From bugzilla at redhat.com Thu Oct 1 17:40:33 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Oct 2009 13:40:33 -0400 Subject: [RHSA-2009:1471-01] Important: elinks security update Message-ID: <200910011740.n91HeXiK019126@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: elinks security update Advisory ID: RHSA-2009:1471-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1471.html Issue date: 2009-10-01 CVE Names: CVE-2007-2027 CVE-2008-7224 ===================================================================== 1. Summary: An updated elinks package that fixes two security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker could use this flaw to create a specially-crafted HTML file that would cause ELinks to crash or, possibly, execute arbitrary code when rendered. (CVE-2008-7224) It was discovered that ELinks tried to load translation files using relative paths. A local attacker able to trick a victim into running ELinks in a folder containing specially-crafted translation files could use this flaw to confuse the victim via incorrect translations, or cause ELinks to crash and possibly execute arbitrary code via embedded formatting sequences in translated messages. (CVE-2007-2027) All ELinks users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 235411 - CVE-2007-2027 elinks tries to load .po files from a non-absolute path 523258 - CVE-2008-7224 elinks: entity_cache static array buffer overflow (off-by-one) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/elinks-0.9.2-4.el4_8.1.src.rpm i386: elinks-0.9.2-4.el4_8.1.i386.rpm elinks-debuginfo-0.9.2-4.el4_8.1.i386.rpm ia64: elinks-0.9.2-4.el4_8.1.ia64.rpm elinks-debuginfo-0.9.2-4.el4_8.1.ia64.rpm ppc: elinks-0.9.2-4.el4_8.1.ppc.rpm elinks-debuginfo-0.9.2-4.el4_8.1.ppc.rpm s390: elinks-0.9.2-4.el4_8.1.s390.rpm elinks-debuginfo-0.9.2-4.el4_8.1.s390.rpm s390x: elinks-0.9.2-4.el4_8.1.s390x.rpm elinks-debuginfo-0.9.2-4.el4_8.1.s390x.rpm x86_64: elinks-0.9.2-4.el4_8.1.x86_64.rpm elinks-debuginfo-0.9.2-4.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/elinks-0.9.2-4.el4_8.1.src.rpm i386: elinks-0.9.2-4.el4_8.1.i386.rpm elinks-debuginfo-0.9.2-4.el4_8.1.i386.rpm x86_64: elinks-0.9.2-4.el4_8.1.x86_64.rpm elinks-debuginfo-0.9.2-4.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/elinks-0.9.2-4.el4_8.1.src.rpm i386: elinks-0.9.2-4.el4_8.1.i386.rpm elinks-debuginfo-0.9.2-4.el4_8.1.i386.rpm ia64: elinks-0.9.2-4.el4_8.1.ia64.rpm elinks-debuginfo-0.9.2-4.el4_8.1.ia64.rpm x86_64: elinks-0.9.2-4.el4_8.1.x86_64.rpm elinks-debuginfo-0.9.2-4.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/elinks-0.9.2-4.el4_8.1.src.rpm i386: elinks-0.9.2-4.el4_8.1.i386.rpm elinks-debuginfo-0.9.2-4.el4_8.1.i386.rpm ia64: elinks-0.9.2-4.el4_8.1.ia64.rpm elinks-debuginfo-0.9.2-4.el4_8.1.ia64.rpm x86_64: elinks-0.9.2-4.el4_8.1.x86_64.rpm elinks-debuginfo-0.9.2-4.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/elinks-0.11.1-6.el5_4.1.src.rpm i386: elinks-0.11.1-6.el5_4.1.i386.rpm elinks-debuginfo-0.11.1-6.el5_4.1.i386.rpm x86_64: elinks-0.11.1-6.el5_4.1.x86_64.rpm elinks-debuginfo-0.11.1-6.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/elinks-0.11.1-6.el5_4.1.src.rpm i386: elinks-0.11.1-6.el5_4.1.i386.rpm elinks-debuginfo-0.11.1-6.el5_4.1.i386.rpm ia64: elinks-0.11.1-6.el5_4.1.ia64.rpm elinks-debuginfo-0.11.1-6.el5_4.1.ia64.rpm ppc: elinks-0.11.1-6.el5_4.1.ppc.rpm elinks-debuginfo-0.11.1-6.el5_4.1.ppc.rpm s390x: elinks-0.11.1-6.el5_4.1.s390x.rpm elinks-debuginfo-0.11.1-6.el5_4.1.s390x.rpm x86_64: elinks-0.11.1-6.el5_4.1.x86_64.rpm elinks-debuginfo-0.11.1-6.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7224 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKxOkdXlSAg2UNWIIRAtXHAKCVF6l/7CYcxnaLegsmKwe9LcbqVwCfcwiE NPI04ky31xt1Pei00zutNls= =220E -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 1 18:05:08 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Oct 2009 14:05:08 -0400 Subject: [RHSA-2009:1472-01] Moderate: xen security and bug fix update Message-ID: <200910011805.n91I58G4011104@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xen security and bug fix update Advisory ID: RHSA-2009:1472-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1472.html Issue date: 2009-10-01 CVE Names: CVE-2009-3525 ===================================================================== 1. Summary: Updated xen packages that fix a security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access to a guest's console could use this flaw to bypass intended access restrictions and boot the guest with arbitrary kernel boot options, allowing them to get root privileges in the guest's operating system. With this update, pyGrub correctly honors the "password" option in grub.conf for para-virtualized guests. (CVE-2009-3525) This update also fixes the following bugs: * rebooting para-virtualized guests sometimes caused those guests to crash due to a race condition in the xend node control daemon. This update fixes this race condition so that rebooting guests no longer potentially causes them to crash and fail to reboot. (BZ#525141) * due to a race condition in the xend daemon, a guest could disappear from the list of running guests following a reboot, even though the guest rebooted successfully and was running. This update fixes this race condition so that guests always reappear in the guest list following a reboot. (BZ#525143) * attempting to use PCI pass-through to para-virtualized guests on certain kernels failed with a "Function not implemented" error message. As a result, users requiring PCI pass-through on para-virtualized guests were not able to update the xen packages without also updating the kernel and thus requiring a reboot. These updated packages enable PCI pass-through for para-virtualized guests so that users do not need to upgrade the kernel in order to take advantage of PCI pass-through functionality. (BZ#525149) All Xen users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the xend service must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 525141 - [REG][Xen][5.4] PV domains may crash after reboot 525142 - Add grub.conf password protection support to pygrub 525143 - Domain goes missing from xm list when rebooted 525149 - PCI-Paththrough with PCI-Card does not work anymore with RHEL5.4 525740 - CVE-2009-3525 Xen: PyGrub missing support for password configuration command 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-94.el5_4.1.src.rpm i386: xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-libs-3.0.3-94.el5_4.1.i386.rpm x86_64: xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-debuginfo-3.0.3-94.el5_4.1.x86_64.rpm xen-libs-3.0.3-94.el5_4.1.i386.rpm xen-libs-3.0.3-94.el5_4.1.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-94.el5_4.1.src.rpm i386: xen-3.0.3-94.el5_4.1.i386.rpm xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-devel-3.0.3-94.el5_4.1.i386.rpm x86_64: xen-3.0.3-94.el5_4.1.x86_64.rpm xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-debuginfo-3.0.3-94.el5_4.1.x86_64.rpm xen-devel-3.0.3-94.el5_4.1.i386.rpm xen-devel-3.0.3-94.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-94.el5_4.1.src.rpm i386: xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-libs-3.0.3-94.el5_4.1.i386.rpm ia64: xen-debuginfo-3.0.3-94.el5_4.1.ia64.rpm xen-libs-3.0.3-94.el5_4.1.ia64.rpm x86_64: xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-debuginfo-3.0.3-94.el5_4.1.x86_64.rpm xen-libs-3.0.3-94.el5_4.1.i386.rpm xen-libs-3.0.3-94.el5_4.1.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-94.el5_4.1.src.rpm i386: xen-3.0.3-94.el5_4.1.i386.rpm xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-devel-3.0.3-94.el5_4.1.i386.rpm ia64: xen-3.0.3-94.el5_4.1.ia64.rpm xen-debuginfo-3.0.3-94.el5_4.1.ia64.rpm xen-devel-3.0.3-94.el5_4.1.ia64.rpm x86_64: xen-3.0.3-94.el5_4.1.x86_64.rpm xen-debuginfo-3.0.3-94.el5_4.1.i386.rpm xen-debuginfo-3.0.3-94.el5_4.1.x86_64.rpm xen-devel-3.0.3-94.el5_4.1.i386.rpm xen-devel-3.0.3-94.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3525 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKxO2XXlSAg2UNWIIRAsPPAJ4i18xJUx52oWsaPTewkxBdGLmEawCgvCXd t6esSz1cprNA01VG0AbjuZQ= =kJJi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 7 16:34:13 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Oct 2009 12:34:13 -0400 Subject: [RHSA-2009:1484-01] Moderate: postgresql security update Message-ID: <200910071634.n97GYDES001222@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2009:1484-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1484.html Issue date: 2009-10-07 CVE Names: CVE-2009-0922 CVE-2009-3230 ===================================================================== 1. Summary: Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 488156 - CVE-2009-0922 postgresql: potential DoS due to conversion functions 522085 - CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.26-1.el4_8.1.src.rpm i386: postgresql-7.4.26-1.el4_8.1.i386.rpm postgresql-contrib-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-devel-7.4.26-1.el4_8.1.i386.rpm postgresql-docs-7.4.26-1.el4_8.1.i386.rpm postgresql-jdbc-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-pl-7.4.26-1.el4_8.1.i386.rpm postgresql-python-7.4.26-1.el4_8.1.i386.rpm postgresql-server-7.4.26-1.el4_8.1.i386.rpm postgresql-tcl-7.4.26-1.el4_8.1.i386.rpm postgresql-test-7.4.26-1.el4_8.1.i386.rpm ia64: postgresql-7.4.26-1.el4_8.1.ia64.rpm postgresql-contrib-7.4.26-1.el4_8.1.ia64.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.ia64.rpm postgresql-devel-7.4.26-1.el4_8.1.ia64.rpm postgresql-docs-7.4.26-1.el4_8.1.ia64.rpm postgresql-jdbc-7.4.26-1.el4_8.1.ia64.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.ia64.rpm postgresql-pl-7.4.26-1.el4_8.1.ia64.rpm postgresql-python-7.4.26-1.el4_8.1.ia64.rpm postgresql-server-7.4.26-1.el4_8.1.ia64.rpm postgresql-tcl-7.4.26-1.el4_8.1.ia64.rpm postgresql-test-7.4.26-1.el4_8.1.ia64.rpm ppc: postgresql-7.4.26-1.el4_8.1.ppc.rpm postgresql-contrib-7.4.26-1.el4_8.1.ppc.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.ppc.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.ppc64.rpm postgresql-devel-7.4.26-1.el4_8.1.ppc.rpm postgresql-docs-7.4.26-1.el4_8.1.ppc.rpm postgresql-jdbc-7.4.26-1.el4_8.1.ppc.rpm postgresql-libs-7.4.26-1.el4_8.1.ppc.rpm postgresql-libs-7.4.26-1.el4_8.1.ppc64.rpm postgresql-pl-7.4.26-1.el4_8.1.ppc.rpm postgresql-python-7.4.26-1.el4_8.1.ppc.rpm postgresql-server-7.4.26-1.el4_8.1.ppc.rpm postgresql-tcl-7.4.26-1.el4_8.1.ppc.rpm postgresql-test-7.4.26-1.el4_8.1.ppc.rpm s390: postgresql-7.4.26-1.el4_8.1.s390.rpm postgresql-contrib-7.4.26-1.el4_8.1.s390.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.s390.rpm postgresql-devel-7.4.26-1.el4_8.1.s390.rpm postgresql-docs-7.4.26-1.el4_8.1.s390.rpm postgresql-jdbc-7.4.26-1.el4_8.1.s390.rpm postgresql-libs-7.4.26-1.el4_8.1.s390.rpm postgresql-pl-7.4.26-1.el4_8.1.s390.rpm postgresql-python-7.4.26-1.el4_8.1.s390.rpm postgresql-server-7.4.26-1.el4_8.1.s390.rpm postgresql-tcl-7.4.26-1.el4_8.1.s390.rpm postgresql-test-7.4.26-1.el4_8.1.s390.rpm s390x: postgresql-7.4.26-1.el4_8.1.s390x.rpm postgresql-contrib-7.4.26-1.el4_8.1.s390x.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.s390.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.s390x.rpm postgresql-devel-7.4.26-1.el4_8.1.s390x.rpm postgresql-docs-7.4.26-1.el4_8.1.s390x.rpm postgresql-jdbc-7.4.26-1.el4_8.1.s390x.rpm postgresql-libs-7.4.26-1.el4_8.1.s390.rpm postgresql-libs-7.4.26-1.el4_8.1.s390x.rpm postgresql-pl-7.4.26-1.el4_8.1.s390x.rpm postgresql-python-7.4.26-1.el4_8.1.s390x.rpm postgresql-server-7.4.26-1.el4_8.1.s390x.rpm postgresql-tcl-7.4.26-1.el4_8.1.s390x.rpm postgresql-test-7.4.26-1.el4_8.1.s390x.rpm x86_64: postgresql-7.4.26-1.el4_8.1.x86_64.rpm postgresql-contrib-7.4.26-1.el4_8.1.x86_64.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.x86_64.rpm postgresql-devel-7.4.26-1.el4_8.1.x86_64.rpm postgresql-docs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-pl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-python-7.4.26-1.el4_8.1.x86_64.rpm postgresql-server-7.4.26-1.el4_8.1.x86_64.rpm postgresql-tcl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.26-1.el4_8.1.src.rpm i386: postgresql-7.4.26-1.el4_8.1.i386.rpm postgresql-contrib-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-devel-7.4.26-1.el4_8.1.i386.rpm postgresql-docs-7.4.26-1.el4_8.1.i386.rpm postgresql-jdbc-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-pl-7.4.26-1.el4_8.1.i386.rpm postgresql-python-7.4.26-1.el4_8.1.i386.rpm postgresql-server-7.4.26-1.el4_8.1.i386.rpm postgresql-tcl-7.4.26-1.el4_8.1.i386.rpm postgresql-test-7.4.26-1.el4_8.1.i386.rpm x86_64: postgresql-7.4.26-1.el4_8.1.x86_64.rpm postgresql-contrib-7.4.26-1.el4_8.1.x86_64.