From bugzilla at redhat.com Tue Sep 1 00:23:00 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Aug 2009 20:23:00 -0400 Subject: [RHSA-2009:1238-01] Important: dnsmasq security update Message-ID: <200909010023.n810N0h2002719@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: dnsmasq security update Advisory ID: RHSA-2009:1238-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1238.html Issue date: 2009-08-31 CVE Names: CVE-2009-2957 CVE-2009-2958 ===================================================================== 1. Summary: An updated dnsmasq package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP server. Core Security Technologies discovered a heap overflow flaw in dnsmasq when the TFTP service is enabled (the "--enable-tftp" command line option, or by enabling "enable-tftp" in "/etc/dnsmasq.conf"). If the configured tftp-root is sufficiently long, and a remote user sends a request that sends a long file name, dnsmasq could crash or, possibly, execute arbitrary code with the privileges of the dnsmasq service (usually the unprivileged "nobody" user). (CVE-2009-2957) A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP service is enabled. This flaw could allow a malicious TFTP client to crash the dnsmasq service. (CVE-2009-2958) Note: The default tftp-root is "/var/ftpd", which is short enough to make it difficult to exploit the CVE-2009-2957 issue; if a longer directory name is used, arbitrary code execution may be possible. As well, the dnsmasq package distributed by Red Hat does not have TFTP support enabled by default. All users of dnsmasq should upgrade to this updated package, which contains a backported patch to correct these issues. After installing the updated package, the dnsmasq service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 519020 - CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP server 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dnsmasq-2.45-1.1.el5_3.src.rpm i386: dnsmasq-2.45-1.1.el5_3.i386.rpm dnsmasq-debuginfo-2.45-1.1.el5_3.i386.rpm x86_64: dnsmasq-2.45-1.1.el5_3.x86_64.rpm dnsmasq-debuginfo-2.45-1.1.el5_3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dnsmasq-2.45-1.1.el5_3.src.rpm i386: dnsmasq-2.45-1.1.el5_3.i386.rpm dnsmasq-debuginfo-2.45-1.1.el5_3.i386.rpm ia64: dnsmasq-2.45-1.1.el5_3.ia64.rpm dnsmasq-debuginfo-2.45-1.1.el5_3.ia64.rpm ppc: dnsmasq-2.45-1.1.el5_3.ppc.rpm dnsmasq-debuginfo-2.45-1.1.el5_3.ppc.rpm s390x: dnsmasq-2.45-1.1.el5_3.s390x.rpm dnsmasq-debuginfo-2.45-1.1.el5_3.s390x.rpm x86_64: dnsmasq-2.45-1.1.el5_3.x86_64.rpm dnsmasq-debuginfo-2.45-1.1.el5_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2958 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKnGj+XlSAg2UNWIIRAqlbAJ4obBBc7erzPdu46+OD7GpyjNLnswCcCjii r+XXPtJj1i9ZsL+6ADBu2tQ= =YGeD -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 1 07:42:31 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Sep 2009 03:42:31 -0400 Subject: [RHSA-2009:1239-01] Important: kernel-rt security and bug fix update Message-ID: <200909010742.n817gViU025223@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2009:1239-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1239.html Issue date: 2009-09-01 CVE Names: CVE-2009-1895 CVE-2009-2692 CVE-2009-2847 CVE-2009-2848 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and various bugs are now available for Red Hat Enterprise MRG 1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2009-1895, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) This update also fixes the following bugs: * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers, and keeping these checks is considered a safety measure. (BZ#511187) * a bug in the locking strategy for the free_pages_bulk() kernel function was found, where a lock in a code branch was not held. This could have created a "double free" problem that resulted in a kernel panic. (BZ#513715) * udevd and multipathd were unable to service events fast enough when a Fibre Channel cable was unplugged. This caused the cable state to be out of sync if the cable was plugged back in quickly, possibly resulting in devices being removed, or path issues when using Device-Mapper Multipath. This has been changed so that users can specify devices that should not be removed if a cable is unplugged. (BZ#514541) * a race condition in exit_thread() could have eventually caused a kernel oops. (BZ#514587) * a race condition was fixed between kthread_stop() and kthread_create(). Kernel subsystems creating and stopping threads at a fast pace could hit this issue. Several inexplicable backtraces observed during tests caused this race condition. (BZ#518967) * HPET_EMULATE_RTC was being disabled during kernel compile. This was caused by an incorrect requirement in the related Kconfig entry. This issue led to failures when accessing the RTC (real time clock) in machines that had the RTC emulated by HPET (High Precision Event Timer). (BZ#519433) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 511171 - CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID 511187 - kernel: build with -fno-delete-null-pointer-checks [mrg-1] 514541 - [FOCUS] [MRG-1] When the dev_loss_tmo fires don't remove devices by default. 515392 - CVE-2009-2847 kernel: information leak in sigaltstack 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid 516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-132.el5rt.src.rpm i386: kernel-rt-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debug-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debug-devel-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.24.7-132.el5rt.i686.rpm kernel-rt-devel-2.6.24.7-132.el5rt.i686.rpm kernel-rt-trace-2.6.24.7-132.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-trace-devel-2.6.24.7-132.el5rt.i686.rpm kernel-rt-vanilla-2.6.24.7-132.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.24.7-132.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.24.7-132.el5rt.noarch.rpm x86_64: kernel-rt-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debug-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-devel-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-trace-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.24.7-132.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKnNBhXlSAg2UNWIIRAszuAKCqkLT4HwFBMQ3J6OvPpi605QplYQCfRd1o IEwkpnFKxKMH9BVv3dY3jlw= =fK9H -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 1 09:28:38 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Sep 2009 05:28:38 -0400 Subject: [RHSA-2009:1239-02] Important: kernel-rt security and bug fix update Message-ID: <200909010928.n819Scvj022389@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2009:1239-02 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1239.html Issue date: 2009-09-01 CVE Names: CVE-2009-2692 CVE-2009-2847 CVE-2009-2848 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and various bugs are now available for Red Hat Enterprise MRG 1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 1st Sep 2009] This erratum originally stated that these updated kernel packages corrected the issue CVE-2009-1895. This was a mistake as the kernel packages do not contain a fix for this issue. CVE-2009-1895 will be addressed in a future update. