib-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-0.7.0-4.el5_3.x86_64.rpm NetworkManager-gnome-0.7.0-4.el5_3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/NetworkManager-0.7.0-4.el5_3.src.rpm i386: NetworkManager-debuginfo-0.7.0-4.el5_3.i386.rpm NetworkManager-devel-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm x86_64: NetworkManager-debuginfo-0.7.0-4.el5_3.i386.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.x86_64.rpm NetworkManager-devel-0.7.0-4.el5_3.i386.rpm NetworkManager-devel-0.7.0-4.el5_3.x86_64.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/NetworkManager-0.7.0-4.el5_3.src.rpm i386: NetworkManager-0.7.0-4.el5_3.i386.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.i386.rpm NetworkManager-devel-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm ia64: NetworkManager-0.7.0-4.el5_3.ia64.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.ia64.rpm NetworkManager-devel-0.7.0-4.el5_3.ia64.rpm NetworkManager-glib-0.7.0-4.el5_3.ia64.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.ia64.rpm NetworkManager-gnome-0.7.0-4.el5_3.ia64.rpm ppc: NetworkManager-0.7.0-4.el5_3.ppc.rpm NetworkManager-0.7.0-4.el5_3.ppc64.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.ppc.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.ppc64.rpm NetworkManager-devel-0.7.0-4.el5_3.ppc.rpm NetworkManager-devel-0.7.0-4.el5_3.ppc64.rpm NetworkManager-glib-0.7.0-4.el5_3.ppc.rpm NetworkManager-glib-0.7.0-4.el5_3.ppc64.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.ppc.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.ppc64.rpm NetworkManager-gnome-0.7.0-4.el5_3.ppc.rpm x86_64: NetworkManager-0.7.0-4.el5_3.i386.rpm NetworkManager-0.7.0-4.el5_3.x86_64.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.i386.rpm NetworkManager-debuginfo-0.7.0-4.el5_3.x86_64.rpm NetworkManager-devel-0.7.0-4.el5_3.i386.rpm NetworkManager-devel-0.7.0-4.el5_3.x86_64.rpm NetworkManager-glib-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-0.7.0-4.el5_3.x86_64.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm NetworkManager-glib-devel-0.7.0-4.el5_3.x86_64.rpm NetworkManager-gnome-0.7.0-4.el5_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJyjmUXlSAg2UNWIIRAvvSAJ0V3sqek2TpFP16qK+kNb8Km34UAgCfYTKd y34WZWiS9ZaNsaBnKPWVbsw= =xHHf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 25 14:03:24 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Mar 2009 10:03:24 -0400 Subject: [RHSA-2009:0362-01] Moderate: NetworkManager security update Message-ID: <200903251403.n2PE3Tcw019633@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: NetworkManager security update Advisory ID: RHSA-2009:0362-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0362.html Issue date: 2009-03-25 CVE Names: CVE-2009-0365 ===================================================================== 1. Summary: Updated NetworkManager packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365) Red Hat would like to thank Ludwig Nussel for responsibly reporting this flaw. NetworkManager users should upgrade to these updated packages, which contain a backported patch that corrects this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 487722 - CVE-2009-0365 NetworkManager: GetSecrets disclosure 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/NetworkManager-0.3.1-5.el4.src.rpm i386: NetworkManager-0.3.1-5.el4.i386.rpm NetworkManager-debuginfo-0.3.1-5.el4.i386.rpm NetworkManager-gnome-0.3.1-5.el4.i386.rpm ia64: NetworkManager-0.3.1-5.el4.ia64.rpm NetworkManager-debuginfo-0.3.1-5.el4.ia64.rpm NetworkManager-gnome-0.3.1-5.el4.ia64.rpm ppc: NetworkManager-0.3.1-5.el4.ppc.rpm NetworkManager-debuginfo-0.3.1-5.el4.ppc.rpm NetworkManager-gnome-0.3.1-5.el4.ppc.rpm x86_64: NetworkManager-0.3.1-5.el4.x86_64.rpm NetworkManager-debuginfo-0.3.1-5.el4.x86_64.rpm NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/NetworkManager-0.3.1-5.el4.src.rpm i386: NetworkManager-0.3.1-5.el4.i386.rpm NetworkManager-debuginfo-0.3.1-5.el4.i386.rpm NetworkManager-gnome-0.3.1-5.el4.i386.rpm x86_64: NetworkManager-0.3.1-5.el4.x86_64.rpm NetworkManager-debuginfo-0.3.1-5.el4.x86_64.rpm NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/NetworkManager-0.3.1-5.el4.src.rpm i386: NetworkManager-0.3.1-5.el4.i386.rpm NetworkManager-debuginfo-0.3.1-5.el4.i386.rpm NetworkManager-gnome-0.3.1-5.el4.i386.rpm ia64: NetworkManager-0.3.1-5.el4.ia64.rpm NetworkManager-debuginfo-0.3.1-5.el4.ia64.rpm NetworkManager-gnome-0.3.1-5.el4.ia64.rpm x86_64: NetworkManager-0.3.1-5.el4.x86_64.rpm NetworkManager-debuginfo-0.3.1-5.el4.x86_64.rpm NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/NetworkManager-0.3.1-5.el4.src.rpm i386: NetworkManager-0.3.1-5.el4.i386.rpm NetworkManager-debuginfo-0.3.1-5.el4.i386.rpm NetworkManager-gnome-0.3.1-5.el4.i386.rpm ia64: NetworkManager-0.3.1-5.el4.ia64.rpm NetworkManager-debuginfo-0.3.1-5.el4.ia64.rpm NetworkManager-gnome-0.3.1-5.el4.ia64.rpm x86_64: NetworkManager-0.3.1-5.el4.x86_64.rpm NetworkManager-debuginfo-0.3.1-5.el4.x86_64.rpm NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJyjmiXlSAg2UNWIIRAq5tAJ45g4Y+29KmjS6KJIRx2e5nPGu5IACghDWE G81E2FgbmFtBzpOrB75jOac= =OkuQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 25 14:03:43 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Mar 2009 10:03:43 -0400 Subject: [RHSA-2009:0376-01] Critical: acroread security update Message-ID: <200903251403.n2PE3mE5019853@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2009:0376-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0376.html Issue date: 2009-03-25 CVE Names: CVE-2009-0193 CVE-2009-0658 CVE-2009-0928 CVE-2009-1061 CVE-2009-1062 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple input validation flaws were discovered in the JBIG2 compressed images decoder used by Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2009-0193, CVE-2009-0658, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 486928 - CVE-2009-0658, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062 acroread: multiple JBIG2-related security flaws 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Desktop version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm x86_64: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm x86_64: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1062 http://www.adobe.com/support/security/bulletins/apsb09-04.