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.x86_64.rpm postgresql-devel-7.4.26-1.el4_8.1.x86_64.rpm postgresql-docs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-pl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-python-7.4.26-1.el4_8.1.x86_64.rpm postgresql-server-7.4.26-1.el4_8.1.x86_64.rpm postgresql-tcl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.26-1.el4_8.1.src.rpm i386: postgresql-7.4.26-1.el4_8.1.i386.rpm postgresql-contrib-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-devel-7.4.26-1.el4_8.1.i386.rpm postgresql-docs-7.4.26-1.el4_8.1.i386.rpm postgresql-jdbc-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-pl-7.4.26-1.el4_8.1.i386.rpm postgresql-python-7.4.26-1.el4_8.1.i386.rpm postgresql-server-7.4.26-1.el4_8.1.i386.rpm postgresql-tcl-7.4.26-1.el4_8.1.i386.rpm postgresql-test-7.4.26-1.el4_8.1.i386.rpm ia64: postgresql-7.4.26-1.el4_8.1.ia64.rpm postgresql-contrib-7.4.26-1.el4_8.1.ia64.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.ia64.rpm postgresql-devel-7.4.26-1.el4_8.1.ia64.rpm postgresql-docs-7.4.26-1.el4_8.1.ia64.rpm postgresql-jdbc-7.4.26-1.el4_8.1.ia64.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.ia64.rpm postgresql-pl-7.4.26-1.el4_8.1.ia64.rpm postgresql-python-7.4.26-1.el4_8.1.ia64.rpm postgresql-server-7.4.26-1.el4_8.1.ia64.rpm postgresql-tcl-7.4.26-1.el4_8.1.ia64.rpm postgresql-test-7.4.26-1.el4_8.1.ia64.rpm x86_64: postgresql-7.4.26-1.el4_8.1.x86_64.rpm postgresql-contrib-7.4.26-1.el4_8.1.x86_64.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.x86_64.rpm postgresql-devel-7.4.26-1.el4_8.1.x86_64.rpm postgresql-docs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-pl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-python-7.4.26-1.el4_8.1.x86_64.rpm postgresql-server-7.4.26-1.el4_8.1.x86_64.rpm postgresql-tcl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.26-1.el4_8.1.src.rpm i386: postgresql-7.4.26-1.el4_8.1.i386.rpm postgresql-contrib-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-devel-7.4.26-1.el4_8.1.i386.rpm postgresql-docs-7.4.26-1.el4_8.1.i386.rpm postgresql-jdbc-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-pl-7.4.26-1.el4_8.1.i386.rpm postgresql-python-7.4.26-1.el4_8.1.i386.rpm postgresql-server-7.4.26-1.el4_8.1.i386.rpm postgresql-tcl-7.4.26-1.el4_8.1.i386.rpm postgresql-test-7.4.26-1.el4_8.1.i386.rpm ia64: postgresql-7.4.26-1.el4_8.1.ia64.rpm postgresql-contrib-7.4.26-1.el4_8.1.ia64.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.ia64.rpm postgresql-devel-7.4.26-1.el4_8.1.ia64.rpm postgresql-docs-7.4.26-1.el4_8.1.ia64.rpm postgresql-jdbc-7.4.26-1.el4_8.1.ia64.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.ia64.rpm postgresql-pl-7.4.26-1.el4_8.1.ia64.rpm postgresql-python-7.4.26-1.el4_8.1.ia64.rpm postgresql-server-7.4.26-1.el4_8.1.ia64.rpm postgresql-tcl-7.4.26-1.el4_8.1.ia64.rpm postgresql-test-7.4.26-1.el4_8.1.ia64.rpm x86_64: postgresql-7.4.26-1.el4_8.1.x86_64.rpm postgresql-contrib-7.4.26-1.el4_8.1.x86_64.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm postgresql-debuginfo-7.4.26-1.el4_8.1.x86_64.rpm postgresql-devel-7.4.26-1.el4_8.1.x86_64.rpm postgresql-docs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm postgresql-libs-7.4.26-1.el4_8.1.i386.rpm postgresql-libs-7.4.26-1.el4_8.1.x86_64.rpm postgresql-pl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-python-7.4.26-1.el4_8.1.x86_64.rpm postgresql-server-7.4.26-1.el4_8.1.x86_64.rpm postgresql-tcl-7.4.26-1.el4_8.1.x86_64.rpm postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.18-2.el5_4.1.src.rpm i386: postgresql-8.1.18-2.el5_4.1.i386.rpm postgresql-contrib-8.1.18-2.el5_4.1.i386.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.i386.rpm postgresql-docs-8.1.18-2.el5_4.1.i386.rpm postgresql-libs-8.1.18-2.el5_4.1.i386.rpm postgresql-python-8.1.18-2.el5_4.1.i386.rpm postgresql-tcl-8.1.18-2.el5_4.1.i386.rpm x86_64: postgresql-8.1.18-2.el5_4.1.x86_64.rpm postgresql-contrib-8.1.18-2.el5_4.1.x86_64.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.i386.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.x86_64.rpm postgresql-docs-8.1.18-2.el5_4.1.x86_64.rpm postgresql-libs-8.1.18-2.el5_4.1.i386.rpm postgresql-libs-8.1.18-2.el5_4.1.x86_64.rpm postgresql-python-8.1.18-2.el5_4.1.x86_64.rpm postgresql-tcl-8.1.18-2.el5_4.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.18-2.el5_4.1.src.rpm i386: postgresql-debuginfo-8.1.18-2.el5_4.1.i386.rpm postgresql-devel-8.1.18-2.el5_4.1.i386.rpm postgresql-pl-8.1.18-2.el5_4.1.i386.rpm postgresql-server-8.1.18-2.el5_4.1.i386.rpm postgresql-test-8.1.18-2.el5_4.1.i386.rpm x86_64: postgresql-debuginfo-8.1.18-2.el5_4.1.i386.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.x86_64.rpm postgresql-devel-8.1.18-2.el5_4.1.i386.rpm postgresql-devel-8.1.18-2.el5_4.1.x86_64.rpm postgresql-pl-8.1.18-2.el5_4.1.x86_64.rpm postgresql-server-8.1.18-2.el5_4.1.x86_64.rpm postgresql-test-8.1.18-2.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.18-2.el5_4.1.src.rpm i386: postgresql-8.1.18-2.el5_4.1.i386.rpm postgresql-contrib-8.1.18-2.el5_4.1.i386.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.i386.rpm postgresql-devel-8.1.18-2.el5_4.1.i386.rpm postgresql-docs-8.1.18-2.el5_4.1.i386.rpm postgresql-libs-8.1.18-2.el5_4.1.i386.rpm postgresql-pl-8.1.18-2.el5_4.1.i386.rpm postgresql-python-8.1.18-2.el5_4.1.i386.rpm postgresql-server-8.1.18-2.el5_4.1.i386.rpm postgresql-tcl-8.1.18-2.el5_4.1.i386.rpm postgresql-test-8.1.18-2.el5_4.1.i386.rpm ia64: postgresql-8.1.18-2.el5_4.1.ia64.rpm postgresql-contrib-8.1.18-2.el5_4.1.ia64.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.i386.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.ia64.rpm postgresql-devel-8.1.18-2.el5_4.1.ia64.rpm postgresql-docs-8.1.18-2.el5_4.1.ia64.rpm postgresql-libs-8.1.18-2.el5_4.1.i386.rpm postgresql-libs-8.1.18-2.el5_4.1.ia64.rpm postgresql-pl-8.1.18-2.el5_4.1.ia64.rpm postgresql-python-8.1.18-2.el5_4.1.ia64.rpm postgresql-server-8.1.18-2.el5_4.1.ia64.rpm postgresql-tcl-8.1.18-2.el5_4.1.ia64.rpm postgresql-test-8.1.18-2.el5_4.1.ia64.rpm ppc: postgresql-8.1.18-2.el5_4.1.ppc.rpm postgresql-8.1.18-2.el5_4.1.ppc64.rpm postgresql-contrib-8.1.18-2.el5_4.1.ppc.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.ppc.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.ppc64.rpm postgresql-devel-8.1.18-2.el5_4.1.ppc.rpm postgresql-devel-8.1.18-2.el5_4.1.ppc64.rpm postgresql-docs-8.1.18-2.el5_4.1.ppc.rpm postgresql-libs-8.1.18-2.el5_4.1.ppc.rpm postgresql-libs-8.1.18-2.el5_4.1.ppc64.rpm postgresql-pl-8.1.18-2.el5_4.1.ppc.rpm postgresql-python-8.1.18-2.el5_4.1.ppc.rpm postgresql-server-8.1.18-2.el5_4.1.ppc.rpm postgresql-tcl-8.1.18-2.el5_4.1.ppc.rpm postgresql-test-8.1.18-2.el5_4.1.ppc.rpm s390x: postgresql-8.1.18-2.el5_4.1.s390x.rpm postgresql-contrib-8.1.18-2.el5_4.1.s390x.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.s390.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.s390x.rpm postgresql-devel-8.1.18-2.el5_4.1.s390.rpm postgresql-devel-8.1.18-2.el5_4.1.s390x.rpm postgresql-docs-8.1.18-2.el5_4.1.s390x.rpm postgresql-libs-8.1.18-2.el5_4.1.s390.rpm postgresql-libs-8.1.18-2.el5_4.1.s390x.rpm postgresql-pl-8.1.18-2.el5_4.1.s390x.rpm postgresql-python-8.1.18-2.el5_4.1.s390x.rpm postgresql-server-8.1.18-2.el5_4.1.s390x.rpm postgresql-tcl-8.1.18-2.el5_4.1.s390x.rpm postgresql-test-8.1.18-2.el5_4.1.s390x.rpm x86_64: postgresql-8.1.18-2.el5_4.1.x86_64.rpm postgresql-contrib-8.1.18-2.el5_4.1.x86_64.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.i386.rpm postgresql-debuginfo-8.1.18-2.el5_4.1.x86_64.rpm postgresql-devel-8.1.18-2.el5_4.1.i386.rpm postgresql-devel-8.1.18-2.el5_4.1.x86_64.rpm postgresql-docs-8.1.18-2.el5_4.1.x86_64.rpm postgresql-libs-8.1.18-2.el5_4.1.i386.rpm postgresql-libs-8.1.18-2.el5_4.1.x86_64.rpm postgresql-pl-8.1.18-2.el5_4.1.x86_64.rpm postgresql-python-8.1.18-2.el5_4.1.x86_64.rpm postgresql-server-8.1.18-2.el5_4.1.x86_64.rpm postgresql-tcl-8.1.18-2.el5_4.1.x86_64.rpm postgresql-test-8.1.18-2.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0922 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKzMKhXlSAg2UNWIIRAs1SAJ0cXA9C/L5ig717alYeY/2Ybyy/4wCeIoDM FpDQfebXA7Mes9B3tmgcPJ8= =bvpa -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 7 16:35:00 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Oct 2009 12:35:00 -0400 Subject: [RHSA-2009:1485-01] Moderate: postgresql security update Message-ID: <200910071635.n97GZ0lY015622@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2009:1485-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1485.html Issue date: 2009-10-07 CVE Names: CVE-2009-3230 ===================================================================== 1. Summary: Updated postgresql packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0039 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) All PostgreSQL users should upgrade to these updated packages, which contain a backported patch to correct this issue. If you are running a PostgreSQL server, the postgresql service must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 522085 - CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.21-2.src.rpm i386: rh-postgresql-7.3.21-2.i386.rpm rh-postgresql-contrib-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-devel-7.3.21-2.i386.rpm rh-postgresql-docs-7.3.21-2.i386.rpm rh-postgresql-jdbc-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-pl-7.3.21-2.i386.rpm rh-postgresql-python-7.3.21-2.i386.rpm rh-postgresql-server-7.3.21-2.i386.rpm rh-postgresql-tcl-7.3.21-2.i386.rpm rh-postgresql-test-7.3.21-2.i386.rpm ia64: rh-postgresql-7.3.21-2.ia64.rpm rh-postgresql-contrib-7.3.21-2.ia64.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.ia64.rpm rh-postgresql-devel-7.3.21-2.ia64.rpm rh-postgresql-docs-7.3.21-2.ia64.rpm rh-postgresql-jdbc-7.3.21-2.ia64.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.ia64.rpm rh-postgresql-pl-7.3.21-2.ia64.rpm rh-postgresql-python-7.3.21-2.ia64.rpm rh-postgresql-server-7.3.21-2.ia64.rpm rh-postgresql-tcl-7.3.21-2.ia64.rpm rh-postgresql-test-7.3.21-2.ia64.rpm ppc: rh-postgresql-7.3.21-2.ppc.rpm rh-postgresql-contrib-7.3.21-2.ppc.rpm rh-postgresql-debuginfo-7.3.21-2.ppc.rpm rh-postgresql-debuginfo-7.3.21-2.ppc64.rpm rh-postgresql-devel-7.3.21-2.ppc.rpm rh-postgresql-docs-7.3.21-2.ppc.rpm rh-postgresql-jdbc-7.3.21-2.ppc.rpm rh-postgresql-libs-7.3.21-2.ppc.rpm rh-postgresql-libs-7.3.21-2.ppc64.rpm rh-postgresql-pl-7.3.21-2.ppc.rpm rh-postgresql-python-7.3.21-2.ppc.rpm rh-postgresql-server-7.3.21-2.ppc.rpm rh-postgresql-tcl-7.3.21-2.ppc.rpm rh-postgresql-test-7.3.21-2.ppc.rpm s390: rh-postgresql-7.3.21-2.s390.rpm rh-postgresql-contrib-7.3.21-2.s390.rpm rh-postgresql-debuginfo-7.3.21-2.s390.rpm rh-postgresql-devel-7.3.21-2.s390.rpm rh-postgresql-docs-7.3.21-2.s390.rpm rh-postgresql-jdbc-7.3.21-2.s390.rpm rh-postgresql-libs-7.3.21-2.s390.rpm rh-postgresql-pl-7.3.21-2.s390.rpm rh-postgresql-python-7.3.21-2.s390.rpm rh-postgresql-server-7.3.21-2.s390.rpm rh-postgresql-tcl-7.3.21-2.s390.rpm rh-postgresql-test-7.3.21-2.s390.rpm s390x: rh-postgresql-7.3.21-2.s390x.rpm rh-postgresql-contrib-7.3.21-2.s390x.rpm rh-postgresql-debuginfo-7.3.21-2.s390.rpm rh-postgresql-debuginfo-7.3.21-2.s390x.rpm rh-postgresql-devel-7.3.21-2.s390x.rpm rh-postgresql-docs-7.3.21-2.s390x.rpm rh-postgresql-jdbc-7.3.21-2.s390x.rpm rh-postgresql-libs-7.3.21-2.s390.rpm rh-postgresql-libs-7.3.21-2.s390x.rpm rh-postgresql-pl-7.3.21-2.s390x.rpm rh-postgresql-python-7.3.21-2.s390x.rpm rh-postgresql-server-7.3.21-2.s390x.rpm rh-postgresql-tcl-7.3.21-2.s390x.rpm rh-postgresql-test-7.3.21-2.s390x.rpm x86_64: rh-postgresql-7.3.21-2.x86_64.rpm rh-postgresql-contrib-7.3.21-2.x86_64.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.x86_64.rpm rh-postgresql-devel-7.3.21-2.x86_64.rpm rh-postgresql-docs-7.3.21-2.x86_64.rpm rh-postgresql-jdbc-7.3.21-2.x86_64.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.x86_64.rpm rh-postgresql-pl-7.3.21-2.x86_64.rpm rh-postgresql-python-7.3.21-2.x86_64.rpm rh-postgresql-server-7.3.21-2.x86_64.rpm rh-postgresql-tcl-7.3.21-2.x86_64.rpm rh-postgresql-test-7.3.21-2.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.21-2.src.rpm i386: rh-postgresql-7.3.21-2.i386.rpm rh-postgresql-contrib-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-devel-7.3.21-2.i386.rpm rh-postgresql-docs-7.3.21-2.i386.rpm rh-postgresql-jdbc-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-pl-7.3.21-2.i386.rpm rh-postgresql-python-7.3.21-2.i386.rpm rh-postgresql-server-7.3.21-2.i386.rpm rh-postgresql-tcl-7.3.21-2.i386.rpm rh-postgresql-test-7.3.21-2.i386.rpm x86_64: rh-postgresql-7.3.21-2.x86_64.rpm rh-postgresql-contrib-7.3.21-2.x86_64.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.x86_64.rpm rh-postgresql-devel-7.3.21-2.x86_64.rpm rh-postgresql-docs-7.3.21-2.x86_64.rpm rh-postgresql-jdbc-7.3.21-2.x86_64.