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) This update also fixes the following bugs: * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers, and keeping these checks is considered a safety measure. (BZ#511187) * a bug in the locking strategy for the free_pages_bulk() kernel function was found, where a lock in a code branch was not held. This could have created a "double free" problem that resulted in a kernel panic. (BZ#513715) * udevd and multipathd were unable to service events fast enough when a Fibre Channel cable was unplugged. This caused the cable state to be out of sync if the cable was plugged back in quickly, possibly resulting in devices being removed, or path issues when using Device-Mapper Multipath. This has been changed so that users can specify devices that should not be removed if a cable is unplugged. (BZ#514541) * a race condition in exit_thread() could have eventually caused a kernel oops. (BZ#514587) * a race condition was fixed between kthread_stop() and kthread_create(). Kernel subsystems creating and stopping threads at a fast pace could hit this issue. Several inexplicable backtraces observed during tests caused this race condition. (BZ#518967) * HPET_EMULATE_RTC was being disabled during kernel compile. This was caused by an incorrect requirement in the related Kconfig entry. This issue led to failures when accessing the RTC (real time clock) in machines that had the RTC emulated by HPET (High Precision Event Timer). (BZ#519433) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 511187 - kernel: build with -fno-delete-null-pointer-checks [mrg-1] 514541 - [FOCUS] [MRG-1] When the dev_loss_tmo fires don't remove devices by default. 515392 - CVE-2009-2847 kernel: information leak in sigaltstack 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid 516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-132.el5rt.src.rpm i386: kernel-rt-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debug-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debug-devel-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.24.7-132.el5rt.i686.rpm kernel-rt-devel-2.6.24.7-132.el5rt.i686.rpm kernel-rt-trace-2.6.24.7-132.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-trace-devel-2.6.24.7-132.el5rt.i686.rpm kernel-rt-vanilla-2.6.24.7-132.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-132.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.24.7-132.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.24.7-132.el5rt.noarch.rpm x86_64: kernel-rt-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debug-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-devel-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-trace-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-132.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.24.7-132.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKnOlBXlSAg2UNWIIRAq2zAKDBVrpZWK3O7kpSmrPhJd4V2kLX/wCfdJ8z ojLsMr9PAGI8m+2f1iAurgk= =j22B -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:42:24 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:42:24 -0400 Subject: [RHSA-2009:1243-02] Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update Message-ID: <200909020742.n827gPQc012366@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update Advisory ID: RHSA-2009:1243-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1243.html Issue date: 2009-09-02 Keywords: kernel update CVE Names: CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 ===================================================================== 1. Summary: Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially-crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 223947 - raid10_make_request bug: can't convert block across chunks or bigger than 64k.. 233801 - PCI devices disappear in Xen Paravirtual DomU on reboot/reset 240429 - RHEL5 Kernel crash when specifying mem= or highmem= kernel parameter 242696 - Add Filesystem Label to GFS2 244967 - Frequent path failures during I/O on DM multipath devices 290701 - pci: MSI/HT problems with some nvidia bridge chips 396621 - Increase timeout for device connection on boot 427588 - [RHEL 5.2]: Tick divider bug when using clocksource=pit 436791 - Kernel BUG at drivers/scsi/iscsi_tcp.c:387 - invalid opcode: 0000 439898 - module load option to enable entropy generation from e1000,bnx2 network cards 443541 - Online resize2fs error: Invalid argument While trying to add group #15625 445433 - A deadlock can occur between mmap/munmap and journaling(ext3). 446086 - crash formatting a DVD under libata 448115 - Guest crash when host has >= 64G RAM 448588 - RFE: improve gettimeofday performance on hypervisors 448929 - [RHEL5 U1] Kernel NFS Connectathon Test#12, 12.1 Failing 449175 - E1000 driver enables TSOv6 for hardware that doesn't support it 449346 - SMP 32bit RHEL5u1 and RHEL5u2 HVM domain might stop booting when start udev service 450862 - scsi_add_host() returns success even if the work_q was not created 451849 - ptrace(PTRACE_CONT, sig) kills app even if sig is blocked 452120 - lazy umount causes pwd to fail silently (kernel) 452534 - [RFE] Enable raw devices on s390x 454942 - RHEL5.2: ext3 panic in dx_probe 454981 - CPUID driver does not support cpuid.4 and cpuid.0xb instruments 455232 - RHEL5-U2 Installation hangs on p-series--7029, 2078 455678 - DM-multipath marks the surviving path as failed on failbacks 456437 - [RHEL5.2-Z][kernel-xen] powernow identifies the wrong number of processors. 456698 - Module snd-sb16.ko fails to build in a custom kernel. 459397 - Cannot create more than 1024 nfsd threads 459449 - [Qlogic 5.4] qla4xxx: Remove Dead/Unused code from driver 459943 - FEAT: kernel: nf_nat: backport NAT port randomisation [rhel-5.3] 460133 - NFS problem#3 of IT 106473 - 32-bit jiffy wrap around - NFS inode 460218 - GFS2: Hang when shrink_slab calls gfs2_delete_inode 460693 - Xen domU, RAID1, LVM, iscsi target export with blockio bug 461006 - SCSI Hotswap not working with sym53c8xx_2 card in NSN MCP18 system. 