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJyjmxXlSAg2UNWIIRAq+7AJ0W8Iy83bA208wBejuwqZt6mT9rGQCdE6uz WYCphKpaDBLJ5c6oR455cNg= =GpRw -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 25 14:53:47 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Mar 2009 10:53:47 -0400 Subject: [RHSA-2009:0369-01] Critical: java-1.6.0-ibm security update Message-ID: <200903251453.n2PErqTH024883@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2009:0369-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0369.html Issue date: 2009-03-25 CVE Names: CVE-2008-5340 CVE-2008-5341 CVE-2008-5342 CVE-2008-5343 CVE-2008-5351 CVE-2008-5356 CVE-2008-5357 CVE-2008-5358 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The IBM? 1.6.0 Java? release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR4 Java release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841) 472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336) 472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322) 472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136) 474773 - CVE-2008-5340 Java WebStart privilege escalation 474786 - CVE-2008-5341 Java Web Start exposes username and the pathname of the JWS cache 474789 - CVE-2008-5342 Java Web Start BasicService displays local files in the browser 474790 - CVE-2008-5343 Java WebStart allows hidden code privilege escalation 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.i386.rpm ppc: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.ppc.rpm s390: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.s390.rpm s390x: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358 http://www.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJykVxXlSAg2UNWIIRAiT/AJkBhbQYwmWBY+asK+zCbp7G1vrj0wCguMPk jwVecVaj2QzXQ0HHf+pmtyk= =DILq -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 26 15:48:55 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Mar 2009 11:48:55 -0400 Subject: [RHSA-2009:0295-01] Moderate: net-snmp security update Message-ID: <200903261549.n2QFn0ta017491@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: net-snmp security update Advisory ID: RHSA-2009:0295-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0295.html Issue date: 2009-03-26 CVE Names: CVE-2008-6123 ===================================================================== 1. Summary: Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in "/etc/hosts.allow" and "/etc/hosts.deny" to not be honored. A remote attacker could use this flaw to bypass intended access restrictions. (CVE-2008-6123) This issue only affected configurations where hosts.allow and hosts.deny were used to limit access to the SNMP server. To obtain information from the server, the attacker would have to successfully authenticate, usually by providing a correct community string. All net-snmp users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 485211 - CVE-2008-6123 net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny} 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm ia64: net-snmp-5.0.9-2.30E.27.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm net-snmp-devel-5.0.9-2.30E.27.ia64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.ia64.rpm net-snmp-perl-5.0.9-2.30E.27.ia64.rpm net-snmp-utils-5.0.9-2.30E.27.ia64.rpm ppc: net-snmp-5.0.9-2.30E.27.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ppc64.rpm net-snmp-devel-5.0.9-2.30E.27.ppc.rpm net-snmp-libs-5.0.9-2.30E.27.ppc.rpm net-snmp-libs-5.0.9-2.30E.27.ppc64.rpm net-snmp-perl-5.0.9-2.30E.27.ppc.rpm net-snmp-utils-5.0.9-2.30E.27.ppc.rpm s390: net-snmp-5.0.9-2.30E.27.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.27.s390.rpm net-snmp-devel-5.0.9-2.30E.27.s390.rpm net-snmp-libs-5.0.9-2.30E.27.s390.rpm net-snmp-perl-5.0.9-2.30E.27.s390.rpm net-snmp-utils-5.0.9-2.30E.27.s390.rpm s390x: net-snmp-5.0.9-2.30E.27.s390x.rpm net-snmp-debuginfo-5.0.9-2.30E.27.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.27.s390x.rpm net-snmp-devel-5.0.9-2.30E.27.s390x.rpm net-snmp-libs-5.0.9-2.30E.27.s390.rpm net-snmp-libs-5.0.9-2.30E.27.s390x.rpm net-snmp-perl-5.0.9-2.30E.27.s390x.rpm net-snmp-utils-5.0.9-2.30E.27.s390x.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm ia64: net-snmp-5.0.9-2.30E.27.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm net-snmp-devel-5.0.9-2.30E.27.ia64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.ia64.rpm net-snmp-perl-5.0.9-2.30E.27.ia64.rpm net-snmp-utils-5.0.9-2.30E.27.ia64.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/net-snmp-5.0.9-2.30E.27.src.rpm i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm ia64: net-snmp-5.0.9-2.30E.27.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm net-snmp-devel-5.0.9-2.30E.27.ia64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.ia64.rpm net-snmp-perl-5.0.9-2.30E.27.ia64.rpm net-snmp-utils-5.0.9-2.30E.27.ia64.