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.x86_64.rpm rh-postgresql-pl-7.3.21-2.x86_64.rpm rh-postgresql-python-7.3.21-2.x86_64.rpm rh-postgresql-server-7.3.21-2.x86_64.rpm rh-postgresql-tcl-7.3.21-2.x86_64.rpm rh-postgresql-test-7.3.21-2.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.21-2.src.rpm i386: rh-postgresql-7.3.21-2.i386.rpm rh-postgresql-contrib-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-devel-7.3.21-2.i386.rpm rh-postgresql-docs-7.3.21-2.i386.rpm rh-postgresql-jdbc-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-pl-7.3.21-2.i386.rpm rh-postgresql-python-7.3.21-2.i386.rpm rh-postgresql-server-7.3.21-2.i386.rpm rh-postgresql-tcl-7.3.21-2.i386.rpm rh-postgresql-test-7.3.21-2.i386.rpm ia64: rh-postgresql-7.3.21-2.ia64.rpm rh-postgresql-contrib-7.3.21-2.ia64.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.ia64.rpm rh-postgresql-devel-7.3.21-2.ia64.rpm rh-postgresql-docs-7.3.21-2.ia64.rpm rh-postgresql-jdbc-7.3.21-2.ia64.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.ia64.rpm rh-postgresql-pl-7.3.21-2.ia64.rpm rh-postgresql-python-7.3.21-2.ia64.rpm rh-postgresql-server-7.3.21-2.ia64.rpm rh-postgresql-tcl-7.3.21-2.ia64.rpm rh-postgresql-test-7.3.21-2.ia64.rpm x86_64: rh-postgresql-7.3.21-2.x86_64.rpm rh-postgresql-contrib-7.3.21-2.x86_64.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.x86_64.rpm rh-postgresql-devel-7.3.21-2.x86_64.rpm rh-postgresql-docs-7.3.21-2.x86_64.rpm rh-postgresql-jdbc-7.3.21-2.x86_64.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.x86_64.rpm rh-postgresql-pl-7.3.21-2.x86_64.rpm rh-postgresql-python-7.3.21-2.x86_64.rpm rh-postgresql-server-7.3.21-2.x86_64.rpm rh-postgresql-tcl-7.3.21-2.x86_64.rpm rh-postgresql-test-7.3.21-2.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.21-2.src.rpm i386: rh-postgresql-7.3.21-2.i386.rpm rh-postgresql-contrib-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-devel-7.3.21-2.i386.rpm rh-postgresql-docs-7.3.21-2.i386.rpm rh-postgresql-jdbc-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-pl-7.3.21-2.i386.rpm rh-postgresql-python-7.3.21-2.i386.rpm rh-postgresql-server-7.3.21-2.i386.rpm rh-postgresql-tcl-7.3.21-2.i386.rpm rh-postgresql-test-7.3.21-2.i386.rpm ia64: rh-postgresql-7.3.21-2.ia64.rpm rh-postgresql-contrib-7.3.21-2.ia64.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.ia64.rpm rh-postgresql-devel-7.3.21-2.ia64.rpm rh-postgresql-docs-7.3.21-2.ia64.rpm rh-postgresql-jdbc-7.3.21-2.ia64.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.ia64.rpm rh-postgresql-pl-7.3.21-2.ia64.rpm rh-postgresql-python-7.3.21-2.ia64.rpm rh-postgresql-server-7.3.21-2.ia64.rpm rh-postgresql-tcl-7.3.21-2.ia64.rpm rh-postgresql-test-7.3.21-2.ia64.rpm x86_64: rh-postgresql-7.3.21-2.x86_64.rpm rh-postgresql-contrib-7.3.21-2.x86_64.rpm rh-postgresql-debuginfo-7.3.21-2.i386.rpm rh-postgresql-debuginfo-7.3.21-2.x86_64.rpm rh-postgresql-devel-7.3.21-2.x86_64.rpm rh-postgresql-docs-7.3.21-2.x86_64.rpm rh-postgresql-jdbc-7.3.21-2.x86_64.rpm rh-postgresql-libs-7.3.21-2.i386.rpm rh-postgresql-libs-7.3.21-2.x86_64.rpm rh-postgresql-pl-7.3.21-2.x86_64.rpm rh-postgresql-python-7.3.21-2.x86_64.rpm rh-postgresql-server-7.3.21-2.x86_64.rpm rh-postgresql-tcl-7.3.21-2.x86_64.rpm rh-postgresql-test-7.3.21-2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKzMMLXlSAg2UNWIIRAnEQAJ4hiF1DpuVz9O5R8MdZky7pfsFhigCeIwGl CdzKgIJTzIiTIJJaIf3961Y= =oAmT -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 8 20:20:58 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Oct 2009 16:20:58 -0400 Subject: [RHSA-2009:1490-01] Moderate: squirrelmail security update Message-ID: <200910082020.n98KKwaW002614@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squirrelmail security update Advisory ID: RHSA-2009:1490-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1490.html Issue date: 2009-10-08 CVE Names: CVE-2009-2964 ===================================================================== 1. Summary: An updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux AS version 3 - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 3 - noarch Red Hat Enterprise Linux WS version 4 - noarch 3. Description: SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 517312 - CVE-2009-2964 squirrelmail: CSRF issues in all forms 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.8-16.el3.src.rpm noarch: squirrelmail-1.4.8-16.el3.noarch.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.8-16.el3.src.rpm noarch: squirrelmail-1.4.8-16.el3.noarch.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.8-16.el3.src.rpm noarch: squirrelmail-1.4.8-16.el3.noarch.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.8-16.el3.src.rpm noarch: squirrelmail-1.4.8-16.el3.noarch.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.8-5.el4_8.8.src.rpm noarch: squirrelmail-1.4.8-5.el4_8.8.noarch.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.8-5.el4_8.8.src.rpm noarch: squirrelmail-1.4.8-5.el4_8.8.noarch.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.8-5.el4_8.8.src.rpm noarch: squirrelmail-1.4.8-5.el4_8.8.noarch.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.8-5.el4_8.8.src.rpm noarch: squirrelmail-1.4.8-5.el4_8.8.noarch.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/squirrelmail-1.4.8-5.el5_4.10.src.rpm noarch: squirrelmail-1.4.8-5.el5_4.10.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/squirrelmail-1.4.8-5.el5_4.10.src.rpm noarch: squirrelmail-1.4.8-5.el5_4.10.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2964 http://www.redhat.com/security/updates/classification/#moderate http://www.squirrelmail.org/security/issue/2009-08-12 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKzklPXlSAg2UNWIIRAiZVAKCcr86MuUi+z5+QQYf0LG5VqmYJGQCglzQi mvgCq4tKgdt8S6qbiXr27KM= =r2SB -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 14 16:22:37 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Oct 2009 12:22:37 -0400 Subject: [RHSA-2009:1499-01] Critical: acroread security update Message-ID: <200910141622.n9EGMbZQ018587@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2009:1499-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1499.html Issue date: 2009-10-14 CVE Names: CVE-2009-2979 CVE-2009-2980 CVE-2009-2981 CVE-2009-2983 CVE-2009-2985 CVE-2009-2986 CVE-2009-2988 CVE-2009-2990 CVE-2009-2991 CVE-2009-2993 CVE-2009-2994 CVE-2009-2996 CVE-2009-2997 CVE-2009-2998 CVE-2009-3431 CVE-2009-3458 CVE-2009-3459 CVE-2009-3462 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-2980, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2990, CVE-2009-2991, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462) Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash when opened. (CVE-2009-2979, CVE-2009-2988, CVE-2009-3431) An input validation flaw was found in Adobe Reader. Opening a specially-crafted PDF file could lead to a Trust Manager restrictions bypass. (CVE-2009-2981) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 528071 - CVE-2009-3459 acroread: heap overflow fix in version 8.1.7 (APSB09-15) 528659 - acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15) 528665 - CVE-2009-2979 CVE-2009-2988 CVE-2009-3431 acroread: Multiple DoS fixes in 8.1.7 (APSB09-15) 528666 - CVE-2009-2981 acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15) 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: acroread-8.1.7-1.i386.rpm acroread-plugin-8.1.7-1.i386.rpm x86_64: acroread-8.1.7-1.i386.rpm Red Hat Desktop version 3 Extras: i386: acroread-8.1.7-1.i386.rpm acroread-plugin-8.1.7-1.i386.rpm x86_64: acroread-8.1.7-1.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: acroread-8.1.7-1.i386.rpm acroread-plugin-8.1.7-1.i386.rpm x86_64: acroread-8.1.7-1.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: acroread-8.1.7-1.i386.rpm acroread-plugin-8.1.7-1.i386.rpm x86_64: acroread-8.1.7-1.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-8.1.7-1.el4.i386.rpm acroread-plugin-8.1.7-1.el4.i386.rpm x86_64: acroread-8.1.7-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-8.1.7-1.el4.i386.rpm acroread-plugin-8.1.7-1.el4.i386.rpm x86_64: acroread-8.1.7-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-8.1.7-1.el4.i386.rpm acroread-plugin-8.1.7-1.el4.i386.rpm x86_64: acroread-8.1.7-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-8.1.7-1.el4.i386.rpm acroread-plugin-8.1.7-1.el4.i386.rpm x86_64: acroread-8.1.7-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: acroread-8.1.7-1.el5.i386.rpm acroread-plugin-8.1.7-1.el5.i386.rpm x86_64: acroread-8.1.7-1.el5.i386.rpm acroread-plugin-8.1.7-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: acroread-8.1.7-1.el5.i386.rpm acroread-plugin-8.1.7-1.el5.i386.rpm x86_64: acroread-8.1.7-1.el5.i386.rpm acroread-plugin-8.1.7-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462 http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb09-15.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1fq0XlSAg2UNWIIRApi5AKCbRP0OxKoT4Dr5Wihfd9Q5nAfxTACgsZwk UrxseotbW5ASovfZQjGlrPc= =2LHp -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 14 16:23:13 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Oct 2009 12:23:13 -0400 Subject: [RHSA-2009:1505-01] Moderate: java-1.4.2-ibm security update Message-ID: <200910141623.n9EGNDUl018768@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.4.2-ibm security update Advisory ID: RHSA-2009:1505-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1505.html Issue date: 2009-10-14 CVE Names: CVE-2008-5349 CVE-2009-2625 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP1 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2008-5349, CVE-2009-2625) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP1 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740) 512921 - CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701) 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.ppc.rpm s390: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el3.s390.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.1-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.1-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://www.redhat.com/security/updates/classification/#moderate http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1frUXlSAg2UNWIIRAiD7AKCNODIcakJHhsDcZ9Wn+tgeXOSZ1gCgtWzl +USgKn+t8k1HFy53kfNiOJk= =jTRi -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 09:28:40 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2009 05:28:40 -0400 Subject: [RHSA-2009:1500-01] Important: xpdf security update Message-ID: <200910150928.n9F9SeBJ020826@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xpdf security update Advisory ID: RHSA-2009:1500-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1500.html Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-3604 CVE-2009-3606 CVE-2009-3609 ===================================================================== 1. Summary: An updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604, CVE-2009-3606, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-17.el3.src.rpm i386: xpdf-2.02-17.el3.i386.rpm xpdf-debuginfo-2.02-17.el3.i386.rpm ia64: xpdf-2.02-17.el3.ia64.rpm xpdf-debuginfo-2.02-17.el3.ia64.rpm ppc: xpdf-2.02-17.el3.ppc.rpm xpdf-debuginfo-2.02-17.el3.ppc.rpm s390: xpdf-2.02-17.el3.s390.rpm xpdf-debuginfo-2.02-17.el3.s390.rpm s390x: xpdf-2.02-17.el3.s390x.rpm xpdf-debuginfo-2.02-17.el3.s390x.rpm x86_64: xpdf-2.02-17.el3.x86_64.rpm xpdf-debuginfo-2.02-17.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-17.el3.src.rpm i386: xpdf-2.02-17.el3.i386.rpm xpdf-debuginfo-2.02-17.el3.i386.rpm x86_64: xpdf-2.02-17.el3.x86_64.rpm xpdf-debuginfo-2.02-17.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-17.el3.src.rpm i386: xpdf-2.02-17.el3.i386.rpm xpdf-debuginfo-2.02-17.el3.i386.rpm ia64: xpdf-2.02-17.el3.ia64.rpm xpdf-debuginfo-2.02-17.el3.ia64.rpm x86_64: xpdf-2.02-17.el3.x86_64.rpm xpdf-debuginfo-2.02-17.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-17.el3.src.rpm i386: xpdf-2.02-17.el3.i386.rpm xpdf-debuginfo-2.02-17.el3.i386.rpm ia64: xpdf-2.02-17.el3.ia64.rpm xpdf-debuginfo-2.02-17.el3.ia64.rpm x86_64: xpdf-2.02-17.el3.x86_64.rpm xpdf-debuginfo-2.02-17.