461288 - [EMC 5.4 feat] Require kernel support to issue Control I/O to CKD dasd on EMC Symmetrix arrays 461469 - device-mapper changes to support readonly device maps 462248 - Debug Kernel - NMI Watchdog detected LOCKUP 462352 - [RHEL-5.2] e1000e module doesn't implement SIOETHTOOL ETHTOOL_GPERMADDR 462572 - RHEL 5.1 show error msg of "PCI: BIOS Bug: MCFG area at e0000000 is not E820-reserved" during boot 462725 - [RHEL-5.2] replacing routes doesn't emit notifications via netlink 462731 - invalid behaviour of NETKEY / XFRM deleting SPD 462911 - 5.3 beta kernel -115.el breaks the proprietary Nvidia driver 463244 - [PATCH] Removing bond interfaces causes workqueue thread leak 463249 - document netdev_budget 463573 - Patches to improve timekeeping for RHEL kernels running under VMware. 464039 - Timeouts in wait_drive_not_busy with TEAC DV-W28ECW and similar 464500 - RHEL5: memmap=X$Y option doesn't yield new BIOS map 465143 - update CIFS for RHEL5.4 465456 - Kernel panic in auth_rpcgss:__gss_find_upcall 465543 - kernel module is required to enable kernel markers 465781 - MD RAID1 error handler deadlock (raid1d / make_request) 466086 - IPoIB-CM connectivity problem with eHCA adapters 466701 - RFE: an error when mounting the same NFS mount with different SELinux contexts 467698 - xen: 32 bit guest on 64 bit host oops in xen_set_pud() 467782 - unstable time source 468088 - [EMULEX 5.4 bug] scsi messages correlate with silent data corruption, but no i/o errors 468092 - number of lockd socket connections is capped at 80 469130 - Xen live migration may fail due to fragmented memory 469437 - ansi cprng needs to allow for user-provided initial counter values 469707 - specfile changes to allow just building the debug kernel 469848 - [RHEL5.2] nfs_getattr() hangs during heavy write workloads 470035 - xm dmesg printk spam -- Domain attempted WRMSR 00000000000000e8 from 00000016:3d0e9470 to 00000000:00000000 470059 - IPv6 netfilter: output routing rules based on fwmark don't work 470074 - overlapping nfs locks don't work in gfs/dlm 470111 - FIPS certification requires exporting DSA_verify function 470139 - stack usage optimization in link_path_walk() [rhel-5.4] 470202 - Kernel Panic at pci_scan_bus_parented+0xa/0x1f with "acpi=off" or "acpi=ht" options 470459 - The system stall or panic can occur when /proc/<pid>/oom_score is read 470929 - rng header needs to be in kernel-devel 471254 - lockd: fix reference count leaks in async locking case (impacts GFS2) 471281 - crypto: ansi_cprng: get_prng_bytes returning some incorrect data 471565 - Creation of mirrored logical volume with VG extent-size of 1K fails 471800 - Driver for dm9601 doesn't seem to work as advertised 471893 - kernel's inotify subsystem not send notification on inode link count change 471900 - [QLogic 5.4 feat] qla2xxx,qla8xxx - Support production FCoE hardware. 472386 - fips crypto: self-test needed for rfc4309(ccm(aes)) 472426 - missing compat sys_ustat corrupts userspace when sys_ustat called from 32-bit 472523 - AMD: Panic if cpu_khz is incorrect 472547 - [RHEL5.4 FEAT] Update ixgbe to version 2.0.8-k2 and support the 82599 (Niantic) device 472558 - oops in mirror_map (dm-raid1.c) 473504 - kernel panic in tcp_tso_segment() (iptables/netfilter) 473947 - asm-generic/ioctl.h can generate link error undefined __invalid_size_argument_for_IOC 474091 - [Intel 5.4 FEAT] TSC keeps running in C3+ 474240 - [RHEL5.1] Support of Broadcom HT1100 chipset - add new PCI ID 474301 - [AMD 5.4 FEAT] Withdraw IGN_SERR_INTERNAL for SB800 SATA 474334 - r8169 reports incredible number of RX dropped packets 474394 - crypto: des3_ede single-key doesn't work 474590 - lockd: return NLM_LCK_DENIED_GRACE_PERIOD after long periods 474646 - [LTC 5.4 FEAT] Kernel NSS support - kernel part [200790] 474664 - [LTC 5.4 FEAT] System z support for processor degradation [200975] 474688 - [LTC 5.4 FEAT] Automatic IPL after dump (kernel) [201169] 474699 - After successful connection to a WPA AP, iwlagn loses its ability to speak WEP 474797 - [RHEL 5] gen_estimator deadlock fix 474881 - [Intel 5.4 FEAT] Update the Intel igb driver to match upstream changes & include Kawela PF 474891 - PCI Domain support for HP xw9400 and xw9300 474913 - [LTC 5.4 FEAT] Thread scalability issues with TPC-C [201300] 475145 - audit: increase the maximum length of the key field 475147 - fix assorted audit_filter_task() panics on ctx == NULL 475149 - audit: fix kstrdup() error check 475150 - kernel/audit.c control character detection is off-by-one 475278 - missing audit records for descriptors created by pipe(2) and socketpair(2) 475312 - GFS2: mount attempt hangs if no more journals available 475330 - Misc kernel audit fixups 475334 - [LTC 5.4 FEAT] FCP - Performance Data collection (kernel) [201590] 475374 - Make clock source functions consistent between x86_64 & i386 arches 475530 - [LTC 5.4 FEAT] Extra kernel parameter via VMPARM [201726] 475536 - [LTC 5.4 FEAT] OpenIPMI driver update [201263] 475551 - [LTC 5.4 FEAT] TTY terminal server over IUCV (kernel) [201734] 475563 - [LTC 5.4 FEAT] Shutdown actions interface (kernel) [201747] 475567 - [Broadcom 5.4 FEAT] Update bnx2 to 1.8.2b+ 475570 - [LTC 5.4 FEAT] Provide service levels of HW & Hypervisor in Linux [201753] 475572 - [LTC 5.4 FEAT] HiperSockets Layer3 support for IPv6 [201751] 475620 - [LTC 5.4 FEAT] Update spufs for Cell in the kernel of RHEL5.4 to the upstream version [201774] 475621 - [LTC 5.4 FEAT] Enable SOL (serial over lan) usage for Cell systems with RHEL5 [201454] 475625 - [Intel 5.4 bug] ixgbe does not work reliably with 16 or more cores 475658 - [LTC 5.4 FEAT] Enable Power Button on Cell Blades [201777] 475696 - [LTC 5.4 FEAT] EEH infrastructure change for MSI-X interrupt support [201779] 475717 - [LTC 5.4 FEAT] Enhance the ipr driver to support MSI-X interrupt [201780] 475790 - Compilation failure with /usr/include/linux/futex.h header 475814 - race in aio_complete() leads to process hang 475820 - [LTC 5.4 FEAT] Linux to add Call Home data [201167] 475986 - Question for LUKS device passhprase unreadable when using Xen 476206 - ahci: jmb361 has only one port 476224 - convert NFS to new write_begin/write_end interfaces 476301 - [Chelsio FEAT] Update support for Terminator3 adapters 476626 - GFS2: [RFE] fiemap support for GFS2 476659 - softlockups due to infinite loops in posix_locks_deadlock 476707 - GFS2: [RFE] Merge upstream uevent patches into RHEL 5.4 476897 - kernel panics when attempting to rmmod the bnx2 module while it is in use. 477005 - lockdep warnings on RHEL5.3 xen guest 477012 - network hangs with xen_vnif in FV RHEL5 guest 477206 - [LTC 5.4 FEAT] Xen support for 192 CPUs [201257] 478638 - kernel-2.6.18-92.1.22.el5 misses bug fix which has to be backported. 