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJy6PZXlSAg2UNWIIRAkgFAJ4uz3aVNODn0YXeiidw45fuXTIM0ACgwRxG OR2Eog4rwvYiNkPXeaJ5Pxo= =95oa -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 26 16:02:01 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Mar 2009 12:02:01 -0400 Subject: [RHSA-2009:0373-01] Moderate: systemtap security update Message-ID: <200903261602.n2QG265b028656@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2009:0373-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0373.html Issue date: 2009-03-26 CVE Names: CVE-2009-0784 ===================================================================== 1. Summary: Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernel module was placed in the "systemtap/" module directory for the currently running kernel. Red Hat would like to thank Erik Sj?lund for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 489808 - CVE-2009-0784 systemtap: race condition leads to privilege escalation 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm ia64: systemtap-0.6.2-2.el4_7.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm systemtap-runtime-0.6.2-2.el4_7.ia64.rpm systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm ppc: systemtap-0.6.2-2.el4_7.ppc64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ppc64.rpm systemtap-runtime-0.6.2-2.el4_7.ppc64.rpm systemtap-testsuite-0.6.2-2.el4_7.ppc64.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm ia64: systemtap-0.6.2-2.el4_7.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm systemtap-runtime-0.6.2-2.el4_7.ia64.rpm systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/systemtap-0.6.2-2.el4_7.src.rpm i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm ia64: systemtap-0.6.2-2.el4_7.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm systemtap-runtime-0.6.2-2.el4_7.ia64.rpm systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/systemtap-0.7.2-3.el5_3.src.rpm i386: systemtap-0.7.2-3.el5_3.i386.rpm systemtap-client-0.7.2-3.el5_3.i386.rpm systemtap-debuginfo-0.7.2-3.el5_3.i386.rpm systemtap-runtime-0.7.2-3.el5_3.i386.rpm systemtap-server-0.7.2-3.el5_3.i386.rpm systemtap-testsuite-0.7.2-3.el5_3.i386.rpm x86_64: systemtap-0.7.2-3.el5_3.x86_64.rpm systemtap-client-0.7.2-3.el5_3.x86_64.rpm systemtap-debuginfo-0.7.2-3.el5_3.x86_64.rpm systemtap-runtime-0.7.2-3.el5_3.x86_64.rpm systemtap-server-0.7.2-3.el5_3.x86_64.rpm systemtap-testsuite-0.7.2-3.el5_3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/systemtap-0.7.2-3.el5_3.src.rpm i386: systemtap-0.7.2-3.el5_3.i386.rpm systemtap-client-0.7.2-3.el5_3.i386.rpm systemtap-debuginfo-0.7.2-3.el5_3.i386.rpm systemtap-runtime-0.7.2-3.el5_3.i386.rpm systemtap-server-0.7.2-3.el5_3.i386.rpm systemtap-testsuite-0.7.2-3.el5_3.i386.rpm ia64: systemtap-0.7.2-3.el5_3.ia64.rpm systemtap-client-0.7.2-3.el5_3.ia64.rpm systemtap-debuginfo-0.7.2-3.el5_3.ia64.rpm systemtap-runtime-0.7.2-3.el5_3.ia64.rpm systemtap-server-0.7.2-3.el5_3.ia64.rpm systemtap-testsuite-0.7.2-3.el5_3.ia64.rpm ppc: systemtap-0.7.2-3.el5_3.ppc64.rpm systemtap-client-0.7.2-3.el5_3.ppc64.rpm systemtap-debuginfo-0.7.2-3.el5_3.ppc64.rpm systemtap-runtime-0.7.2-3.el5_3.ppc64.rpm systemtap-server-0.7.2-3.el5_3.ppc64.rpm systemtap-testsuite-0.7.2-3.el5_3.ppc64.rpm s390x: systemtap-0.7.2-3.el5_3.s390x.rpm systemtap-client-0.7.2-3.el5_3.s390x.rpm systemtap-debuginfo-0.7.2-3.el5_3.s390x.rpm systemtap-runtime-0.7.2-3.el5_3.s390x.rpm systemtap-server-0.7.2-3.el5_3.s390x.rpm systemtap-testsuite-0.7.2-3.el5_3.s390x.rpm x86_64: systemtap-0.7.2-3.el5_3.x86_64.rpm systemtap-client-0.7.2-3.el5_3.x86_64.rpm systemtap-debuginfo-0.7.2-3.el5_3.x86_64.rpm systemtap-runtime-0.7.2-3.el5_3.x86_64.rpm systemtap-server-0.7.2-3.el5_3.x86_64.rpm systemtap-testsuite-0.7.2-3.el5_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0784 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJy6b0XlSAg2UNWIIRAkajAJ9hrrFqVYZiKoV2OqTrjzvF6YSTtACgvOjU XN4JdfFqwk7FgE3tWXCqRCU= =DIwO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 26 16:06:16 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Mar 2009 12:06:16 -0400 Subject: [RHSA-2009:0392-01] Critical: java-1.6.0-sun security update Message-ID: <200903261606.n2QG6LM7032055@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2009:0392-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0392.html Issue date: 2009-03-26 CVE Names: CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the "Advance notification of Security Updates for Java SE" page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 395481 - CVE-2006-2426 Untrusted applet causes DoS by filling up disk space 490166 - CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639) 490167 - CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680) 490168 - CVE-2009-1094 OpenJDK LDAP client remote code execution (6737315) 490169 - CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554) 490172 - CVE-2009-1102 OpenJDK code generation vulnerability (6636360) 490174 - CVE-2009-1097 OpenJDK PNG processing buffer overflow vulnerability (6804996) 490178 - CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability (6804998) 492302 - CVE-2009-1099 OpenJDK: Type1 font processing buffer overflow vulnerability 492305 - CVE-2009-1100 OpenJDK: DoS (disk consumption) via handling of temporary font files 492306 - CVE-2009-1103 OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860) 492308 - CVE-2009-1104 OpenJDK: Intended access restrictions bypass via LiveConnect (6724331) 492309 - CVE-2009-1105 OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490) 492310 - CVE-2009-1106 OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948) 492312 - CVE-2009-1107 