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1usxXlSAg2UNWIIRAutVAKCJbt/Z1TUYDuIQTff0sC1bJ95V7QCfQfwU +ex9jI4W0/xrRyq6ZjxK0BI= =jVmd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 09:29:00 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2009 05:29:00 -0400 Subject: [RHSA-2009:1501-01] Important: xpdf security update Message-ID: <200910150929.n9F9T0W2008591@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xpdf security update Advisory ID: RHSA-2009:1501-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1501.html Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 ===================================================================== 1. Summary: An updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-22.el4_8.1.src.rpm i386: xpdf-3.00-22.el4_8.1.i386.rpm xpdf-debuginfo-3.00-22.el4_8.1.i386.rpm ia64: xpdf-3.00-22.el4_8.1.ia64.rpm xpdf-debuginfo-3.00-22.el4_8.1.ia64.rpm ppc: xpdf-3.00-22.el4_8.1.ppc.rpm xpdf-debuginfo-3.00-22.el4_8.1.ppc.rpm s390: xpdf-3.00-22.el4_8.1.s390.rpm xpdf-debuginfo-3.00-22.el4_8.1.s390.rpm s390x: xpdf-3.00-22.el4_8.1.s390x.rpm xpdf-debuginfo-3.00-22.el4_8.1.s390x.rpm x86_64: xpdf-3.00-22.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-22.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-22.el4_8.1.src.rpm i386: xpdf-3.00-22.el4_8.1.i386.rpm xpdf-debuginfo-3.00-22.el4_8.1.i386.rpm x86_64: xpdf-3.00-22.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-22.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-22.el4_8.1.src.rpm i386: xpdf-3.00-22.el4_8.1.i386.rpm xpdf-debuginfo-3.00-22.el4_8.1.i386.rpm ia64: xpdf-3.00-22.el4_8.1.ia64.rpm xpdf-debuginfo-3.00-22.el4_8.1.ia64.rpm x86_64: xpdf-3.00-22.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-22.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-22.el4_8.1.src.rpm i386: xpdf-3.00-22.el4_8.1.i386.rpm xpdf-debuginfo-3.00-22.el4_8.1.i386.rpm ia64: xpdf-3.00-22.el4_8.1.ia64.rpm xpdf-debuginfo-3.00-22.el4_8.1.ia64.rpm x86_64: xpdf-3.00-22.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-22.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1utSXlSAg2UNWIIRAoPrAJwPGK+9IKlrd5flbF0jPPPXL4Zg6gCgo0A5 DUJDGG0gkf6sIWMNqF0XVoY= =3wX3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 09:29:31 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2009 05:29:31 -0400 Subject: [RHSA-2009:1502-01] Important: kdegraphics security update Message-ID: <200910150929.n9F9TVt4001769@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2009:1502-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1502.html Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609 ===================================================================== 1. Summary: Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526877 - CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep integer overflow 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdegraphics-3.5.4-15.el5_4.2.src.rpm i386: kdegraphics-3.5.4-15.el5_4.2.i386.rpm kdegraphics-debuginfo-3.5.4-15.el5_4.2.i386.rpm x86_64: kdegraphics-3.5.4-15.el5_4.2.x86_64.rpm kdegraphics-debuginfo-3.5.4-15.el5_4.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdegraphics-3.5.4-15.el5_4.2.src.rpm i386: kdegraphics-debuginfo-3.5.4-15.el5_4.2.i386.rpm kdegraphics-devel-3.5.4-15.el5_4.2.i386.rpm x86_64: kdegraphics-debuginfo-3.5.4-15.el5_4.2.i386.rpm kdegraphics-debuginfo-3.5.4-15.el5_4.2.x86_64.rpm kdegraphics-devel-3.5.4-15.el5_4.2.i386.rpm kdegraphics-devel-3.5.4-15.el5_4.2.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kdegraphics-3.5.4-15.el5_4.2.src.rpm i386: kdegraphics-3.5.4-15.el5_4.2.i386.rpm kdegraphics-debuginfo-3.5.4-15.el5_4.2.i386.rpm kdegraphics-devel-3.5.4-15.el5_4.2.i386.rpm x86_64: kdegraphics-3.5.4-15.el5_4.2.x86_64.rpm kdegraphics-debuginfo-3.5.4-15.el5_4.2.i386.rpm kdegraphics-debuginfo-3.5.4-15.el5_4.2.x86_64.rpm kdegraphics-devel-3.5.4-15.el5_4.2.i386.rpm kdegraphics-devel-3.5.4-15.el5_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1utrXlSAg2UNWIIRAh22AJ9xFhpeGdf9BPtKamiX9yqcyMRBDgCgottF 33CNiW+zmr/j//aZTtWs8BI= =dqB6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 09:30:12 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2009 05:30:12 -0400 Subject: [RHSA-2009:1503-01] Important: gpdf security update Message-ID: <200910150930.n9F9UDGv002150@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1503-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1503.html Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3608 CVE-2009-3609 ===================================================================== 1. Summary: An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.5.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.5.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.5.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.5.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.5.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.5.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.5.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.5.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.5.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.5.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1uuXXlSAg2UNWIIRAiN0AKCS0GSuLf5yun7Ax+EtzSFUwRrr/QCgt1oZ XjZ9IY9oYVvXePMoZhmwGdc= =qSsv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 09:30:38 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2009 05:30:38 -0400 Subject: [RHSA-2009:1504-01] Important: poppler security and bug fix update Message-ID: <200910150930.n9F9UcEa021736@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: poppler security and bug fix update Advisory ID: RHSA-2009:1504-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1504.html Issue date: 2009-10-15 CVE Names: CVE-2009-3603 CVE-2009-3608 CVE-2009-3609 ===================================================================== 1. Summary: Updated poppler packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608 issue. This update also corrects a regression introduced in the previous poppler security update, RHSA-2009:0480, that prevented poppler from rendering certain PDF documents correctly. (BZ#528147) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526915 - CVE-2009-3603 xpdf/poppler: SplashBitmap::SplashBitmap integer overflow 528147 - latest poppler security fix breaks compatibility with Xerox WorkCentre generated pdf documents 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/poppler-0.5.4-4.4.el5_4.11.src.rpm i386: poppler-0.5.4-4.4.el5_4.11.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.i386.rpm poppler-utils-0.5.4-4.4.el5_4.11.i386.rpm x86_64: poppler-0.5.4-4.4.el5_4.11.i386.rpm poppler-0.5.4-4.4.el5_4.11.x86_64.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.x86_64.rpm poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/poppler-0.5.4-4.4.el5_4.11.src.rpm i386: poppler-debuginfo-0.5.4-4.4.el5_4.11.i386.rpm poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm x86_64: poppler-debuginfo-0.5.4-4.4.el5_4.11.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.x86_64.rpm poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/poppler-0.5.4-4.4.el5_4.11.src.rpm i386: poppler-0.5.4-4.4.el5_4.11.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.i386.rpm poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm poppler-utils-0.5.4-4.4.el5_4.11.i386.rpm ia64: poppler-0.5.4-4.4.el5_4.11.ia64.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.ia64.rpm poppler-devel-0.5.4-4.4.el5_4.11.ia64.rpm poppler-utils-0.5.4-4.4.el5_4.11.ia64.rpm ppc: poppler-0.5.4-4.4.el5_4.11.ppc.rpm poppler-0.5.4-4.4.el5_4.11.ppc64.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.ppc.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.ppc64.rpm poppler-devel-0.5.4-4.4.el5_4.11.ppc.rpm poppler-devel-0.5.4-4.4.el5_4.11.ppc64.rpm poppler-utils-0.5.4-4.4.el5_4.11.ppc.rpm s390x: poppler-0.5.4-4.4.el5_4.11.s390.rpm poppler-0.5.4-4.4.el5_4.11.s390x.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.s390.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.s390x.rpm poppler-devel-0.5.4-4.4.el5_4.11.s390.rpm poppler-devel-0.5.4-4.4.el5_4.11.s390x.rpm poppler-utils-0.5.4-4.4.el5_4.11.s390x.rpm x86_64: poppler-0.5.4-4.4.el5_4.11.i386.rpm poppler-0.5.4-4.4.el5_4.11.x86_64.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.i386.rpm poppler-debuginfo-0.5.4-4.4.el5_4.11.x86_64.rpm poppler-devel-0.5.4-4.4.el5_4.11.i386.rpm poppler-devel-0.5.4-4.4.el5_4.11.x86_64.rpm poppler-utils-0.5.4-4.4.el5_4.11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1uu0XlSAg2UNWIIRAmbwAJ9Tb1ltpp9bHCCDqzfx4CIIVMuU4gCfU8FH fyRJuk6BoAnXo272flTJujE= =DwpJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 09:31:09 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2009 05:31:09 -0400 Subject: [RHSA-2009:1512-01] Important: kdegraphics security update Message-ID: <200910150931.n9F9VAY1022133@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2009:1512-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1512.html Issue date: 2009-10-15 CVE Names: CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3608 CVE-2009-3609 ===================================================================== 1. Summary: Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 491840 - CVE-2009-0791 xpdf: multiple integer overflows 495907 - CVE-2009-1188 xpdf/poppler: SplashBitmap integer overflow 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 526911 - CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-15.el4_8.2.src.rpm i386: kdegraphics-3.3.1-15.el4_8.2.i386.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.i386.rpm kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm ia64: kdegraphics-3.3.1-15.el4_8.2.ia64.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.ia64.rpm kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm ppc: kdegraphics-3.3.1-15.el4_8.2.ppc.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.ppc.rpm kdegraphics-devel-3.3.1-15.el4_8.2.ppc.rpm s390: kdegraphics-3.3.1-15.el4_8.2.s390.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.s390.rpm kdegraphics-devel-3.3.1-15.el4_8.2.s390.rpm s390x: kdegraphics-3.3.1-15.el4_8.2.s390x.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.s390x.rpm kdegraphics-devel-3.3.1-15.el4_8.2.s390x.rpm x86_64: kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-15.el4_8.2.src.rpm i386: kdegraphics-3.3.1-15.el4_8.2.i386.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.i386.rpm kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm x86_64: kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-15.el4_8.2.src.rpm i386: kdegraphics-3.3.1-15.el4_8.2.i386.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.i386.rpm kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm ia64: kdegraphics-3.3.1-15.el4_8.2.ia64.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.ia64.rpm kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm x86_64: kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-15.el4_8.2.src.rpm i386: kdegraphics-3.3.1-15.el4_8.2.i386.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.i386.rpm kdegraphics-devel-3.3.1-15.el4_8.2.i386.rpm ia64: kdegraphics-3.3.1-15.el4_8.2.ia64.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.ia64.rpm kdegraphics-devel-3.3.1-15.el4_8.2.ia64.rpm x86_64: kdegraphics-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-debuginfo-3.3.1-15.el4_8.2.x86_64.rpm kdegraphics-devel-3.3.1-15.el4_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1uvTXlSAg2UNWIIRAotvAKC/mdZlKPMByAnibK/isUIDmx/GowCfY+wZ 0r8ghmj8ZaZHJH2uLzix0N4= =gQ1H -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 15 09:31:38 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Oct 2009 05:31:38 -0400 Subject: [RHSA-2009:1513-01] Moderate: cups security update Message-ID: <200910150931.n9F9Vc6E009273@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security update Advisory ID: RHSA-2009:1513-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1513.html Issue date: 2009-10-15 CVE Names: CVE-2009-3608 CVE-2009-3609 ===================================================================== 1. Summary: Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS "pdftops" filter converts Portable Document Format (PDF) files to PostScript. Two integer overflow flaws were found in the CUPS "pdftops" filter. An attacker could create a malicious PDF file that would cause "pdftops" to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608 issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 526637 - CVE-2009-3608 xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016) 526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-11.el5_4.3.src.rpm i386: cups-1.3.7-11.el5_4.3.i386.rpm cups-debuginfo-1.3.7-11.el5_4.3.i386.rpm cups-libs-1.3.7-11.el5_4.3.i386.rpm cups-lpd-1.3.7-11.el5_4.3.i386.rpm x86_64: cups-1.3.7-11.el5_4.3.x86_64.rpm cups-debuginfo-1.3.7-11.el5_4.3.i386.rpm cups-debuginfo-1.3.7-11.el5_4.3.x86_64.rpm cups-libs-1.3.7-11.el5_4.3.i386.rpm cups-libs-1.3.7-11.el5_4.3.x86_64.rpm cups-lpd-1.3.7-11.el5_4.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-11.el5_4.3.src.rpm i386: cups-debuginfo-1.3.7-11.el5_4.3.i386.rpm cups-devel-1.3.7-11.el5_4.3.i386.rpm x86_64: cups-debuginfo-1.3.7-11.el5_4.3.i386.rpm cups-debuginfo-1.3.7-11.el5_4.3.x86_64.rpm cups-devel-1.3.7-11.el5_4.3.i386.rpm cups-devel-1.3.7-11.el5_4.