478643 - multipath test causes memory leak and eventual system deadlock 479200 - [Broadcom 5.4 feat] Please add pcie_set_readrq() to the rhel5_drivers_pci_pcie_ga kernel symbol whitelist 479288 - [QLOGIC 5.4 feat] Add qlge 10Gb ethernet driver 479401 - GFS2: Parsing of remount arguments incorrect 479412 - PATH and EXECVE audit records contain bogus newlines 479740 - [RHEL 5.1] SUN Ultra 40 forcedeth: Network freezes reproducibly (stress) evebe600 479754 - RH5.3 x64 RC2 reboots while installing a virtual machine 479765 - Leap second message can hang the kernel 479927 - Needs to check GSO packet length against MSS 480142 - /proc/acpi/dsdt: No such device 480204 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 1 480663 - data corruption and general brokenness with ramdisks (rd) 480696 - RDMA latencytest and perftest fail with QLogic IB 480733 - 2 volume rebuilding problem - second volume rebuild doesn't succeed. 480939 - RHEL-5: Deadlock in Xen netfront driver. 480951 - Improve udp port randomization 481031 - crypto: panic handling ccm vectors with null associated data 481076 - kernel BUG at net/ipv4/netfilter/ip_nat_core.c:308 481175 - need to backport several ansi_cprng patches 481199 - waitpid() reports stopped process more than once 481226 - Bitmap Merging Patch for RHEL 5.4 481283 - [RHEL5.3] Original ether's status is keeping PROMISC MULTICAST mode 481682 - linux-2.6-misc-utrace-update.patch contains incorrect optimization 481691 - [QLogic 5.4 bug] qla2xx - Word-endian problem programming flash on PPC 481715 - BCM5704 NIC results in CPU 100%SI , sluggish system performance 482737 - Add explicit ALUA support to kernel 482796 - eHEA: mutex_unlock missing in eHEA error path 482990 - RHEL 5.3 GA kernel panics when RF Kill is on in 5100/5300 AGN 483171 - Panic at boot if SATA disk is present 483285 - fix oops when using skb_seq_read 483541 - gfs2 blocked after recovery 483588 - [RFE ] Connlimit kernel module support. 483594 - FEAT: RHEL 5.4 - update ALSA HDA audio driver from upstream 483617 - reproducible panic in debugfs_remove when unmounting gfs2 filesystem 483790 - [IPV6] Fix the return value of get destination options with NULL data 483793 - [ipv6] Fix the return value of Set Hop-by-Hop options header with NULL 483814 - kernel BUG at kernel/ptrace.c:1068 484105 - [IPV6] Return correct result for sticky options 484158 - FEAT: feature request. disable iostat collection in gendisk 484227 - [Intel 5.4 FEAT] virtualization feature VTd: hypervisor changes (Xen) 484304 - [RHEL-5.3] ARP packets aren't received by backup slaves breaking arp_validate=3 484403 - Add kernel version to oops and panic output 484590 - Running Openswan ipsec vpn server with rhel-5.3 kernel-2.6.18-128.el5 causes crash 484796 - tulip driver MTU problems when using dot1q vlans 484836 - DASDFMT not operating like CPFMTXA 484943 - [Stratus 5.4 bug] PCI hot unplug can leak MSI descriptors causing fallback to legacy interrupts 484971 - [IPv6] Update setsockopt(IPV6_MULTICAST_IF) to support RFC 3493, try2 484977 - [IPV6]: Check length of optval provided by user in setsockopt() 485098 - NULL pointer deference in gfs2_getbuf 485181 - Dock/Undock+ CDROM support for X61 and other laptops 485182 - Data cards like Huawei EC121 does not work with RHEL5 485226 - GFS2 unaligned access in gfs2_bitfit 485315 - ext4 kernelspace rebase for RHEL5.4 485381 - backport critical netxen driver fixes from upstream kernel to RHEL5.4 485718 - Add mmu-notifiers support to RHEL5 kernel 486030 - [iwl3945] Status LED doesn't light up (Lenovo T61) 486168 - GFS2: Quota mount option inconsistent with common quota/noquota options 486185 - pci_setup_bridge() clears the Prefetchable Memory Base and Limit Upper 32 Bits registers 486204 - [ipv6 RAW] Disallow IPPROTO_IPV6-level IPV6_CHECKSUM socket option on ICMPv6 sockets 486215 - [IPV6] Check outgoing interface even if source address is unspecified 486756 - nfs server rejecting large writes when sec=krb5i/p is specified 487213 - [Intel 5.4 bug] ixgbe driver double counts RX byte count 487293 - Missing DELL MD3000i storage into scsi_dh_rdac kernel module device list 487406 - [ipv6] Check the hop limit setting in ancillary data 487672 - slab corruption with dlm and clvmd on ppc64 487691 - [RHEL5.3]: modprobe xen-vnif in a KVM guest causes a crash 487929 - CVE-2009-0745 kernel: ext4: ext4_group_add() missing initialisation issue 487935 - CVE-2009-0746 kernel: ext4: make_indexed_dir() missing validation 487942 - CVE-2009-0747 kernel: ext4: ext4_isize() denial of service 487945 - CVE-2009-0748 kernel: ext4: ext4_fill_super() missing validation issue 488367 - [NET] Fix functions put_cmsg()/put_cmsg_compat() which may cause usr application memory overflow 488471 - Problem with drive status leds after update to 2.6.18-128.el5 488820 - update efifb 488964 - RHEL 5.4: hpilo - backport of bugfixes and updates from upstream 489096 - install include/trace/*.h headers in kernel-devel 489274 - [RHEL5.3 Xen]: Cannot attach > 16 PV disks using PV-on-HVM drivers 489285 - Backport lookupcache= mount option for nfs shares 489389 - [QLOGIC 5.4 bug] qla4xxx: Extended Sense Data Errors 490078 - "automount" daemon gets blocked uninterruptibly while trying to acquire "i_sem" of monitored directory 490162 - ethttool -S on r8169 version 2.2LK hangs when interface is down 490181 - NFS: an f_mode/f_flags confusion in fs/nfs/write.c 490567 - [RHEL5.3 Xen]: Annoying messages on i686 boot 490938 - [x86_64]: copy_user_c can zero more data than needed 491266 - kernel should be built with -fwrapv [rhel-5.4] 491685 - vmalloc_user() panics 2.6.18-128.1.1.el5 if a kmem cache grows 491775 - building of kernel-devel on i386 doesn't include asm-x86_64/stacktrace.h 492010 - powernow-k8: export module parameters to /sys/modules 492488 - Driver core: make bus_find_device_by_name() more robust 492866 - Xen guest kernel advertises absolute mouse pointer feature which it is incapable of setting up correctly 492911 - tar off gfs2 broken - truncated symbolic links 492943 - GFS2: gfs2_quotad in uninterruptible sleep while idle 492972 - [RHEL5.2] [IPV6] TUNNEL6: Fix incoming packet length check for inter-protocol tunnel. 493045 - memory leak when reading from files mounted with nfs mount option 'noac' 493088 - Kprobes bugfixes backport from 2.6.29 493144 - panic in SELinux code with shrinkable NFS mounts 493152 - [Intel 5.4 FEAT] virtualization feature SR/IOV: kernel changes 493448 - The SCSI tape driver (st) does not support writing with larger buffers when using aic7xxx 493451 - Upgrade to update 3 causes SATA resets. 494114 - 2.6.18-128.1.6.el5xen panic! 494288 - CPU P-state limits (via acpi _ppc) ignored by OS 494658 - With Red Hat errata 128.1.6 installed system hangs with SATA drives installed. 