OpenJDK: Signed applet remote misuse possibility (6782871) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.6.0-sun-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.6.0-sun-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://www.redhat.com/security/updates/classification/#critical http://blogs.sun.com/security/entry/advance_notification_of_security_updates4 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJy6fZXlSAg2UNWIIRAtJ6AJwI51ZmH6tjwvlGgBNa+W5QG0Th3gCeNkq9 tL+N/TUmzNBQ5ihrzgOTjhg= =5lm5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 26 16:10:28 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Mar 2009 12:10:28 -0400 Subject: [RHSA-2009:0394-01] Critical: java-1.5.0-sun security update Message-ID: <200903261610.n2QGAXAo004107@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-sun security update Advisory ID: RHSA-2009:0394-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0394.html Issue date: 2009-03-26 CVE Names: CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1103 CVE-2009-1104 CVE-2009-1107 ===================================================================== 1. Summary: Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the "Advance notification of Security Updates for Java SE" page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107) Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 395481 - CVE-2006-2426 Untrusted applet causes DoS by filling up disk space 490167 - CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680) 490168 - CVE-2009-1094 OpenJDK LDAP client remote code execution (6737315) 490169 - CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554) 490178 - CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability (6804998) 492302 - CVE-2009-1099 OpenJDK: Type1 font processing buffer overflow vulnerability 492305 - CVE-2009-1100 OpenJDK: DoS (disk consumption) via handling of temporary font files 492306 - CVE-2009-1103 OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860) 492308 - CVE-2009-1104 OpenJDK: Intended access restrictions bypass via LiveConnect (6724331) 492312 - CVE-2009-1107 OpenJDK: Signed applet remote misuse possibility (6782871) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.5.0-sun-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.i586.rpm x86_64: java-1.5.0-sun-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-sun-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.i586.rpm x86_64: java-1.5.0-sun-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://www.redhat.com/security/updates/classification/#critical http://blogs.sun.com/security/entry/advance_notification_of_security_updates4 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJy6juXlSAg2UNWIIRAonfAJwKhA2Yd8JJz2iFTgMLaBaV0cm/pACgiLkY cTudKG5cUFBzRHbP4y+M8zw= =G0eA -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 27 00:20:10 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Mar 2009 20:20:10 -0400 Subject: [RHSA-2009:0360-01] Important: kernel-rt security and bug fix update Message-ID: <200903270020.n2R0KGDJ026330@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2009:0360-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0360.html Issue date: 2009-03-26 CVE Names: CVE-2009-0031 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. These updated packages address the following security issues: * a memory leak exists in keyctl handling. A local, unprivileged user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important) * an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate) * a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in "/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Moderate) * an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate) * the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure. (CVE-2009-0676, Moderate) These updated packages also address numerous bugs, including the following: * the select() and poll() functions were converted to use high resolution timers (hrtimer). Since the change, the system call pselect7() started presenting an incorrect behavior when the specified timeout was NULL. Instead of blocking until an event happened (infinite timeout) it was treated as a no timeout (zero seconds). This update fixes the problem. (BZ#487382) * NFS is a network file system sharing technology commonly used on Linux systems. A bug exists in the Linux kernel implementation of NFS. When two (or more) clients have the same file open as it is being written to, a fault condition can arise triggering a system crash. This update resolves this bug. (BZ#486645) * a bug affected IBM BladeCenter LS21 machines with the High Precision Event Timer (HPET) enabled in the BIOS. In these machines, the HPET_T0_CFG register booted with level-triggered interrupts (HPET_TN_LEVEL) enabled. This resulted in a boot-time hang during the delay calibration. This kernel resolves the issue by disabling HPET_TN_LEVEL when setting up periodic mode. (BZ#485428) * Time Stamp Counter (TSC) is the preferred time source for MRG Realtime systems, although some TSC models do not comply with the requirements of a Realtime system. This kernel updates the tests carried out during boot time to check the TSC. (BZ#480244) * under certain conditions netlink_broadcast may call yield() on behalf of a high priority kernel thread. This can lead to a system deadlock. The issue has been resolved. (BZ#463207) Other changes included with this update are noted in the Red Hat Enterprise MRG Release Notes, available at the location noted in the References section below. All Red Hat Enterprise MRG users should install this update which addresses these vulnerabilities and fixes these bugs. For this update to take effect, the system must be rebooted. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 480592 - CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring 481604 - CVE-2009-0269 kernel: ecryptfs readlink flaw 482866 - CVE-2009-0322 kernel: dell_rbu local oops 485428 - IBM LS20/LS21 blades fail to boot RT kernel when HPET enabled in BIOS 486305 - CVE-2009-0676 kernel: memory disclosure in SO_BSDCOMPAT gsopt 486534 - CVE-2009-0675 kernel: skfp_ioctl inverted logic flaw 486645 - [NFS] Bug in shared page handling over NFS 487382 - pselect with timeout=NULL triggers a warning at kernel/hrtimer.c:439 hrtimer_reprogram() 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-108.el5rt.src.rpm i386: kernel-rt-2.6.24.7-108.el5rt.i686.rpm kernel-rt-debug-2.6.24.7-108.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.24.7-108.el5rt.i686.rpm kernel-rt-debug-devel-2.6.24.7-108.el5rt.i686.rpm kernel-rt-debuginfo-2.6.24.7-108.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.24.7-108.el5rt.i686.rpm kernel-rt-devel-2.6.24.7-108.el5rt.i686.rpm kernel-rt-trace-2.6.24.7-108.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.24.7-108.el5rt.i686.rpm kernel-rt-trace-devel-2.6.24.7-108.el5rt.i686.rpm kernel-rt-vanilla-2.6.24.7-108.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-108.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.24.7-108.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.24.7-108.el5rt.noarch.rpm x86_64: kernel-rt-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-debug-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-devel-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-trace-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-108.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.24.7-108.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://www.redhat.com/security/updates/classification/#important http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJzBuvXlSAg2UNWIIRAjfUAJ9tfGpcaG4DbtnT1ypYw/srXjcVgwCeIf6J yQjB0pG4fxbZdI2kU4IxoPY= =bqJP -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 27 23:36:42 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 27 Mar 2009 19:36:42 -0400 Subject: [RHSA-2009:0397-01] Critical: firefox security update Message-ID: <200903272336.n2RNale1014310@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2009:0397-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0397.html Issue date: 2009-03-27 CVE Names: CVE-2009-1044 CVE-2009-1169 ===================================================================== 1. Summary: Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 492211 - CVE-2009-1169 Firefox XSLT memory corruption issue 492212 - CVE-2009-1044 Firefox XUL garbage collection issue (cansecwest pwn2own) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm i386: firefox-3.0.7-3.el4.i386.rpm firefox-debuginfo-3.0.7-3.el4.i386.rpm ia64: firefox-3.0.7-3.el4.ia64.rpm firefox-debuginfo-3.0.7-3.el4.ia64.rpm ppc: firefox-3.0.7-3.el4.ppc.rpm firefox-debuginfo-3.0.7-3.el4.ppc.rpm s390: firefox-3.0.7-3.el4.s390.rpm firefox-debuginfo-3.0.7-3.el4.s390.rpm s390x: firefox-3.0.7-3.el4.s390x.rpm firefox-debuginfo-3.0.7-3.el4.s390x.rpm x86_64: firefox-3.0.7-3.el4.x86_64.rpm firefox-debuginfo-3.0.7-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm i386: firefox-3.0.7-3.el4.i386.rpm firefox-debuginfo-3.0.7-3.el4.i386.rpm x86_64: firefox-3.0.7-3.el4.x86_64.rpm firefox-debuginfo-3.0.7-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm i386: firefox-3.0.7-3.el4.i386.rpm firefox-debuginfo-3.0.7-3.el4.i386.rpm ia64: firefox-3.0.7-3.el4.ia64.rpm firefox-debuginfo-3.0.7-3.el4.ia64.rpm x86_64: firefox-3.0.7-3.el4.x86_64.rpm firefox-debuginfo-3.0.7-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.7-3.el4.src.rpm i386: firefox-3.0.7-3.el4.i386.rpm firefox-debuginfo-3.0.7-3.el4.i386.rpm ia64: firefox-3.0.7-3.el4.ia64.rpm firefox-debuginfo-3.0.7-3.el4.ia64.rpm x86_64: firefox-3.0.7-3.el4.x86_64.rpm firefox-debuginfo-3.0.7-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.7-3.el5.src.rpm i386: xulrunner-1.9.0.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm x86_64: xulrunner-1.9.0.7-3.el5.i386.rpm xulrunner-1.9.0.7-3.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-3.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.7-3.el5.src.rpm i386: xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm xulrunner-devel-1.9.0.7-3.el5.i386.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.i386.rpm x86_64: xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-3.el5.x86_64.rpm xulrunner-devel-1.9.0.7-3.el5.i386.rpm xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.7-3.el5.src.rpm i386: xulrunner-1.9.0.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm xulrunner-devel-1.9.0.7-3.el5.i386.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.i386.rpm ia64: xulrunner-1.9.0.7-3.el5.ia64.rpm xulrunner-debuginfo-1.9.0.7-3.el5.ia64.rpm xulrunner-devel-1.9.0.7-3.el5.ia64.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.ia64.rpm ppc: xulrunner-1.9.0.7-3.el5.ppc.rpm xulrunner-1.9.0.7-3.el5.ppc64.rpm xulrunner-debuginfo-1.9.0.7-3.el5.ppc.rpm xulrunner-debuginfo-1.9.0.7-3.el5.ppc64.rpm xulrunner-devel-1.9.0.7-3.el5.ppc.rpm xulrunner-devel-1.9.0.7-3.el5.ppc64.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.ppc.rpm s390x: xulrunner-1.9.0.7-3.el5.s390.rpm xulrunner-1.9.0.7-3.el5.s390x.rpm xulrunner-debuginfo-1.9.0.7-3.el5.s390.rpm xulrunner-debuginfo-1.9.0.7-3.el5.s390x.rpm xulrunner-devel-1.9.0.7-3.el5.s390.rpm xulrunner-devel-1.9.0.7-3.el5.s390x.