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.3.7-11.el5_4.3.src.rpm i386: cups-1.3.7-11.el5_4.3.i386.rpm cups-debuginfo-1.3.7-11.el5_4.3.i386.rpm cups-devel-1.3.7-11.el5_4.3.i386.rpm cups-libs-1.3.7-11.el5_4.3.i386.rpm cups-lpd-1.3.7-11.el5_4.3.i386.rpm ia64: cups-1.3.7-11.el5_4.3.ia64.rpm cups-debuginfo-1.3.7-11.el5_4.3.i386.rpm cups-debuginfo-1.3.7-11.el5_4.3.ia64.rpm cups-devel-1.3.7-11.el5_4.3.ia64.rpm cups-libs-1.3.7-11.el5_4.3.i386.rpm cups-libs-1.3.7-11.el5_4.3.ia64.rpm cups-lpd-1.3.7-11.el5_4.3.ia64.rpm ppc: cups-1.3.7-11.el5_4.3.ppc.rpm cups-debuginfo-1.3.7-11.el5_4.3.ppc.rpm cups-debuginfo-1.3.7-11.el5_4.3.ppc64.rpm cups-devel-1.3.7-11.el5_4.3.ppc.rpm cups-devel-1.3.7-11.el5_4.3.ppc64.rpm cups-libs-1.3.7-11.el5_4.3.ppc.rpm cups-libs-1.3.7-11.el5_4.3.ppc64.rpm cups-lpd-1.3.7-11.el5_4.3.ppc.rpm s390x: cups-1.3.7-11.el5_4.3.s390x.rpm cups-debuginfo-1.3.7-11.el5_4.3.s390.rpm cups-debuginfo-1.3.7-11.el5_4.3.s390x.rpm cups-devel-1.3.7-11.el5_4.3.s390.rpm cups-devel-1.3.7-11.el5_4.3.s390x.rpm cups-libs-1.3.7-11.el5_4.3.s390.rpm cups-libs-1.3.7-11.el5_4.3.s390x.rpm cups-lpd-1.3.7-11.el5_4.3.s390x.rpm x86_64: cups-1.3.7-11.el5_4.3.x86_64.rpm cups-debuginfo-1.3.7-11.el5_4.3.i386.rpm cups-debuginfo-1.3.7-11.el5_4.3.x86_64.rpm cups-devel-1.3.7-11.el5_4.3.i386.rpm cups-devel-1.3.7-11.el5_4.3.x86_64.rpm cups-libs-1.3.7-11.el5_4.3.i386.rpm cups-libs-1.3.7-11.el5_4.3.x86_64.rpm cups-lpd-1.3.7-11.el5_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK1uvvXlSAg2UNWIIRAvVGAKCY/Hp0k8noZ4eyHfcRJnekm2L8QwCgnLjv z+G7rdgN1Yf5WwMV3dqoG3o= =Zn6y -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 22 15:14:19 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Oct 2009 11:14:19 -0400 Subject: [RHSA-2009:1522-01] Moderate: kernel security and bug fix update Message-ID: <200910221514.n9MFEJQW010706@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2009:1522-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1522.html Issue date: 2009-10-22 CVE Names: CVE-2005-4881 CVE-2009-3228 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * multiple, missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks. (CVE-2005-4881, CVE-2009-3228, Moderate) This update also fixes the following bugs: * a packet duplication issue was fixed via the RHSA-2008:0665 update; however, the fix introduced a problem for systems using network bonding: Backup slaves were unable to receive ARP packets. When using network bonding in the "active-backup" mode and with the "arp_validate=3" option, the bonding driver considered such backup slaves as being down (since they were not receiving ARP packets), preventing successful failover to these devices. (BZ#519384) * due to insufficient memory barriers in the network code, a process sleeping in select() may have missed notifications about new data. In rare cases, this bug may have caused a process to sleep forever. (BZ#519386) * the driver version number in the ata_piix driver was not changed between Red Hat Enterprise Linux 4.7 and Red Hat Enterprise Linux 4.8, even though changes had been made between these releases. This could have prevented the driver from loading on systems that check driver versions, as this driver appeared older than it was. (BZ#519389) * a bug in nlm_lookup_host() could have led to un-reclaimed locks on file systems, resulting in the umount command failing. This bug could have also prevented NFS services from being relocated correctly in clustered environments. (BZ#519656) * the data buffer ethtool_get_strings() allocated, for the igb driver, was smaller than the amount of data that was copied in igb_get_strings(), because of a miscalculation in IGB_QUEUE_STATS_LEN, resulting in memory corruption. This bug could have led to a kernel panic. (BZ#522738) * in some situations, write operations to a TTY device were blocked even when the O_NONBLOCK flag was used. A reported case of this issue occurred when a single TTY device was opened by two users (one using blocking mode, and the other using non-blocking mode). (BZ#523930) * a deadlock was found in the cciss driver. In rare cases, this caused an NMI lockup during boot. Messages such as "cciss: controller cciss[x] failed, stopping." and "cciss[x]: controller not responding." may have been displayed on the console. (BZ#525725) * on 64-bit PowerPC systems, a rollover bug in the ibmveth driver could have caused a kernel panic. In a reported case, this panic occurred on a system with a large uptime and under heavy network load. (BZ#527225) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 519384 - [RHEL 4] Arp Monitor - Failed to detect layer 2 switch failure [rhel-4.8.z] 519386 - [RHEL4.5] Even if a process have received data but schedule() in select() cannot return [rhel-4.8.z] 519389 - RHEL4.8-Beta : Update the version number of ata_piix driver [rhel-4.8.z] 519656 - Bug in lockd prevents a locks being freed. [rhel-4.8.z] 520990 - CVE-2009-3228 kernel: tc: uninitialised kernel memory leak 521601 - CVE-2005-4881 kernel: netlink: fix numerous padding memleaks 522738 - [RHEL4.8] igb driver doesn't allocate enough buffer for ethtool_get_strings() [rhel-4.8.z] 523930 - [4.8]Write operation with O_NONBLOCK flag to TTY terminal is blocked [rhel-4.8.z] 525725 - cciss: spinlock deadlock causes NMI on HP systems [rhel-4.8.z] 527225 - BUG in ibmveth_replenish_buffer_pool at drivers/net/ibmveth.c:219 [rhel-4.8.z] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.15.EL.src.rpm i386: kernel-2.6.9-89.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.15.EL.i686.rpm kernel-devel-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.15.EL.i686.rpm kernel-smp-2.6.9-89.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.i686.rpm ia64: kernel-2.6.9-89.0.15.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.ia64.rpm kernel-devel-2.6.9-89.0.15.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.15.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.15.EL.noarch.rpm ppc: kernel-2.6.9-89.0.15.EL.ppc64.rpm kernel-2.6.9-89.0.15.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.0.15.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.0.15.EL.ppc64.rpm kernel-devel-2.6.9-89.0.15.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.0.15.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.ppc64.rpm s390: kernel-2.6.9-89.0.15.EL.s390.rpm kernel-debuginfo-2.6.9-89.0.15.EL.s390.rpm kernel-devel-2.6.9-89.0.15.EL.s390.rpm s390x: kernel-2.6.9-89.0.15.EL.s390x.rpm kernel-debuginfo-2.6.9-89.0.15.EL.s390x.rpm kernel-devel-2.6.9-89.0.15.EL.s390x.rpm x86_64: kernel-2.6.9-89.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.x86_64.rpm kernel-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.15.EL.src.rpm i386: kernel-2.6.9-89.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.15.EL.i686.rpm kernel-devel-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.15.EL.i686.rpm kernel-smp-2.6.9-89.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.i686.rpm noarch: kernel-doc-2.6.9-89.0.15.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.x86_64.rpm kernel-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.15.EL.src.rpm i386: kernel-2.6.9-89.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.15.EL.i686.rpm kernel-devel-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.15.EL.i686.rpm kernel-smp-2.6.9-89.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.i686.rpm ia64: kernel-2.6.9-89.0.15.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.ia64.rpm kernel-devel-2.6.9-89.0.15.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.15.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.15.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.x86_64.rpm kernel-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.15.EL.src.rpm i386: kernel-2.6.9-89.0.15.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.15.EL.i686.rpm kernel-devel-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-2.6.9-89.0.15.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.15.EL.i686.rpm kernel-smp-2.6.9-89.0.15.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-2.6.9-89.0.15.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.i686.rpm ia64: kernel-2.6.9-89.0.15.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.ia64.rpm kernel-devel-2.6.9-89.0.15.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.15.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.15.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.15.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.15.EL.x86_64.rpm kernel-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.15.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-2.6.9-89.0.15.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.15.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.15.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK4HaoXlSAg2UNWIIRArDzAJ4+H5IvhVwVtA7nlNNaYrbXnFvZDQCdHsVJ 7vsfGt1CPyp2dE198amVM5E= =GJ71 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 27 17:14:48 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Oct 2009 13:14:48 -0400 Subject: [RHSA-2009:1528-01] Moderate: samba security and bug fix update Message-ID: <200910271714.n9RHEm26028709@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security and bug fix update Advisory ID: RHSA-2009:1528-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1528.html Issue date: 2009-10-27 CVE Names: CVE-2009-2906 ===================================================================== 1. Summary: Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to exhaust system resources by opening multiple CIFS sessions. (CVE-2009-2906) This update also fixes the following bug: * the RHSA-2007:0354 update added code to escape input passed to scripts that are run by Samba. This code was missing "c" from the list of valid characters, causing it to be escaped. With this update, the previous patch has been updated to include "c" in the list of valid characters. (BZ#242754) Users of Samba should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 242754 - Missing character bug in latest security patches 526645 - CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.9-1.3E.16.src.rpm i386: samba-3.0.9-1.3E.16.i386.rpm samba-client-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-swat-3.0.9-1.3E.16.i386.rpm ia64: samba-3.0.9-1.3E.16.i386.rpm samba-3.0.9-1.3E.16.ia64.rpm samba-client-3.0.9-1.3E.16.ia64.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.ia64.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.ia64.rpm samba-swat-3.0.9-1.3E.16.ia64.rpm ppc: samba-3.0.9-1.3E.16.ppc.rpm samba-3.0.9-1.3E.16.ppc64.rpm samba-client-3.0.9-1.3E.16.ppc.rpm samba-common-3.0.9-1.3E.16.ppc.rpm samba-common-3.0.9-1.3E.16.ppc64.rpm samba-debuginfo-3.0.9-1.3E.16.ppc.rpm samba-debuginfo-3.0.9-1.3E.16.ppc64.rpm samba-swat-3.0.9-1.3E.16.ppc.rpm s390: samba-3.0.9-1.3E.16.s390.rpm samba-client-3.0.9-1.3E.16.s390.rpm samba-common-3.0.9-1.3E.16.s390.rpm samba-debuginfo-3.0.9-1.3E.16.s390.rpm samba-swat-3.0.9-1.3E.16.s390.rpm s390x: samba-3.0.9-1.3E.16.s390.rpm samba-3.0.9-1.3E.16.s390x.rpm samba-client-3.0.9-1.3E.16.s390x.rpm samba-common-3.0.9-1.3E.16.s390.rpm samba-common-3.0.9-1.3E.16.s390x.rpm samba-debuginfo-3.0.9-1.3E.16.s390.rpm samba-debuginfo-3.0.9-1.3E.16.s390x.rpm samba-swat-3.0.9-1.3E.16.s390x.rpm x86_64: samba-3.0.9-1.3E.16.i386.rpm samba-3.0.9-1.3E.16.x86_64.rpm samba-client-3.0.9-1.3E.16.x86_64.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.x86_64.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.x86_64.rpm samba-swat-3.0.9-1.3E.16.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.9-1.3E.16.src.rpm i386: samba-3.0.9-1.3E.16.i386.rpm samba-client-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-swat-3.0.9-1.3E.16.i386.rpm x86_64: samba-3.0.9-1.3E.16.i386.rpm samba-3.0.9-1.3E.16.x86_64.rpm samba-client-3.0.9-1.3E.16.x86_64.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.x86_64.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.x86_64.rpm samba-swat-3.0.9-1.3E.16.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.9-1.3E.16.src.rpm i386: samba-3.0.9-1.3E.16.i386.rpm samba-client-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-swat-3.0.9-1.3E.16.i386.rpm ia64: samba-3.0.9-1.3E.16.i386.rpm samba-3.0.9-1.3E.16.ia64.rpm samba-client-3.0.9-1.3E.16.ia64.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.ia64.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.ia64.rpm samba-swat-3.0.9-1.3E.16.ia64.rpm x86_64: samba-3.0.9-1.3E.16.i386.rpm samba-3.0.9-1.3E.16.x86_64.rpm samba-client-3.0.9-1.3E.16.x86_64.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.x86_64.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.x86_64.rpm samba-swat-3.0.9-1.3E.16.