494876 - [RHEL5.4]: Explicitly zero CR[1] in getvcpucontext 494879 - [RHEL5.4]: Fix interaction between dom0 and NTP 494885 - GFS2: gfs2_grow changes to rindex read in wrong by the kernel 495092 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 2 495094 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 3 495125 - ptrace: wrong value for bp register at syscall entry tracing 495230 - kernel dm: OOps in mempool_free when device removed 495318 - Bonding driver updelay parameter actual behavior doesn't match documented behavior 495442 - vmscan: bail out of direct reclaim after swap_cluster_max pages 495612 - Export guest UUID through SMBIOS to show in guest dmidecode by default 495863 - kernel: tun: Add packet accounting 495866 - show_partition() oops when race with rescan_partitions() 496100 - Random crashing in dm snapshots because of a race condition 496101 - kernel BUG with dm multipath and a partial read request 496102 - Backport patches for snapshot store damage 496126 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 4 496338 - sata_mv: Fix chip type for Highpoint RocketRaid 1740/1742 496766 - autofs4 - obvious mistake in mounted check in autofs4_mount_busy() 496869 - [Intel 5.4 FEAT] virtualization feature VTd: kernel changes 496873 - [Intel 5.4 FEAT] virtualization feature enhanced VTd: hypervisor changes 496903 - Setacl not working over NFS. 497411 - kernel BUG at drivers/scsi/libiscsi.c:301! 497414 - add 'success' value to sched_wakeup and sched_wakeup_new tracepoints 497478 - [QLOGIC 5.4 bug] qla4xxx: Driver Fault Recovery 498281 - dont use DID_TRANSPORT_DISRUPTED when transitioning rport or iscsi states 498527 - ehca performance impact during creation of queue pairs 498719 - [patch] mac80211: nullfunc and hidden SSID fixes 499013 - Deadlock between libvirt and xentop 499171 - kernel: ecryptfs_parse_options: eCryptfs: unrecognized option 'ecryptfs_unlink_sigs' 499202 - New compilation warning in ext4 rebase 499289 - RHEL5.3.z LTP nanosleep02 Test Case Failure on Fujitsu Machine 499347 - Add Generic Receive Offload support 499406 - device-mapper: dm-raid45 target doesn't create parity as expected by dmraid (isw) 499541 - kernel: proc: avoid information leaks to non-privileged processes [rhel-5.4] 499776 - kernel: random: make get_random_int() more random [rhel-5.4] 499840 - nfsv4recoverydir proc file unreadable 499870 - Wacom driver with Intuos tablet does not report button press after a proximity leave/re-enter 499999 - ath5k module freezes when interface is brought down 500311 - Kernel panic when loading cpufreq_governor 500368 - NETDEV_BONDING_FAILOVER is defined twice in the kernel 500387 - device-mapper: dm-raid45 target regression causing oops on mapping table reload 500446 - [RHEL5.4] igb: debug kernel reveals incorrect call used to free multiqueue netdev 500568 - kernel-xen should *not* include pci-stub driver 500693 - LTP ftest04 and ftest08 Failures 500729 - Deadlock when a uevent is blocked waiting for the queued I/O. 500745 - Need symbols added to KABI whitelist for cmirror-kmod 500839 - renaming file on a share w/o write permissions causes oops 500857 - [RHEL5 U4] Systems seems to hang on reboot 500892 - Kernel - testing NMI watchdog ... CPU#0: NMI appears to be stuck (0)! 501082 - RHEL5.4 ext4: backport corruption fixes from .30 501178 - RHEL5: NMI lockups seen after enabling cpuspeed on -147.el5 & -148.el5 501308 - REGRESSION: iSCSI Target's Redirect login causes errors in connection 501321 - Removal of directory doesn't produce audit record if rule is recursive 501374 - disable MSI on VIA VT3364 chipsets 501468 - RHEL5.4 virtio: "Device does not have a release() function, it is broken and must be fixed" warnings 501474 - [RHEL5.4 Xen]: Xenbus warnings in a FV guest on shutdown 501475 - [RHEL5.4 Xen]: "Weight assignment" messages printed to the serial console 502944 - READ CAPACITY failed on 10TB LUN 503080 - need to fix sky2 stats 503191 - [RHEL5.4 Xen]: Tun patch causing connectathon to fail 503215 - igb: dropping rx packets 503248 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.44 503309 - qemu-kvm: page allocation failure 503737 - [RHEL5.4 Xen]: Trying to boot a FV -PAE kernel crashes 503818 - Xen dom0 fake e820 prevents IGB driver from creating VF devices 503826 - PCI device fails to allocate resource 503827 - sata_sx4: ata_cmd_set_features time out resulting in disabled device 503905 - kernel: TPM: get_event_name stack corruption [rhel-5.4] 503960 - System freezes when removing ipr driver after injecting EEH errors 504086 - GFS2: s_umount locking bug with gfs2meta filesystem type 504121 - RHEL 5.3 long installation time and low hard disk performance in VX800 platform 504181 - [Broadcom 5.4 bug] Include fixes/cleanups for bnx2i 504676 - gfs2: extending direct IO writes expose stale data (corruption) 504906 - iw_cxgb3 OFED driver update 504955 - RHEL5.4: cxgb3 update 505171 - gfs2: filesystem consistency error with statfs_slow = 1 505445 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.45 (bug fixes only) 505491 - 32-bit Dom0 Cannot Boot in RHEL5.4 505541 - BUG: soft lockup - CPU#0 stuck for 10s! [NetworkManager:5182] 505548 - 1921270 - gfs2 filesystem won't free up space when files are deleted 505601 - ext4 preallocation corruption with truncate 505653 - [RHEL5.4] ixgbe fixups for version 2.0.8-k2 specifically the 82599 506138 - need to backport upstream commit 4ea7e38696c7e798c47ebbecadfd392f23f814f9 from net-next 506140 - GFS2: Filesystem deadlock when running SPECsfs on BIGI test bed. 506151 - RHEL5.4: cxgb3i (open-iscsi) update 506511 - performance regression running Iozone with different I/O options on RHEL54 kernels 506792 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.46 (bug fixes only) 506841 - RHEL5.4 -154 e1000e using MSI-X hangs system 506845 - Kernel panic unplugging a rt73usb dongle 506981 - [QLogic 5.4 bug] qla4xxx: Testing updates, 4 fixes. 507017 - mmap_min_addr can trigger on non MAP_FIXED mmap operations 507246 - [QLogic 5.4 bug] qla2xxx - updates and fixes from upstream, part 5 507398 - [QLogic 5.4 bug] qla2xxx - updates 24xx / 25xx firmware to 4.04.09 507520 - xen kernel, modprobe -r popup call trace and error msg 507620 - [QLogic 5.4 bug] qla2xxx - properly handle event notification in FCoE environment 507932 - [RHEL 5.4] sky2: /proc/net/dev statistics are broken 508297 - RTNL: assertion failed due to bonding notify. 508409 - RHEL 5.4 cxgb3i (open-iscsi) connection error through VLAN 508806 - GFS2 panics while shrinking the glock cache. 508839 - [Emulex 5.4 bug] be2net: traffic stops when using INTx interrupts 508870 - No network traffic when igb network interface receives arp traffic during negotiation 508871 - [Emulex 5.4 bug] Unload of bonding driver causes be2net driver to deadlock 508876 - umount.gfs2 hangs eating CPU 509010 - [Emulex 5.4 bug] Update lpfc to version 8.2.0.48 (bug fixes only) 509207 - VT-d BUG() during normal traffic in ixgbe device 509526 - (RHEL 5.4 Alpha/Beta x86 ) no audio output on IbexPeak chipset 509647 - [QLogic 5.4 bug] qlge - testing fixes part 3. 