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.s390x.rpm x86_64: xulrunner-1.9.0.7-3.el5.i386.rpm xulrunner-1.9.0.7-3.el5.x86_64.rpm xulrunner-debuginfo-1.9.0.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.0.7-3.el5.x86_64.rpm xulrunner-devel-1.9.0.7-3.el5.i386.rpm xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm xulrunner-devel-unstable-1.9.0.7-3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169 http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.8 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJzWMFXlSAg2UNWIIRAkRnAKCgDGbeypbrcwRS8mMYNE6vyHI1wgCgqy+W 0Ggdqk6FG/CXMksWHLRTlqU= =1vxs -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 27 23:36:48 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 27 Mar 2009 19:36:48 -0400 Subject: [RHSA-2009:0398-01] Critical: seamonkey security update Message-ID: <200903272336.n2RNasjP014412@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2009:0398-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0398.html Issue date: 2009-03-27 CVE Names: CVE-2009-1044 CVE-2009-1169 ===================================================================== 1. Summary: Updated seamonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 492211 - CVE-2009-1169 Firefox XSLT memory corruption issue 492212 - CVE-2009-1044 Firefox XUL garbage collection issue (cansecwest pwn2own) 6. Package List: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.9-0.32.el2.src.rpm i386: seamonkey-1.0.9-0.32.el2.i386.rpm seamonkey-chat-1.0.9-0.32.el2.i386.rpm seamonkey-devel-1.0.9-0.32.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.32.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.32.el2.i386.rpm seamonkey-mail-1.0.9-0.32.el2.i386.rpm seamonkey-nspr-1.0.9-0.32.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.32.el2.i386.rpm seamonkey-nss-1.0.9-0.32.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.32.el2.i386.rpm ia64: seamonkey-1.0.9-0.32.el2.ia64.rpm seamonkey-chat-1.0.9-0.32.el2.ia64.rpm seamonkey-devel-1.0.9-0.32.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.32.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.32.el2.ia64.rpm seamonkey-mail-1.0.9-0.32.el2.ia64.rpm seamonkey-nspr-1.0.9-0.32.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.32.el2.ia64.rpm seamonkey-nss-1.0.9-0.32.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.32.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: Source: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.9-0.32.el2.src.rpm ia64: seamonkey-1.0.9-0.32.el2.ia64.rpm seamonkey-chat-1.0.9-0.32.el2.ia64.rpm seamonkey-devel-1.0.9-0.32.el2.ia64.rpm seamonkey-dom-inspector-1.0.9-0.32.el2.ia64.rpm seamonkey-js-debugger-1.0.9-0.32.el2.ia64.rpm seamonkey-mail-1.0.9-0.32.el2.ia64.rpm seamonkey-nspr-1.0.9-0.32.el2.ia64.rpm seamonkey-nspr-devel-1.0.9-0.32.el2.ia64.rpm seamonkey-nss-1.0.9-0.32.el2.ia64.rpm seamonkey-nss-devel-1.0.9-0.32.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.9-0.32.el2.src.rpm i386: seamonkey-1.0.9-0.32.el2.i386.rpm seamonkey-chat-1.0.9-0.32.el2.i386.rpm seamonkey-devel-1.0.9-0.32.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.32.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.32.el2.i386.rpm seamonkey-mail-1.0.9-0.32.el2.i386.rpm seamonkey-nspr-1.0.9-0.32.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.32.el2.i386.rpm seamonkey-nss-1.0.9-0.32.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.32.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: Source: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.9-0.32.el2.src.rpm i386: seamonkey-1.0.9-0.32.el2.i386.rpm seamonkey-chat-1.0.9-0.32.el2.i386.rpm seamonkey-devel-1.0.9-0.32.el2.i386.rpm seamonkey-dom-inspector-1.0.9-0.32.el2.i386.rpm seamonkey-js-debugger-1.0.9-0.32.el2.i386.rpm seamonkey-mail-1.0.9-0.32.el2.i386.rpm seamonkey-nspr-1.0.9-0.32.el2.i386.rpm seamonkey-nspr-devel-1.0.9-0.32.el2.i386.rpm seamonkey-nss-1.0.9-0.32.el2.i386.rpm seamonkey-nss-devel-1.0.9-0.32.el2.i386.rpm Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.36.el3.src.rpm i386: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-chat-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-devel-1.0.9-0.36.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.36.el3.i386.rpm seamonkey-mail-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.36.el3.i386.rpm ia64: seamonkey-1.0.9-0.36.el3.ia64.rpm seamonkey-chat-1.0.9-0.36.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.ia64.rpm seamonkey-devel-1.0.9-0.36.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.36.el3.ia64.rpm seamonkey-mail-1.0.9-0.36.el3.ia64.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.ia64.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.36.el3.ia64.rpm ppc: seamonkey-1.0.9-0.36.el3.ppc.rpm seamonkey-chat-1.0.9-0.36.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.36.el3.ppc.rpm seamonkey-devel-1.0.9-0.36.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.36.el3.ppc.rpm seamonkey-mail-1.0.9-0.36.el3.ppc.rpm seamonkey-nspr-1.0.9-0.36.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.ppc.rpm seamonkey-nss-1.0.9-0.36.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.36.el3.ppc.rpm s390: seamonkey-1.0.9-0.36.el3.s390.rpm seamonkey-chat-1.0.9-0.36.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.36.el3.s390.rpm seamonkey-devel-1.0.9-0.36.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.36.el3.s390.rpm seamonkey-mail-1.0.9-0.36.el3.s390.rpm seamonkey-nspr-1.0.9-0.36.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.s390.rpm seamonkey-nss-1.0.9-0.36.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.36.el3.s390.rpm s390x: seamonkey-1.0.9-0.36.el3.s390x.rpm seamonkey-chat-1.0.9-0.36.