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.9-1.3E.16.src.rpm i386: samba-3.0.9-1.3E.16.i386.rpm samba-client-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-swat-3.0.9-1.3E.16.i386.rpm ia64: samba-3.0.9-1.3E.16.i386.rpm samba-3.0.9-1.3E.16.ia64.rpm samba-client-3.0.9-1.3E.16.ia64.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.ia64.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.ia64.rpm samba-swat-3.0.9-1.3E.16.ia64.rpm x86_64: samba-3.0.9-1.3E.16.i386.rpm samba-3.0.9-1.3E.16.x86_64.rpm samba-client-3.0.9-1.3E.16.x86_64.rpm samba-common-3.0.9-1.3E.16.i386.rpm samba-common-3.0.9-1.3E.16.x86_64.rpm samba-debuginfo-3.0.9-1.3E.16.i386.rpm samba-debuginfo-3.0.9-1.3E.16.x86_64.rpm samba-swat-3.0.9-1.3E.16.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK5yo+XlSAg2UNWIIRAi1HAJ438qrapO/8ZnyFgcAlGRXOXPCARACcDuV0 NNdm+VfHAeKVS1ykNY4h1sU= =iNyu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 27 17:17:00 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Oct 2009 13:17:00 -0400 Subject: [RHSA-2009:1529-01] Moderate: samba security update Message-ID: <200910271717.n9RHH0F3025783@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security update Advisory ID: RHSA-2009:1529-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1529.html Issue date: 2009-10-27 CVE Names: CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 ===================================================================== 1. Summary: Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to exhaust system resources by opening multiple CIFS sessions. (CVE-2009-2906) An uninitialized data access flaw was discovered in the smbd daemon when using the non-default "dos filemode" configuration option in "smb.conf". An authenticated, remote user with write access to a file could possibly use this flaw to change an access control list for that file, even when such access should have been denied. (CVE-2009-1888) A flaw was discovered in the way Samba handled users without a home directory set in the back-end password database (e.g. "/etc/passwd"). If a share for the home directory of such a user was created (e.g. using the automated "[homes]" share), any user able to access that share could see the whole file system, possibly bypassing intended access restrictions. (CVE-2009-2813) The mount.cifs program printed CIFS passwords as part of its debug output when running in verbose mode. When mount.cifs had the setuid bit set, a local, unprivileged user could use this flaw to disclose passwords from a file that would otherwise be inaccessible to that user. Note: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. This flaw only affected systems where the setuid bit was manually set by an administrator. (CVE-2009-2948) Users of Samba should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 506996 - CVE-2009-1888 Samba improper file access 523752 - CVE-2009-2813 Samba: Share restriction bypass via home-less directory user account(s) 526074 - CVE-2009-2948 samba: information disclosure in suid mount.cifs 526645 - CVE-2009-2906 samba: infinite loop flaw in smbd on unexpected oplock break notification reply 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-0.18.el4_8.src.rpm i386: samba-3.0.33-0.18.el4_8.i386.rpm samba-client-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-swat-3.0.33-0.18.el4_8.i386.rpm ia64: samba-3.0.33-0.18.el4_8.ia64.rpm samba-client-3.0.33-0.18.el4_8.ia64.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.ia64.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.ia64.rpm samba-swat-3.0.33-0.18.el4_8.ia64.rpm ppc: samba-3.0.33-0.18.el4_8.ppc.rpm samba-client-3.0.33-0.18.el4_8.ppc.rpm samba-common-3.0.33-0.18.el4_8.ppc.rpm samba-common-3.0.33-0.18.el4_8.ppc64.rpm samba-debuginfo-3.0.33-0.18.el4_8.ppc.rpm samba-debuginfo-3.0.33-0.18.el4_8.ppc64.rpm samba-swat-3.0.33-0.18.el4_8.ppc.rpm s390: samba-3.0.33-0.18.el4_8.s390.rpm samba-client-3.0.33-0.18.el4_8.s390.rpm samba-common-3.0.33-0.18.el4_8.s390.rpm samba-debuginfo-3.0.33-0.18.el4_8.s390.rpm samba-swat-3.0.33-0.18.el4_8.s390.rpm s390x: samba-3.0.33-0.18.el4_8.s390x.rpm samba-client-3.0.33-0.18.el4_8.s390x.rpm samba-common-3.0.33-0.18.el4_8.s390.rpm samba-common-3.0.33-0.18.el4_8.s390x.rpm samba-debuginfo-3.0.33-0.18.el4_8.s390.rpm samba-debuginfo-3.0.33-0.18.el4_8.s390x.rpm samba-swat-3.0.33-0.18.el4_8.s390x.rpm x86_64: samba-3.0.33-0.18.el4_8.x86_64.rpm samba-client-3.0.33-0.18.el4_8.x86_64.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.x86_64.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.x86_64.rpm samba-swat-3.0.33-0.18.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/samba-3.0.33-0.18.el4_8.src.rpm i386: samba-3.0.33-0.18.el4_8.i386.rpm samba-client-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-swat-3.0.33-0.18.el4_8.i386.rpm x86_64: samba-3.0.33-0.18.el4_8.x86_64.rpm samba-client-3.0.33-0.18.el4_8.x86_64.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.x86_64.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.x86_64.rpm samba-swat-3.0.33-0.18.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.33-0.18.el4_8.src.rpm i386: samba-3.0.33-0.18.el4_8.i386.rpm samba-client-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-swat-3.0.33-0.18.el4_8.i386.rpm ia64: samba-3.0.33-0.18.el4_8.ia64.rpm samba-client-3.0.33-0.18.el4_8.ia64.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.ia64.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.ia64.rpm samba-swat-3.0.33-0.18.el4_8.ia64.rpm x86_64: samba-3.0.33-0.18.el4_8.x86_64.rpm samba-client-3.0.33-0.18.el4_8.x86_64.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.x86_64.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.x86_64.rpm samba-swat-3.0.33-0.18.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/samba-3.0.33-0.18.el4_8.src.rpm i386: samba-3.0.33-0.18.el4_8.i386.rpm samba-client-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-swat-3.0.33-0.18.el4_8.i386.rpm ia64: samba-3.0.33-0.18.el4_8.ia64.rpm samba-client-3.0.33-0.18.el4_8.ia64.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.ia64.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.ia64.rpm samba-swat-3.0.33-0.18.el4_8.ia64.rpm x86_64: samba-3.0.33-0.18.el4_8.x86_64.rpm samba-client-3.0.33-0.18.el4_8.x86_64.rpm samba-common-3.0.33-0.18.el4_8.i386.rpm samba-common-3.0.33-0.18.el4_8.x86_64.rpm samba-debuginfo-3.0.33-0.18.el4_8.i386.rpm samba-debuginfo-3.0.33-0.18.el4_8.x86_64.rpm samba-swat-3.0.33-0.18.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.15.el5_4.src.rpm i386: samba-3.0.33-3.15.el5_4.i386.rpm samba-client-3.0.33-3.15.el5_4.i386.rpm samba-common-3.0.33-3.15.el5_4.i386.rpm samba-debuginfo-3.0.33-3.15.el5_4.i386.rpm samba-swat-3.0.33-3.15.el5_4.i386.rpm x86_64: samba-3.0.33-3.15.el5_4.x86_64.rpm samba-client-3.0.33-3.15.el5_4.x86_64.rpm samba-common-3.0.33-3.15.el5_4.i386.rpm samba-common-3.0.33-3.15.el5_4.x86_64.rpm samba-debuginfo-3.0.33-3.15.el5_4.i386.rpm samba-debuginfo-3.0.33-3.15.el5_4.x86_64.rpm samba-swat-3.0.33-3.15.el5_4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.15.el5_4.src.rpm i386: samba-3.0.33-3.15.el5_4.i386.rpm samba-client-3.0.33-3.15.el5_4.i386.rpm samba-common-3.0.33-3.15.el5_4.i386.rpm samba-debuginfo-3.0.33-3.15.el5_4.i386.rpm samba-swat-3.0.33-3.15.el5_4.i386.rpm ia64: samba-3.0.33-3.15.el5_4.ia64.rpm samba-client-3.0.33-3.15.el5_4.ia64.rpm samba-common-3.0.33-3.15.el5_4.ia64.rpm samba-debuginfo-3.0.33-3.15.el5_4.ia64.rpm samba-swat-3.0.33-3.15.el5_4.ia64.rpm ppc: samba-3.0.33-3.15.el5_4.ppc.rpm samba-client-3.0.33-3.15.el5_4.ppc.rpm samba-common-3.0.33-3.15.el5_4.ppc.rpm samba-common-3.0.33-3.15.el5_4.ppc64.rpm samba-debuginfo-3.0.33-3.15.el5_4.ppc.rpm samba-debuginfo-3.0.33-3.15.el5_4.ppc64.rpm samba-swat-3.0.33-3.15.el5_4.ppc.rpm s390x: samba-3.0.33-3.15.el5_4.s390x.rpm samba-client-3.0.33-3.15.el5_4.s390x.rpm samba-common-3.0.33-3.15.el5_4.s390.rpm samba-common-3.0.33-3.15.el5_4.s390x.rpm samba-debuginfo-3.0.33-3.15.el5_4.s390.rpm samba-debuginfo-3.0.33-3.15.el5_4.s390x.rpm samba-swat-3.0.33-3.15.el5_4.s390x.rpm x86_64: samba-3.0.33-3.15.el5_4.x86_64.rpm samba-client-3.0.33-3.15.el5_4.x86_64.rpm samba-common-3.0.33-3.15.el5_4.i386.rpm samba-common-3.0.33-3.15.el5_4.x86_64.rpm samba-debuginfo-3.0.33-3.15.el5_4.i386.rpm samba-debuginfo-3.0.33-3.15.el5_4.x86_64.rpm samba-swat-3.0.33-3.15.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK5yqNXlSAg2UNWIIRArKeAKCP4b0pp5jq/TbWutsTJXVX5u3AjQCghbk3 L6tEQONMJJdLfNRqsK5buT8= =BPXa -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 27 23:57:52 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Oct 2009 19:57:52 -0400 Subject: [RHSA-2009:1530-01] Critical: firefox security update Message-ID: <200910272357.n9RNvqP5005935@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2009:1530-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1530.html Issue date: 2009-10-27 CVE Names: CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use 530151 - CVE-2009-3370 Firefox form history vulnerable to stealing 530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing 530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser 530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() 530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion 530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() 530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override 530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption 530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.15-3.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nspr-4.7.6-1.el4_8.src.rpm i386: firefox-3.0.15-3.el4.i386.rpm firefox-debuginfo-3.0.15-3.el4.i386.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-devel-4.7.6-1.el4_8.i386.rpm ia64: firefox-3.0.15-3.el4.ia64.rpm firefox-debuginfo-3.0.15-3.el4.ia64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.ia64.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.ia64.rpm nspr-devel-4.7.6-1.el4_8.ia64.rpm ppc: firefox-3.0.15-3.el4.ppc.rpm firefox-debuginfo-3.0.15-3.el4.ppc.rpm nspr-4.7.6-1.el4_8.ppc.rpm nspr-4.7.6-1.el4_8.ppc64.rpm nspr-debuginfo-4.7.6-1.el4_8.ppc.rpm nspr-debuginfo-4.7.6-1.el4_8.ppc64.rpm nspr-devel-4.7.6-1.el4_8.ppc.rpm s390: firefox-3.0.15-3.el4.s390.rpm firefox-debuginfo-3.0.15-3.el4.s390.rpm nspr-4.7.6-1.el4_8.s390.rpm nspr-debuginfo-4.7.6-1.el4_8.s390.rpm nspr-devel-4.7.6-1.el4_8.s390.rpm s390x: firefox-3.0.15-3.el4.s390x.rpm firefox-debuginfo-3.0.15-3.el4.s390x.rpm nspr-4.7.6-1.el4_8.s390.rpm nspr-4.7.6-1.el4_8.s390x.rpm nspr-debuginfo-4.7.6-1.el4_8.s390.rpm nspr-debuginfo-4.7.6-1.el4_8.s390x.rpm nspr-devel-4.7.6-1.el4_8.s390x.rpm x86_64: firefox-3.0.15-3.el4.x86_64.rpm firefox-debuginfo-3.0.15-3.el4.x86_64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.x86_64.rpm nspr-devel-4.7.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.15-3.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nspr-4.7.6-1.el4_8.src.rpm i386: firefox-3.0.15-3.el4.i386.rpm firefox-debuginfo-3.0.15-3.el4.i386.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-devel-4.7.6-1.el4_8.i386.rpm x86_64: firefox-3.0.15-3.el4.x86_64.rpm firefox-debuginfo-3.0.15-3.el4.x86_64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.x86_64.rpm nspr-devel-4.7.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.15-3.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nspr-4.7.6-1.el4_8.src.rpm i386: firefox-3.0.15-3.el4.i386.rpm firefox-debuginfo-3.0.15-3.el4.i386.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-devel-4.7.6-1.el4_8.i386.rpm ia64: firefox-3.0.15-3.el4.ia64.rpm firefox-debuginfo-3.0.15-3.el4.ia64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.ia64.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.ia64.rpm nspr-devel-4.7.6-1.el4_8.ia64.rpm x86_64: firefox-3.0.15-3.el4.x86_64.rpm firefox-debuginfo-3.0.15-3.el4.x86_64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.x86_64.rpm nspr-devel-4.7.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.15-3.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nspr-4.7.6-1.el4_8.src.rpm i386: firefox-3.0.15-3.el4.i386.rpm firefox-debuginfo-3.0.15-3.el4.i386.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-devel-4.7.6-1.el4_8.i386.rpm ia64: firefox-3.0.15-3.el4.ia64.rpm firefox-debuginfo-3.0.15-3.el4.ia64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.ia64.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.ia64.rpm nspr-devel-4.7.6-1.el4_8.ia64.rpm x86_64: firefox-3.0.15-3.el4.x86_64.rpm firefox-debuginfo-3.0.15-3.el4.x86_64.rpm nspr-4.7.6-1.el4_8.i386.rpm nspr-4.7.6-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.6-1.el4_8.i386.rpm nspr-debuginfo-4.7.6-1.el4_8.x86_64.rpm nspr-devel-4.7.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.15-3.