509818 - cciss: spinlock deadlock causes NMI on HP systems 510008 - [Emulex 5.4 bug] Lower throughput seen on be2net with MSIx interrupt 510268 - qla2xxx - NPIV broken for PPC, endian fix 510665 - megaraid sas driver in rhel5.4-beta fails to scan for SAS tape drive (HP Ultrium 4-SCSI) 510805 - PCI FLR support needed for secure device assignment to KVM guests 511096 - bnx2i and libiscsi: make sure cnic dev is registered and fix libiscsi eh_abort locking 511141 - qla2xxx - Provide fundamental reset capability for EEH 511181 - kernel: build with -fno-delete-null-pointer-checks [rhel-5.4] 512086 - RHEL5.4: Add SATA GEN3 related messages 512266 - [Emulex 5.4 bug] Update lpfc driver to 8.2.0.48.2p to fix multiple panics 512387 - max_phys_segments violation with dm-linear + md raid1 + cciss 513067 - ahci: add device IDs for Ibex Peak SATA AHCI controllers 513070 - cciss disk devices do not have storage capability in HAL 513802 - [Broadcom 5.4 bug] cnic ISCSI_KEVENT_IF_DOWN message handling 514073 - RHEL 5.4 cxgb3i (open-iscsi) hits skb_over_panic() on write 515392 - CVE-2009-2847 kernel: information leak in sigaltstack 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.el5.src.rpm i386: kernel-2.6.18-164.el5.i686.rpm kernel-PAE-2.6.18-164.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.el5.i686.rpm kernel-PAE-devel-2.6.18-164.el5.i686.rpm kernel-debug-2.6.18-164.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.el5.i686.rpm kernel-debug-devel-2.6.18-164.el5.i686.rpm kernel-debuginfo-2.6.18-164.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.el5.i686.rpm kernel-devel-2.6.18-164.el5.i686.rpm kernel-headers-2.6.18-164.el5.i386.rpm kernel-xen-2.6.18-164.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.el5.i686.rpm kernel-xen-devel-2.6.18-164.el5.i686.rpm noarch: kernel-doc-2.6.18-164.el5.noarch.rpm x86_64: kernel-2.6.18-164.el5.x86_64.rpm kernel-debug-2.6.18-164.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm kernel-devel-2.6.18-164.el5.x86_64.rpm kernel-headers-2.6.18-164.el5.x86_64.rpm kernel-xen-2.6.18-164.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.el5.src.rpm i386: kernel-2.6.18-164.el5.i686.rpm kernel-PAE-2.6.18-164.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.el5.i686.rpm kernel-PAE-devel-2.6.18-164.el5.i686.rpm kernel-debug-2.6.18-164.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.el5.i686.rpm kernel-debug-devel-2.6.18-164.el5.i686.rpm kernel-debuginfo-2.6.18-164.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.el5.i686.rpm kernel-devel-2.6.18-164.el5.i686.rpm kernel-headers-2.6.18-164.el5.i386.rpm kernel-xen-2.6.18-164.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.el5.i686.rpm kernel-xen-devel-2.6.18-164.el5.i686.rpm ia64: kernel-2.6.18-164.el5.ia64.rpm kernel-debug-2.6.18-164.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.el5.ia64.rpm kernel-debug-devel-2.6.18-164.el5.ia64.rpm kernel-debuginfo-2.6.18-164.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.el5.ia64.rpm kernel-devel-2.6.18-164.el5.ia64.rpm kernel-headers-2.6.18-164.el5.ia64.rpm kernel-xen-2.6.18-164.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.el5.ia64.rpm kernel-xen-devel-2.6.18-164.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.el5.noarch.rpm ppc: kernel-2.6.18-164.el5.ppc64.rpm kernel-debug-2.6.18-164.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.el5.ppc64.rpm kernel-devel-2.6.18-164.el5.ppc64.rpm kernel-headers-2.6.18-164.el5.ppc.rpm kernel-headers-2.6.18-164.el5.ppc64.rpm kernel-kdump-2.6.18-164.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.el5.ppc64.rpm s390x: kernel-2.6.18-164.el5.s390x.rpm kernel-debug-2.6.18-164.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.el5.s390x.rpm kernel-debug-devel-2.6.18-164.el5.s390x.rpm kernel-debuginfo-2.6.18-164.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.el5.s390x.rpm kernel-devel-2.6.18-164.el5.s390x.rpm kernel-headers-2.6.18-164.el5.s390x.rpm kernel-kdump-2.6.18-164.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.el5.s390x.rpm x86_64: kernel-2.6.18-164.el5.x86_64.rpm kernel-debug-2.6.18-164.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm kernel-devel-2.6.18-164.el5.x86_64.rpm kernel-headers-2.6.18-164.el5.x86_64.rpm kernel-xen-2.6.18-164.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 http://www.redhat.com/security/updates/classification/#important http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/ http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniHcXlSAg2UNWIIRAlKhAJ9VFu14MlE1HMm4UmAyvHj0BsocaACePgpU IoCnDD3pJdd8yKHxjuebW2I= =jVLj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:43:16 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:43:16 -0400 Subject: [RHSA-2009:1278-02] Low: lftp security and bug fix update Message-ID: <200909020743.n827hGp5008885@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: lftp security and bug fix update Advisory ID: RHSA-2009:1278-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1278.html Issue date: 2009-09-02 CVE Names: CVE-2007-2348 ===================================================================== 1. Summary: An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. It was discovered that lftp did not properly escape shell metacharacters when generating shell scripts using the "mirror --script" command. A mirroring script generated to download files from a malicious FTP server could allow an attacker controlling the FTP server to run an arbitrary command as the user running lftp. (CVE-2007-2348) This update also fixes the following bugs: * when using the "mirror" or "get" commands with the "-c" option, lftp did not check for some specific conditions that could result in the program becoming unresponsive, hanging and the command not completing. For example, when waiting for a directory listing, if lftp received a "226" message, denoting an empty directory, it previously ignored the message and kept waiting. With this update, these conditions are properly checked for and lftp no longer hangs when "-c" is used with "mirror" or "get". (BZ#422881) * when using the "put", "mput" or "reput" commands over a Secure FTP (SFTP) connection, specifying the "-c" option sometimes resulted in corrupted files of incorrect size. With this update, using these commands over SFTP with the "-c" option works as expected, and transferred files are no longer corrupted in the transfer process. (BZ#434294) * previously, LFTP linked to the OpenSSL library. OpenSSL's license is, however, incompatible with LFTP's GNU GPL license and LFTP does not include an exception allowing OpenSSL linking. With this update, LFTP links to the GnuTLS (GNU Transport Layer Security) library, which is released under the GNU LGPL license. Like OpenSSL, GnuTLS implements the SSL and TLS protocols, so functionality has not