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.36.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.36.el3.s390x.rpm seamonkey-devel-1.0.9-0.36.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.36.el3.s390x.rpm seamonkey-mail-1.0.9-0.36.el3.s390x.rpm seamonkey-nspr-1.0.9-0.36.el3.s390.rpm seamonkey-nspr-1.0.9-0.36.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.s390x.rpm seamonkey-nss-1.0.9-0.36.el3.s390.rpm seamonkey-nss-1.0.9-0.36.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.36.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-1.0.9-0.36.el3.x86_64.rpm seamonkey-chat-1.0.9-0.36.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.x86_64.rpm seamonkey-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.36.el3.x86_64.rpm seamonkey-mail-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.36.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.36.el3.src.rpm i386: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-chat-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-devel-1.0.9-0.36.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.36.el3.i386.rpm seamonkey-mail-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.36.el3.i386.rpm x86_64: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-1.0.9-0.36.el3.x86_64.rpm seamonkey-chat-1.0.9-0.36.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.x86_64.rpm seamonkey-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.36.el3.x86_64.rpm seamonkey-mail-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.36.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.36.el3.src.rpm i386: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-chat-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-devel-1.0.9-0.36.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.36.el3.i386.rpm seamonkey-mail-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.36.el3.i386.rpm ia64: seamonkey-1.0.9-0.36.el3.ia64.rpm seamonkey-chat-1.0.9-0.36.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.ia64.rpm seamonkey-devel-1.0.9-0.36.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.36.el3.ia64.rpm seamonkey-mail-1.0.9-0.36.el3.ia64.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.ia64.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.36.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-1.0.9-0.36.el3.x86_64.rpm seamonkey-chat-1.0.9-0.36.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.x86_64.rpm seamonkey-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.36.el3.x86_64.rpm seamonkey-mail-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.36.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.36.el3.src.rpm i386: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-chat-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-devel-1.0.9-0.36.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.36.el3.i386.rpm seamonkey-mail-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.36.el3.i386.rpm ia64: seamonkey-1.0.9-0.36.el3.ia64.rpm seamonkey-chat-1.0.9-0.36.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.ia64.rpm seamonkey-devel-1.0.9-0.36.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.36.el3.ia64.rpm seamonkey-mail-1.0.9-0.36.el3.ia64.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.ia64.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.36.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.36.el3.i386.rpm seamonkey-1.0.9-0.36.el3.x86_64.rpm seamonkey-chat-1.0.9-0.36.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.36.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.36.el3.x86_64.rpm seamonkey-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.36.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.36.el3.x86_64.rpm seamonkey-mail-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.36.el3.i386.rpm seamonkey-nspr-1.0.9-0.36.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-1.0.9-0.36.el3.i386.rpm seamonkey-nss-1.0.9-0.36.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.36.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-40.el4.src.rpm i386: seamonkey-1.0.9-40.el4.i386.rpm seamonkey-chat-1.0.9-40.el4.i386.rpm seamonkey-debuginfo-1.0.9-40.el4.i386.rpm seamonkey-devel-1.0.9-40.el4.i386.rpm seamonkey-dom-inspector-1.0.9-40.el4.i386.rpm seamonkey-js-debugger-1.0.9-40.el4.i386.rpm seamonkey-mail-1.0.9-40.el4.i386.rpm ia64: seamonkey-1.0.9-40.el4.ia64.rpm seamonkey-chat-1.0.9-40.el4.ia64.rpm seamonkey-debuginfo-1.0.9-40.el4.ia64.rpm seamonkey-devel-1.0.9-40.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-40.el4.ia64.rpm seamonkey-js-debugger-1.0.9-40.el4.ia64.rpm seamonkey-mail-1.0.9-40.el4.ia64.rpm ppc: seamonkey-1.0.9-40.el4.ppc.rpm seamonkey-chat-1.0.9-40.el4.ppc.rpm seamonkey-debuginfo-1.0.9-40.el4.ppc.rpm seamonkey-devel-1.0.9-40.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-40.el4.ppc.rpm seamonkey-js-debugger-1.0.9-40.el4.ppc.rpm seamonkey-mail-1.0.9-40.el4.ppc.rpm s390: seamonkey-1.0.9-40.el4.s390.rpm seamonkey-chat-1.0.9-40.el4.s390.rpm seamonkey-debuginfo-1.0.9-40.el4.s390.rpm seamonkey-devel-1.0.9-40.el4.s390.rpm seamonkey-dom-inspector-1.0.9-40.el4.s390.rpm seamonkey-js-debugger-1.0.9-40.el4.s390.rpm seamonkey-mail-1.0.9-40.el4.s390.rpm s390x: seamonkey-1.0.9-40.el4.s390x.rpm seamonkey-chat-1.0.9-40.el4.s390x.rpm seamonkey-debuginfo-1.0.9-40.el4.s390x.rpm seamonkey-devel-1.0.9-40.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-40.el4.s390x.rpm seamonkey-js-debugger-1.0.9-40.el4.s390x.rpm seamonkey-mail-1.0.9-40.el4.s390x.rpm x86_64: seamonkey-1.0.9-40.el4.x86_64.rpm seamonkey-chat-1.0.9-40.