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.7.6-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.15-3.el5_4.src.rpm i386: firefox-3.0.15-3.el5_4.i386.rpm firefox-debuginfo-3.0.15-3.el5_4.i386.rpm nspr-4.7.6-1.el5_4.i386.rpm nspr-debuginfo-4.7.6-1.el5_4.i386.rpm xulrunner-1.9.0.15-3.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.i386.rpm x86_64: firefox-3.0.15-3.el5_4.i386.rpm firefox-3.0.15-3.el5_4.x86_64.rpm firefox-debuginfo-3.0.15-3.el5_4.i386.rpm firefox-debuginfo-3.0.15-3.el5_4.x86_64.rpm nspr-4.7.6-1.el5_4.i386.rpm nspr-4.7.6-1.el5_4.x86_64.rpm nspr-debuginfo-4.7.6-1.el5_4.i386.rpm nspr-debuginfo-4.7.6-1.el5_4.x86_64.rpm xulrunner-1.9.0.15-3.el5_4.i386.rpm xulrunner-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.7.6-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.15-3.el5_4.src.rpm i386: nspr-debuginfo-4.7.6-1.el5_4.i386.rpm nspr-devel-4.7.6-1.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm x86_64: nspr-debuginfo-4.7.6-1.el5_4.i386.rpm nspr-debuginfo-4.7.6-1.el5_4.x86_64.rpm nspr-devel-4.7.6-1.el5_4.i386.rpm nspr-devel-4.7.6-1.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.15-3.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.7.6-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.15-3.el5_4.src.rpm i386: firefox-3.0.15-3.el5_4.i386.rpm firefox-debuginfo-3.0.15-3.el5_4.i386.rpm nspr-4.7.6-1.el5_4.i386.rpm nspr-debuginfo-4.7.6-1.el5_4.i386.rpm nspr-devel-4.7.6-1.el5_4.i386.rpm xulrunner-1.9.0.15-3.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.i386.rpm ia64: firefox-3.0.15-3.el5_4.ia64.rpm firefox-debuginfo-3.0.15-3.el5_4.ia64.rpm nspr-4.7.6-1.el5_4.i386.rpm nspr-4.7.6-1.el5_4.ia64.rpm nspr-debuginfo-4.7.6-1.el5_4.i386.rpm nspr-debuginfo-4.7.6-1.el5_4.ia64.rpm nspr-devel-4.7.6-1.el5_4.ia64.rpm xulrunner-1.9.0.15-3.el5_4.ia64.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.ia64.rpm xulrunner-devel-1.9.0.15-3.el5_4.ia64.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.ia64.rpm ppc: firefox-3.0.15-3.el5_4.ppc.rpm firefox-debuginfo-3.0.15-3.el5_4.ppc.rpm nspr-4.7.6-1.el5_4.ppc.rpm nspr-4.7.6-1.el5_4.ppc64.rpm nspr-debuginfo-4.7.6-1.el5_4.ppc.rpm nspr-debuginfo-4.7.6-1.el5_4.ppc64.rpm nspr-devel-4.7.6-1.el5_4.ppc.rpm nspr-devel-4.7.6-1.el5_4.ppc64.rpm xulrunner-1.9.0.15-3.el5_4.ppc.rpm xulrunner-1.9.0.15-3.el5_4.ppc64.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.ppc.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.ppc64.rpm xulrunner-devel-1.9.0.15-3.el5_4.ppc.rpm xulrunner-devel-1.9.0.15-3.el5_4.ppc64.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.ppc.rpm s390x: firefox-3.0.15-3.el5_4.s390.rpm firefox-3.0.15-3.el5_4.s390x.rpm firefox-debuginfo-3.0.15-3.el5_4.s390.rpm firefox-debuginfo-3.0.15-3.el5_4.s390x.rpm nspr-4.7.6-1.el5_4.s390.rpm nspr-4.7.6-1.el5_4.s390x.rpm nspr-debuginfo-4.7.6-1.el5_4.s390.rpm nspr-debuginfo-4.7.6-1.el5_4.s390x.rpm nspr-devel-4.7.6-1.el5_4.s390.rpm nspr-devel-4.7.6-1.el5_4.s390x.rpm xulrunner-1.9.0.15-3.el5_4.s390.rpm xulrunner-1.9.0.15-3.el5_4.s390x.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.s390.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.s390x.rpm xulrunner-devel-1.9.0.15-3.el5_4.s390.rpm xulrunner-devel-1.9.0.15-3.el5_4.s390x.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.s390x.rpm x86_64: firefox-3.0.15-3.el5_4.i386.rpm firefox-3.0.15-3.el5_4.x86_64.rpm firefox-debuginfo-3.0.15-3.el5_4.i386.rpm firefox-debuginfo-3.0.15-3.el5_4.x86_64.rpm nspr-4.7.6-1.el5_4.i386.rpm nspr-4.7.6-1.el5_4.x86_64.rpm nspr-debuginfo-4.7.6-1.el5_4.i386.rpm nspr-debuginfo-4.7.6-1.el5_4.x86_64.rpm nspr-devel-4.7.6-1.el5_4.i386.rpm nspr-devel-4.7.6-1.el5_4.x86_64.rpm xulrunner-1.9.0.15-3.el5_4.i386.rpm xulrunner-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-devel-1.9.0.15-3.el5_4.i386.rpm xulrunner-devel-1.9.0.15-3.el5_4.x86_64.rpm xulrunner-devel-unstable-1.9.0.15-3.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382 http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK54jvXlSAg2UNWIIRAkCtAJ0aLYuqZHXThoYQ4ad6ccHEdkI7NwCgvMSD toHbTJPgAcBnnzF9qdiwQz8= =5yKp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 27 23:58:30 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Oct 2009 19:58:30 -0400 Subject: [RHSA-2009:1531-01] Critical: seamonkey security update Message-ID: <200910272358.n9RNwUUY001984@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2009:1531-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1531.html Issue date: 2009-10-27 CVE Names: CVE-2009-1563 CVE-2009-3274 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use 530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion 530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() 530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override 530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.47.el3.src.rpm i386: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-chat-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-devel-1.0.9-0.47.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.47.el3.i386.rpm seamonkey-mail-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.47.el3.i386.rpm ia64: seamonkey-1.0.9-0.47.el3.ia64.rpm seamonkey-chat-1.0.9-0.47.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.ia64.rpm seamonkey-devel-1.0.9-0.47.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.47.el3.ia64.rpm seamonkey-mail-1.0.9-0.47.el3.ia64.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.ia64.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.47.el3.ia64.rpm ppc: seamonkey-1.0.9-0.47.el3.ppc.rpm seamonkey-chat-1.0.9-0.47.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.47.el3.ppc.rpm seamonkey-devel-1.0.9-0.47.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.47.el3.ppc.rpm seamonkey-mail-1.0.9-0.47.el3.ppc.rpm seamonkey-nspr-1.0.9-0.47.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.ppc.rpm seamonkey-nss-1.0.9-0.47.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.47.el3.ppc.rpm s390: seamonkey-1.0.9-0.47.el3.s390.rpm seamonkey-chat-1.0.9-0.47.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.47.el3.s390.rpm seamonkey-devel-1.0.9-0.47.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.47.el3.s390.rpm seamonkey-mail-1.0.9-0.47.el3.s390.rpm seamonkey-nspr-1.0.9-0.47.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.s390.rpm seamonkey-nss-1.0.9-0.47.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.47.el3.s390.rpm s390x: seamonkey-1.0.9-0.47.el3.s390x.rpm seamonkey-chat-1.0.9-0.47.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.47.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.47.el3.s390x.rpm seamonkey-devel-1.0.9-0.47.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.47.el3.s390x.rpm seamonkey-mail-1.0.9-0.47.el3.s390x.rpm seamonkey-nspr-1.0.9-0.47.el3.s390.rpm seamonkey-nspr-1.0.9-0.47.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.s390x.rpm seamonkey-nss-1.0.9-0.47.el3.s390.rpm seamonkey-nss-1.0.9-0.47.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.47.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-1.0.9-0.47.el3.x86_64.rpm seamonkey-chat-1.0.9-0.47.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.x86_64.rpm seamonkey-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.47.el3.x86_64.rpm seamonkey-mail-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.47.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.47.el3.src.rpm i386: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-chat-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-devel-1.0.9-0.47.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.47.el3.i386.rpm seamonkey-mail-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.47.el3.i386.rpm x86_64: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-1.0.9-0.47.el3.x86_64.rpm seamonkey-chat-1.0.9-0.47.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.x86_64.rpm seamonkey-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.47.el3.x86_64.rpm seamonkey-mail-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.47.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.47.el3.src.rpm i386: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-chat-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-devel-1.0.9-0.47.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.47.el3.i386.rpm seamonkey-mail-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.47.el3.i386.rpm ia64: seamonkey-1.0.9-0.47.el3.ia64.rpm seamonkey-chat-1.0.9-0.47.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.ia64.rpm seamonkey-devel-1.0.9-0.47.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.47.el3.ia64.rpm seamonkey-mail-1.0.9-0.47.el3.ia64.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.ia64.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.47.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-1.0.9-0.47.el3.x86_64.rpm seamonkey-chat-1.0.9-0.47.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.x86_64.rpm seamonkey-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.47.el3.x86_64.rpm seamonkey-mail-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.47.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.47.el3.src.rpm i386: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-chat-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-devel-1.0.9-0.47.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.47.el3.i386.rpm seamonkey-mail-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.47.el3.i386.rpm ia64: seamonkey-1.0.9-0.47.el3.ia64.rpm seamonkey-chat-1.0.9-0.47.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.ia64.rpm seamonkey-devel-1.0.9-0.47.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.47.el3.ia64.rpm seamonkey-mail-1.0.9-0.47.el3.ia64.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.ia64.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.47.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.47.el3.i386.rpm seamonkey-1.0.9-0.47.el3.x86_64.rpm seamonkey-chat-1.0.9-0.47.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.47.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.47.el3.x86_64.rpm seamonkey-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.47.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.47.el3.x86_64.rpm seamonkey-mail-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.47.el3.i386.rpm seamonkey-nspr-1.0.9-0.47.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-1.0.9-0.47.el3.i386.rpm seamonkey-nss-1.0.9-0.47.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.47.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-50.el4_8.src.rpm i386: seamonkey-1.0.9-50.el4_8.i386.rpm seamonkey-chat-1.0.9-50.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-50.el4_8.i386.rpm seamonkey-devel-1.0.9-50.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-50.el4_8.i386.rpm seamonkey-mail-1.0.9-50.el4_8.i386.rpm ia64: seamonkey-1.0.9-50.el4_8.ia64.rpm seamonkey-chat-1.0.9-50.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-50.el4_8.ia64.rpm seamonkey-devel-1.0.9-50.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-50.el4_8.ia64.rpm seamonkey-mail-1.0.9-50.el4_8.ia64.rpm ppc: seamonkey-1.0.9-50.el4_8.ppc.rpm seamonkey-chat-1.0.9-50.el4_8.ppc.rpm seamonkey-debuginfo-1.0.9-50.el4_8.ppc.rpm seamonkey-devel-1.0.9-50.el4_8.ppc.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.ppc.rpm seamonkey-js-debugger-1.0.9-50.el4_8.ppc.rpm seamonkey-mail-1.0.9-50.el4_8.ppc.rpm s390: seamonkey-1.0.9-50.el4_8.s390.rpm seamonkey-chat-1.0.9-50.el4_8.s390.rpm seamonkey-debuginfo-1.0.9-50.el4_8.s390.rpm seamonkey-devel-1.0.9-50.el4_8.s390.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.s390.rpm seamonkey-js-debugger-1.0.9-50.el4_8.s390.rpm seamonkey-mail-1.0.9-50.el4_8.s390.rpm s390x: seamonkey-1.0.9-50.el4_8.s390x.rpm seamonkey-chat-1.0.9-50.el4_8.s390x.rpm seamonkey-debuginfo-1.0.9-50.el4_8.s390x.rpm seamonkey-devel-1.0.9-50.el4_8.s390x.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.s390x.rpm seamonkey-js-debugger-1.0.9-50.el4_8.s390x.rpm seamonkey-mail-1.0.9-50.el4_8.s390x.rpm x86_64: seamonkey-1.0.9-50.el4_8.x86_64.rpm seamonkey-chat-1.0.9-50.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-50.el4_8.x86_64.rpm seamonkey-devel-1.0.9-50.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-50.el4_8.x86_64.rpm seamonkey-mail-1.0.9-50.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-50.el4_8.src.rpm i386: seamonkey-1.0.9-50.el4_8.i386.rpm seamonkey-chat-1.0.9-50.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-50.el4_8.i386.rpm seamonkey-devel-1.0.9-50.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-50.el4_8.i386.rpm seamonkey-mail-1.0.9-50.el4_8.i386.rpm x86_64: seamonkey-1.0.9-50.el4_8.x86_64.rpm seamonkey-chat-1.0.9-50.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-50.el4_8.x86_64.rpm seamonkey-devel-1.0.9-50.