changed. (BZ#458777) * running "help mirror" from within lftp only presented a sub-set of the available options compared to the full list presented in the man page. With this update, running "help mirror" in lftp presents the same list of mirror options as is available in the Commands section of the lftp man page. (BZ#461922) * LFTP imports gnu-lib from upstream. Subsequent to gnu-lib switching from GNU GPLv2 to GNU GPLv3, the LFTP license was internally inconsistent, with LFTP licensed as GNU GPLv2 but portions of the package apparently licensed as GNU GPLv3 because of changes made by the gnu-lib import. With this update, LFTP itself switches to GNU GPLv3, resolving the inconsistency. (BZ#468858) * when the "ls" command was used within lftp to present a directory listing on a remote system connected to via HTTP, file names containing spaces were presented incorrectly. This update corrects this behavior. (BZ#504591) * the default alias "edit" did not define a default editor. If EDITOR was not set in advance by the system, lftp attempted to execute "~/.lftp/edit.tmp.$$" (which failed because the file is not set to executable). The edit alias also did not support tab-completion of file names and incorrectly interpreted file names containing spaces. The updated package defines a default editor (vi) in the absence of a system-defined EDITOR. The edit alias now also supports tab-completion and handles file names containing spaces correctly for both downloading and uploading. (BZ#504594) Note: This update upgrades LFTP from version 3.7.3 to upstream version 3.7.11, which incorporates a number of further bug fixes to those noted above. For details regarding these fixes, refer to the "/usr/share/doc/lftp-3.7.11/NEWS" file after installing this update. (BZ#308721) All LFTP users are advised to upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 236238 - CVE-2007-2348 lftp mirror --script does not escape names and targets of symbolic links 239334 - lftp affected by problems described in CVE-2007-2348 308721 - bump lftp to current version 3.7.11 422881 - Using lftp with -c options causes hangs 434294 - lftp corrupts data when using (m)put's -c option on sftp transport 461922 - [RHEL 5] lftp 'help mirror' does not display all options defined in manpage. 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/lftp-3.7.11-4.el5.src.rpm i386: lftp-3.7.11-4.el5.i386.rpm lftp-debuginfo-3.7.11-4.el5.i386.rpm x86_64: lftp-3.7.11-4.el5.x86_64.rpm lftp-debuginfo-3.7.11-4.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/lftp-3.7.11-4.el5.src.rpm i386: lftp-3.7.11-4.el5.i386.rpm lftp-debuginfo-3.7.11-4.el5.i386.rpm ia64: lftp-3.7.11-4.el5.ia64.rpm lftp-debuginfo-3.7.11-4.el5.ia64.rpm ppc: lftp-3.7.11-4.el5.ppc.rpm lftp-debuginfo-3.7.11-4.el5.ppc.rpm s390x: lftp-3.7.11-4.el5.s390x.rpm lftp-debuginfo-3.7.11-4.el5.s390x.rpm x86_64: lftp-3.7.11-4.el5.x86_64.rpm lftp-debuginfo-3.7.11-4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2348 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniHxXlSAg2UNWIIRAlzgAKCE1NU6vFwhr4Z5HyKgmwTmmFQo8ACfULfB U6hHfR9R2/d056QXyHwgWsk= =Trc4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:43:46 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:43:46 -0400 Subject: [RHSA-2009:1287-02] Low: openssh security, bug fix, and enhancement update Message-ID: <200909020743.n827hk8f011961@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2009:1287-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1287.html Issue date: 2009-09-02 Keywords: sftp FIPS mode integrity verification scp chroot hang CVE Names: CVE-2008-5161 ===================================================================== 1. Summary: Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. This update helps mitigate this attack: OpenSSH clients and servers now prefer CTR mode ciphers to CBC mode, and the OpenSSH server now reads SSH packets up to their full possible length when corruption is detected, rather than reporting errors early, reducing the possibility of successful plain text recovery. (CVE-2008-5161) This update also fixes the following bug: * the ssh client hung when trying to close a session in which a background process still held tty file descriptors open. With this update, this so-called "hang on exit" error no longer occurs and the ssh client closes the session immediately. (BZ#454812) In addition, this update adds the following enhancements: * the SFTP server can now chroot users to various directories, including a user's home directory, after log in. A new configuration option -- ChrootDirectory -- has been added to "/etc/ssh/sshd_config" for setting this up (the default is not to chroot users). Details regarding configuring this new option are in the sshd_config(5) manual page. (BZ#440240) * the executables which are part of the OpenSSH FIPS module which is being validated will check their integrity and report their FIPS mode status to the system log or to the terminal. (BZ#467268, BZ#492363) All OpenSSH users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 440240 - request to add chroot sftp capabilty into openssh-server 472068 - CVE-2008-5161 OpenSSH: Plaintext Recovery Attack against CBC ciphers 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssh-4.3p2-36.el5.src.rpm i386: openssh-4.3p2-36.el5.i386.rpm openssh-askpass-4.3p2-36.el5.i386.rpm openssh-clients-4.3p2-36.el5.i386.rpm openssh-debuginfo-4.3p2-36.el5.i386.rpm openssh-server-4.3p2-36.el5.i386.rpm x86_64: openssh-4.3p2-36.el5.x86_64.rpm openssh-askpass-4.3p2-36.el5.x86_64.rpm openssh-clients-4.3p2-36.el5.x86_64.rpm openssh-debuginfo-4.3p2-36.el5.x86_64.rpm openssh-server-4.3p2-36.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssh-4.3p2-36.el5.src.rpm i386: openssh-4.3p2-36.el5.i386.rpm openssh-askpass-4.3p2-36.el5.i386.rpm openssh-clients-4.3p2-36.el5.i386.rpm openssh-debuginfo-4.3p2-36.el5.i386.rpm openssh-server-4.3p2-36.el5.i386.rpm ia64: openssh-4.3p2-36.el5.ia64.rpm openssh-askpass-4.3p2-36.el5.ia64.rpm openssh-clients-4.3p2-36.el5.ia64.rpm openssh-debuginfo-4.3p2-36.el5.ia64.rpm openssh-server-4.3p2-36.el5.ia64.rpm ppc: openssh-4.3p2-36.el5.ppc.rpm openssh-askpass-4.3p2-36.el5.ppc.rpm openssh-clients-4.3p2-36.el5.ppc.rpm openssh-debuginfo-4.3p2-36.el5.ppc.rpm openssh-server-4.3p2-36.el5.ppc.rpm s390x: openssh-4.3p2-36.el5.s390x.rpm openssh-askpass-4.3p2-36.el5.s390x.rpm openssh-clients-4.3p2-36.el5.s390x.rpm openssh-debuginfo-4.3p2-36.el5.s390x.rpm openssh-server-4.3p2-36.el5.s390x.rpm x86_64: openssh-4.3p2-36.el5.x86_64.rpm openssh-askpass-4.3p2-36.el5.x86_64.rpm openssh-clients-4.3p2-36.el5.x86_64.rpm openssh-debuginfo-4.3p2-36.el5.x86_64.rpm openssh-server-4.3p2-36.