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-40.el4.x86_64.rpm seamonkey-devel-1.0.9-40.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-40.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-40.el4.x86_64.rpm seamonkey-mail-1.0.9-40.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-40.el4.src.rpm i386: seamonkey-1.0.9-40.el4.i386.rpm seamonkey-chat-1.0.9-40.el4.i386.rpm seamonkey-debuginfo-1.0.9-40.el4.i386.rpm seamonkey-devel-1.0.9-40.el4.i386.rpm seamonkey-dom-inspector-1.0.9-40.el4.i386.rpm seamonkey-js-debugger-1.0.9-40.el4.i386.rpm seamonkey-mail-1.0.9-40.el4.i386.rpm x86_64: seamonkey-1.0.9-40.el4.x86_64.rpm seamonkey-chat-1.0.9-40.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-40.el4.x86_64.rpm seamonkey-devel-1.0.9-40.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-40.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-40.el4.x86_64.rpm seamonkey-mail-1.0.9-40.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-40.el4.src.rpm i386: seamonkey-1.0.9-40.el4.i386.rpm seamonkey-chat-1.0.9-40.el4.i386.rpm seamonkey-debuginfo-1.0.9-40.el4.i386.rpm seamonkey-devel-1.0.9-40.el4.i386.rpm seamonkey-dom-inspector-1.0.9-40.el4.i386.rpm seamonkey-js-debugger-1.0.9-40.el4.i386.rpm seamonkey-mail-1.0.9-40.el4.i386.rpm ia64: seamonkey-1.0.9-40.el4.ia64.rpm seamonkey-chat-1.0.9-40.el4.ia64.rpm seamonkey-debuginfo-1.0.9-40.el4.ia64.rpm seamonkey-devel-1.0.9-40.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-40.el4.ia64.rpm seamonkey-js-debugger-1.0.9-40.el4.ia64.rpm seamonkey-mail-1.0.9-40.el4.ia64.rpm x86_64: seamonkey-1.0.9-40.el4.x86_64.rpm seamonkey-chat-1.0.9-40.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-40.el4.x86_64.rpm seamonkey-devel-1.0.9-40.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-40.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-40.el4.x86_64.rpm seamonkey-mail-1.0.9-40.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-40.el4.src.rpm i386: seamonkey-1.0.9-40.el4.i386.rpm seamonkey-chat-1.0.9-40.el4.i386.rpm seamonkey-debuginfo-1.0.9-40.el4.i386.rpm seamonkey-devel-1.0.9-40.el4.i386.rpm seamonkey-dom-inspector-1.0.9-40.el4.i386.rpm seamonkey-js-debugger-1.0.9-40.el4.i386.rpm seamonkey-mail-1.0.9-40.el4.i386.rpm ia64: seamonkey-1.0.9-40.el4.ia64.rpm seamonkey-chat-1.0.9-40.el4.ia64.rpm seamonkey-debuginfo-1.0.9-40.el4.ia64.rpm seamonkey-devel-1.0.9-40.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-40.el4.ia64.rpm seamonkey-js-debugger-1.0.9-40.el4.ia64.rpm seamonkey-mail-1.0.9-40.el4.ia64.rpm x86_64: seamonkey-1.0.9-40.el4.x86_64.rpm seamonkey-chat-1.0.9-40.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-40.el4.x86_64.rpm seamonkey-devel-1.0.9-40.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-40.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-40.el4.x86_64.rpm seamonkey-mail-1.0.9-40.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJzWMNXlSAg2UNWIIRAmvxAJ9ExlDhea3FSG+m9HxRivgVpTohYgCgnsAA 1gkE1MCCBaj68B206ezhH+4= =B++D -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 30 16:56:12 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Mar 2009 12:56:12 -0400 Subject: [RHSA-2009:0402-01] Important: openswan security update Message-ID: <200903301656.n2UGuDUJ013394@int-mx1.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openswan security update Advisory ID: RHSA-2009:0402-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0402.html Issue date: 2009-03-30 CVE Names: CVE-2008-4190 CVE-2009-0790 ===================================================================== 1. Summary: Updated openswan packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. (CVE-2009-0790) It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local attacker could use this flaw to overwrite arbitrary files owned by the user running the script. (CVE-2008-4190) Note: The livetest script is an incomplete feature and was not automatically executed by any other script distributed with Openswan, or intended to be used at all, as was documented in its man page. In these updated packages, the script only prints an informative message and exits immediately when run. All users of openswan are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the ipsec service will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 460425 - CVE-2008-4190 openswan: Insecure auxiliary /tmp file usage (symlink attack possible) 491895 - CVE-2009-0790 openswan: ISAKMP DPD remote DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.14-1.el5_3.2.src.rpm i386: openswan-2.6.14-1.el5_3.2.i386.rpm openswan-debuginfo-2.6.14-1.el5_3.2.i386.rpm openswan-doc-2.6.14-1.el5_3.2.i386.rpm x86_64: openswan-2.6.14-1.el5_3.2.x86_64.rpm openswan-debuginfo-2.6.14-1.el5_3.2.x86_64.rpm openswan-doc-2.6.14-1.el5_3.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.14-1.el5_3.2.src.rpm i386: openswan-2.6.14-1.el5_3.2.i386.rpm openswan-debuginfo-2.6.14-1.el5_3.2.i386.rpm openswan-doc-2.6.14-1.el5_3.2.i386.rpm ia64: openswan-2.6.14-1.el5_3.2.ia64.rpm openswan-debuginfo-2.6.14-1.el5_3.2.ia64.rpm openswan-doc-2.6.14-1.el5_3.2.ia64.rpm ppc: openswan-2.6.14-1.el5_3.2.ppc.rpm openswan-debuginfo-2.6.14-1.el5_3.2.ppc.rpm openswan-doc-2.6.14-1.el5_3.2.ppc.rpm s390x: openswan-2.6.14-1.el5_3.2.s390x.rpm openswan-debuginfo-2.6.14-1.el5_3.2.s390x.rpm openswan-doc-2.6.14-1.el5_3.2.s390x.rpm x86_64: openswan-2.6.14-1.el5_3.2.x86_64.rpm openswan-debuginfo-2.6.14-1.el5_3.2.x86_64.rpm openswan-doc-2.6.14-1.el5_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJ0PmEXlSAg2UNWIIRAuOtAJwMxfZ9TKHhei1D2Jp1mEmVRXH6DwCgt8PV Dq7e4zLUgKK86arc4O6kwoU= =i3S7 -----END PGP SIGNATURE-----