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-50.el4_8.x86_64.rpm seamonkey-mail-1.0.9-50.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-50.el4_8.src.rpm i386: seamonkey-1.0.9-50.el4_8.i386.rpm seamonkey-chat-1.0.9-50.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-50.el4_8.i386.rpm seamonkey-devel-1.0.9-50.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-50.el4_8.i386.rpm seamonkey-mail-1.0.9-50.el4_8.i386.rpm ia64: seamonkey-1.0.9-50.el4_8.ia64.rpm seamonkey-chat-1.0.9-50.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-50.el4_8.ia64.rpm seamonkey-devel-1.0.9-50.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-50.el4_8.ia64.rpm seamonkey-mail-1.0.9-50.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-50.el4_8.x86_64.rpm seamonkey-chat-1.0.9-50.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-50.el4_8.x86_64.rpm seamonkey-devel-1.0.9-50.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-50.el4_8.x86_64.rpm seamonkey-mail-1.0.9-50.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-50.el4_8.src.rpm i386: seamonkey-1.0.9-50.el4_8.i386.rpm seamonkey-chat-1.0.9-50.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-50.el4_8.i386.rpm seamonkey-devel-1.0.9-50.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-50.el4_8.i386.rpm seamonkey-mail-1.0.9-50.el4_8.i386.rpm ia64: seamonkey-1.0.9-50.el4_8.ia64.rpm seamonkey-chat-1.0.9-50.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-50.el4_8.ia64.rpm seamonkey-devel-1.0.9-50.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-50.el4_8.ia64.rpm seamonkey-mail-1.0.9-50.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-50.el4_8.x86_64.rpm seamonkey-chat-1.0.9-50.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-50.el4_8.x86_64.rpm seamonkey-devel-1.0.9-50.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-50.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-50.el4_8.x86_64.rpm seamonkey-mail-1.0.9-50.el4_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK54kSXlSAg2UNWIIRAiGkAJ4tlxHKaudmzlVRPqUsDbg7ldWndACfazRq 5FvGE9VcSiEhgNDJ3Hm8QrE= =Cg8J -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 29 14:40:18 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 Oct 2009 10:40:18 -0400 Subject: [RHSA-2009:1535-01] Moderate: pidgin security update Message-ID: <200910291440.n9TEeVpL000545@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pidgin security update Advisory ID: RHSA-2009:1535-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1535.html Issue date: 2009-10-29 CVE Names: CVE-2009-2703 CVE-2009-3083 CVE-2009-3615 ===================================================================== 1. Summary: An updated pidgin package that fixes several security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An invalid pointer dereference bug was found in the way the Pidgin OSCAR protocol implementation processed lists of contacts. A remote attacker could send a specially-crafted contact list to a user running Pidgin, causing Pidgin to crash. (CVE-2009-3615) A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703) A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083) All Pidgin users should upgrade to this updated package, which contains backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 521823 - CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topic(s) (DoS) 521832 - CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite (DoS) 529357 - CVE-2009-3615 Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/pidgin-1.5.1-6.el3.src.rpm i386: pidgin-1.5.1-6.el3.i386.rpm pidgin-debuginfo-1.5.1-6.el3.i386.rpm ia64: pidgin-1.5.1-6.el3.ia64.rpm pidgin-debuginfo-1.5.1-6.el3.ia64.rpm ppc: pidgin-1.5.1-6.el3.ppc.rpm pidgin-debuginfo-1.5.1-6.el3.ppc.rpm s390: pidgin-1.5.1-6.el3.s390.rpm pidgin-debuginfo-1.5.1-6.el3.s390.rpm s390x: pidgin-1.5.1-6.el3.s390x.rpm pidgin-debuginfo-1.5.1-6.el3.s390x.rpm x86_64: pidgin-1.5.1-6.el3.x86_64.rpm pidgin-debuginfo-1.5.1-6.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/pidgin-1.5.1-6.el3.src.rpm i386: pidgin-1.5.1-6.el3.i386.rpm pidgin-debuginfo-1.5.1-6.el3.i386.rpm x86_64: pidgin-1.5.1-6.el3.x86_64.rpm pidgin-debuginfo-1.5.1-6.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/pidgin-1.5.1-6.el3.src.rpm i386: pidgin-1.5.1-6.el3.i386.rpm pidgin-debuginfo-1.5.1-6.el3.i386.rpm ia64: pidgin-1.5.1-6.el3.ia64.rpm pidgin-debuginfo-1.5.1-6.el3.ia64.rpm x86_64: pidgin-1.5.1-6.el3.x86_64.rpm pidgin-debuginfo-1.5.1-6.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/pidgin-1.5.1-6.el3.src.rpm i386: pidgin-1.5.1-6.el3.i386.rpm pidgin-debuginfo-1.5.1-6.el3.i386.rpm ia64: pidgin-1.5.1-6.el3.ia64.rpm pidgin-debuginfo-1.5.1-6.el3.ia64.rpm x86_64: pidgin-1.5.1-6.el3.x86_64.rpm pidgin-debuginfo-1.5.1-6.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK6akwXlSAg2UNWIIRAmzPAKCvs20QTN9bFyUGEL9OvwRU5AkDkACbB2Ma 6SUIVLtYB4UJDyfl+L5KFQ4= =GBE7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 29 14:41:54 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 Oct 2009 10:41:54 -0400 Subject: [RHSA-2009:1536-01] Moderate: pidgin security update Message-ID: <200910291441.n9TEfspR021465@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pidgin security update Advisory ID: RHSA-2009:1536-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1536.html Issue date: 2009-10-29 CVE Names: CVE-2009-3615 ===================================================================== 1. Summary: Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for Communication in Realtime (OSCAR) protocol is used by the AOL ICQ and AIM instant messaging systems. An invalid pointer dereference bug was found in the way the Pidgin OSCAR protocol implementation processed lists of contacts. A remote attacker could send a specially-crafted contact list to a user running Pidgin, causing Pidgin to crash. (CVE-2009-3615) These packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users should upgrade to these updated packages, which correct this issue. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 529357 - CVE-2009-3615 Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pidgin-2.6.3-2.el4.src.rpm i386: finch-2.6.3-2.el4.i386.rpm finch-devel-2.6.3-2.el4.i386.rpm libpurple-2.6.3-2.el4.i386.rpm libpurple-devel-2.6.3-2.el4.i386.rpm libpurple-perl-2.6.3-2.el4.i386.rpm libpurple-tcl-2.6.3-2.el4.i386.rpm pidgin-2.6.3-2.el4.i386.rpm pidgin-debuginfo-2.6.3-2.el4.i386.rpm pidgin-devel-2.6.3-2.el4.i386.rpm pidgin-perl-2.6.3-2.el4.i386.rpm ia64: finch-2.6.3-2.el4.ia64.rpm finch-devel-2.6.3-2.el4.ia64.rpm libpurple-2.6.3-2.el4.ia64.rpm libpurple-devel-2.6.3-2.el4.ia64.rpm libpurple-perl-2.6.3-2.el4.ia64.rpm libpurple-tcl-2.6.3-2.el4.ia64.rpm pidgin-2.6.3-2.el4.ia64.rpm pidgin-debuginfo-2.6.3-2.el4.ia64.rpm pidgin-devel-2.6.3-2.el4.ia64.rpm pidgin-perl-2.6.3-2.el4.ia64.rpm ppc: finch-2.6.3-2.el4.ppc.rpm finch-devel-2.6.3-2.el4.ppc.rpm libpurple-2.6.3-2.el4.ppc.rpm libpurple-devel-2.6.3-2.el4.ppc.rpm libpurple-perl-2.6.3-2.el4.ppc.rpm libpurple-tcl-2.6.3-2.el4.ppc.rpm pidgin-2.6.3-2.el4.ppc.rpm pidgin-debuginfo-2.6.3-2.el4.ppc.rpm pidgin-devel-2.6.3-2.el4.ppc.rpm pidgin-perl-2.6.3-2.el4.ppc.rpm x86_64: finch-2.6.3-2.el4.x86_64.rpm finch-devel-2.6.3-2.el4.x86_64.rpm libpurple-2.6.3-2.el4.x86_64.rpm libpurple-devel-2.6.3-2.el4.x86_64.rpm libpurple-perl-2.6.3-2.el4.x86_64.rpm libpurple-tcl-2.6.3-2.el4.x86_64.rpm pidgin-2.6.3-2.el4.x86_64.rpm pidgin-debuginfo-2.6.3-2.el4.x86_64.rpm pidgin-devel-2.6.3-2.el4.x86_64.rpm pidgin-perl-2.6.3-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pidgin-2.6.3-2.el4.src.rpm i386: finch-2.6.3-2.el4.i386.rpm finch-devel-2.6.3-2.el4.i386.rpm libpurple-2.6.3-2.el4.i386.rpm libpurple-devel-2.6.3-2.el4.i386.rpm libpurple-perl-2.6.3-2.el4.i386.rpm libpurple-tcl-2.6.3-2.el4.i386.rpm pidgin-2.6.3-2.el4.i386.rpm pidgin-debuginfo-2.6.3-2.el4.i386.rpm pidgin-devel-2.6.3-2.el4.i386.rpm pidgin-perl-2.6.3-2.el4.i386.rpm x86_64: finch-2.6.3-2.el4.x86_64.rpm finch-devel-2.6.3-2.el4.x86_64.rpm libpurple-2.6.3-2.el4.x86_64.rpm libpurple-devel-2.6.3-2.el4.x86_64.rpm libpurple-perl-2.6.3-2.el4.x86_64.rpm libpurple-tcl-2.6.3-2.el4.x86_64.rpm pidgin-2.6.3-2.el4.x86_64.rpm pidgin-debuginfo-2.6.3-2.el4.x86_64.rpm pidgin-devel-2.6.3-2.el4.x86_64.rpm pidgin-perl-2.6.3-2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pidgin-2.6.3-2.el4.src.rpm i386: finch-2.6.3-2.el4.i386.rpm finch-devel-2.6.3-2.el4.i386.rpm libpurple-2.6.3-2.el4.i386.rpm libpurple-devel-2.6.3-2.el4.i386.rpm libpurple-perl-2.6.3-2.el4.i386.rpm libpurple-tcl-2.6.3-2.el4.i386.rpm pidgin-2.6.3-2.el4.i386.rpm pidgin-debuginfo-2.6.3-2.el4.i386.rpm pidgin-devel-2.6.3-2.el4.i386.rpm pidgin-perl-2.6.3-2.el4.i386.rpm ia64: finch-2.6.3-2.el4.ia64.rpm finch-devel-2.6.3-2.el4.ia64.rpm libpurple-2.6.3-2.el4.ia64.rpm libpurple-devel-2.6.3-2.el4.ia64.rpm libpurple-perl-2.6.3-2.el4.ia64.rpm libpurple-tcl-2.6.3-2.el4.ia64.rpm pidgin-2.6.3-2.el4.ia64.rpm pidgin-debuginfo-2.6.3-2.el4.ia64.rpm pidgin-devel-2.6.3-2.el4.ia64.rpm pidgin-perl-2.6.3-2.el4.ia64.rpm x86_64: finch-2.6.3-2.el4.x86_64.rpm finch-devel-2.6.3-2.el4.x86_64.rpm libpurple-2.6.3-2.el4.x86_64.rpm libpurple-devel-2.6.3-2.el4.x86_64.rpm libpurple-perl-2.6.3-2.el4.x86_64.rpm libpurple-tcl-2.6.3-2.el4.x86_64.rpm pidgin-2.6.3-2.el4.x86_64.rpm pidgin-debuginfo-2.6.3-2.el4.x86_64.rpm pidgin-devel-2.6.3-2.el4.x86_64.rpm pidgin-perl-2.6.3-2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pidgin-2.6.3-2.el4.src.rpm i386: finch-2.6.3-2.el4.i386.rpm finch-devel-2.6.3-2.el4.i386.rpm libpurple-2.6.3-2.el4.i386.rpm libpurple-devel-2.6.3-2.el4.i386.rpm libpurple-perl-2.6.3-2.el4.i386.rpm libpurple-tcl-2.6.3-2.el4.i386.rpm pidgin-2.6.3-2.el4.i386.rpm pidgin-debuginfo-2.6.3-2.el4.i386.rpm pidgin-devel-2.6.3-2.el4.i386.rpm pidgin-perl-2.6.3-2.el4.i386.rpm ia64: finch-2.6.3-2.el4.ia64.rpm finch-devel-2.6.3-2.el4.ia64.rpm libpurple-2.6.3-2.el4.ia64.rpm libpurple-devel-2.6.3-2.el4.ia64.rpm libpurple-perl-2.6.3-2.el4.ia64.rpm libpurple-tcl-2.6.3-2.el4.ia64.rpm pidgin-2.6.3-2.el4.ia64.rpm pidgin-debuginfo-2.6.3-2.el4.ia64.rpm pidgin-devel-2.6.3-2.el4.ia64.rpm pidgin-perl-2.6.3-2.el4.ia64.rpm x86_64: finch-2.6.3-2.el4.x86_64.rpm finch-devel-2.6.3-2.el4.x86_64.rpm libpurple-2.6.3-2.el4.x86_64.rpm libpurple-devel-2.6.3-2.el4.x86_64.rpm libpurple-perl-2.6.3-2.el4.x86_64.rpm libpurple-tcl-2.6.3-2.el4.x86_64.rpm pidgin-2.6.3-2.el4.x86_64.rpm pidgin-debuginfo-2.6.3-2.el4.x86_64.rpm pidgin-devel-2.6.3-2.el4.x86_64.rpm pidgin-perl-2.6.3-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.3-2.el5.src.rpm i386: finch-2.6.3-2.el5.i386.rpm libpurple-2.6.3-2.el5.i386.rpm libpurple-perl-2.6.3-2.el5.i386.rpm libpurple-tcl-2.6.3-2.el5.i386.rpm pidgin-2.6.3-2.el5.i386.rpm pidgin-debuginfo-2.6.3-2.el5.i386.rpm pidgin-perl-2.6.3-2.el5.i386.rpm x86_64: finch-2.6.3-2.el5.i386.rpm finch-2.6.3-2.el5.x86_64.rpm libpurple-2.6.3-2.el5.i386.rpm libpurple-2.6.3-2.el5.x86_64.rpm libpurple-perl-2.6.3-2.el5.x86_64.rpm libpurple-tcl-2.6.3-2.el5.x86_64.rpm pidgin-2.6.3-2.el5.i386.rpm pidgin-2.6.3-2.el5.x86_64.rpm pidgin-debuginfo-2.6.3-2.el5.i386.rpm pidgin-debuginfo-2.6.3-2.el5.x86_64.rpm pidgin-perl-2.6.3-2.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.3-2.el5.src.rpm i386: finch-devel-2.6.3-2.el5.i386.rpm libpurple-devel-2.6.3-2.el5.i386.rpm pidgin-debuginfo-2.6.3-2.el5.i386.rpm pidgin-devel-2.6.3-2.el5.i386.rpm x86_64: finch-devel-2.6.3-2.el5.i386.rpm finch-devel-2.6.3-2.el5.x86_64.rpm libpurple-devel-2.6.3-2.el5.i386.rpm libpurple-devel-2.6.3-2.el5.x86_64.rpm pidgin-debuginfo-2.6.3-2.el5.i386.rpm pidgin-debuginfo-2.6.3-2.el5.x86_64.rpm pidgin-devel-2.6.3-2.el5.i386.rpm pidgin-devel-2.6.3-2.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pidgin-2.6.3-2.el5.src.rpm i386: finch-2.6.3-2.el5.i386.rpm finch-devel-2.6.3-2.el5.i386.rpm libpurple-2.6.3-2.el5.i386.rpm libpurple-devel-2.6.3-2.el5.i386.rpm libpurple-perl-2.6.3-2.el5.i386.rpm libpurple-tcl-2.6.3-2.el5.i386.rpm pidgin-2.6.3-2.el5.i386.rpm pidgin-debuginfo-2.6.3-2.el5.i386.rpm pidgin-devel-2.6.3-2.el5.i386.rpm pidgin-perl-2.6.3-2.el5.i386.rpm x86_64: finch-2.6.3-2.el5.i386.rpm finch-2.6.3-2.el5.x86_64.rpm finch-devel-2.6.3-2.el5.i386.rpm finch-devel-2.6.3-2.el5.x86_64.rpm libpurple-2.6.3-2.el5.i386.rpm libpurple-2.6.3-2.el5.x86_64.rpm libpurple-devel-2.6.3-2.el5.i386.rpm libpurple-devel-2.6.3-2.el5.x86_64.rpm libpurple-perl-2.6.3-2.el5.x86_64.rpm libpurple-tcl-2.6.3-2.el5.x86_64.rpm pidgin-2.6.3-2.el5.i386.rpm pidgin-2.6.3-2.el5.x86_64.rpm pidgin-debuginfo-2.6.3-2.el5.i386.rpm pidgin-debuginfo-2.6.3-2.el5.x86_64.rpm pidgin-devel-2.6.3-2.el5.i386.rpm pidgin-devel-2.6.3-2.el5.x86_64.rpm pidgin-perl-2.6.3-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK6allXlSAg2UNWIIRAkAKAJ9Nj5F13lc9+yi9UL9Wm/Dw4DAVpwCfVqQE 88xBuQhXhZRY0JOWOO5lBic= =Lj/Y -----END PGP SIGNATURE-----