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniIZXlSAg2UNWIIRAtXOAJ4oqxGWa+8jYr9iE3sEn6/m6SicggCgiybx ye35DpBQnq/61lhFmbL0qdU= =yorf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:44:03 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:44:03 -0400 Subject: [RHSA-2009:1307-02] Low: ecryptfs-utils security, bug fix, and enhancement update Message-ID: <200909020744.n827i3b4024842@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: ecryptfs-utils security, bug fix, and enhancement update Advisory ID: RHSA-2009:1307-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1307.html Issue date: 2009-09-02 CVE Names: CVE-2008-5188 ===================================================================== 1. Summary: Updated ecryptfs-utils packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5.4. These updated ecryptfs-utils packages have been upgraded to upstream version 75, which provides a number of bug fixes and enhancements over the previous version. In addition, these packages provide a graphical program to help configure and use eCryptfs. To start this program, run the command: ecryptfs-mount-helper-gui Important: the syntax of certain eCryptfs mount options has changed. Users who were previously using the initial Technology Preview release of ecryptfs-utils are advised to refer to the ecryptfs(7) man page, and to update any affected mount scripts and /etc/fstab entries for eCryptfs file systems. A disclosure flaw was found in the way the "ecryptfs-setup-private" script passed passphrases to the "ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" commands as command line arguments. A local user could obtain the passphrases of other users who were running the script from the process listing. (CVE-2008-5188) These updated packages provide various enhancements, including a mount helper and supporting libraries to perform key management and mounting functions. Notable enhancements include: * a new package, ecryptfs-utils-gui, has been added to this update. This package depends on the pygtk2 and pygtk2-libglade packages and provides the eCryptfs Mount Helper GUI program. To install the GUI, first install ecryptfs-utils and then issue the following command: yum install ecryptfs-utils-gui (BZ#500997) * the "ecryptfs-rewrite-file" utility is now more intelligent when dealing with non-existent files and with filtering special files such as the "." directory. In addition, the progress output from "ecryptfs-rewrite-file" has been improved and is now more explicit about the success status of each target. (BZ#500813) * descriptions of the "verbose" flag and the "verbosity=[x]" option, where [x] is either 0 or 1, were missing from a number of eCryptfs manual pages, and have been added. Refer to the eCryptfs man pages for important information regarding using the verbose and/or verbosity options. (BZ#470444) These updated packages also fix the following bugs: * mounting a directory using the eCryptfs mount helper with an RSA key that was too small did not allow the eCryptfs mount helper to encrypt the entire key. When this situation occurred, the mount helper did not display an error message alerting the user to the fact that the key size was too small, possibly leading to corrupted files. The eCryptfs mount helper now refuses RSA keys which are to small to encrypt the eCryptfs key. (BZ#499175) * when standard input was redirected from /dev/null or was unavailable, attempting to mount a directory with the eCryptfs mount helper caused it to become unresponsive and eventually crash, or an "invalid value" error message, depending on if the "--verbosity=[value]" option was provided as an argument, and, if so, its value. With these updated packages, attempting to mount a directory using "mount.ecryptfs" under the same conditions results in either the mount helper attempting to use default values (if "verbosity=0" is supplied), or an "invalid value" error message (instead of the mount helper hanging) if standard input is redirected and "--verbosity=1" is supplied, or that option is omitted entirely. (BZ#499367) * attempting to use the eCryptfs mount helper with an OpenSSL key when the keyring did not contain enough space for the key resulted in an unhelpful error message. The user is now alerted when this situation occurs. (BZ#501460) * the eCryptfs mount helper no longer fails upon receiving an incorrect or empty answer to "yes/no" questions. (BZ#466210) Users are advised to upgrade to these updated ecryptfs-utils packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 460496 - ecryptfs complains about a missing module, fails and then loads it 472524 - CVE-2008-5188 ecryptfs-utils: potential provided password disclosure in the process table 475969 - difference between the name of the binary and the name in its usage message 482834 - RHEL5: update ecryptfs-utils to latest 499128 - `man ecryptfs' is wrong on what to write to openssl_passwd_file=XXX 499367 - mount.ecrytfs hangs when used with wrong/missing stdin 500352 - mount helper asks different set questions when the mount options are OK and when are not 500361 - [ecryptfs-add-passphrase] adding key, which is in keyring already, results in error msg 500566 - When kernel does not support filename encryption `ecryptfs-add-passphrase --fnek' should exit with exit code != 0 500623 - Access-Your-Private-Data.desktop file should have an icon associated 500804 - Typo in ecryptfs-rewrite-file(1) 500810 - ecryptfs-insert-wrapped-passphrase-into-keyring fails to add passphrase to keyring if the passphrase is in the keyring already 500813 - ecryptfs-rewrite-file should be more wise when dealing with non-existing/bogus files 500817 - ecryptfs-dot-private is not expected to be executed, remove the "x" permission 500820 - ecryptfs-setup-swap: vol_id: command not found 500824 - Possible missing runtime dependencies for `ecryptfs-setup-swap' 500829 - `ecryptfs-setup-swap' tries to restart service ``cryptdisks'' which is not present in RHEL/Fedora 500850 - [RFE] ecryptfs-manager should ask for password confirmation when creating openssl key 500997 - ecryptfs-utils-gui must require pygtk2-libglade 501275 - Select key bytes: item "default" is bogus 501460 - Error msg from ecryptfs-utils does not reflect reality when adding key to "full" keyring 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ecryptfs-utils-75-5.el5.src.rpm i386: ecryptfs-utils-75-5.el5.i386.rpm ecryptfs-utils-debuginfo-75-5.el5.i386.rpm ecryptfs-utils-gui-75-5.el5.i386.rpm x86_64: ecryptfs-utils-75-5.el5.i386.rpm ecryptfs-utils-75-5.el5.x86_64.rpm ecryptfs-utils-debuginfo-75-5.el5.i386.rpm ecryptfs-utils-debuginfo-75-5.el5.x86_64.rpm ecryptfs-utils-gui-75-5.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ecryptfs-utils-75-5.el5.src.rpm i386: ecryptfs-utils-debuginfo-75-5.el5.i386.rpm ecryptfs-utils-devel-75-5.el5.i386.rpm x86_64: ecryptfs-utils-debuginfo-75-5.el5.i386.rpm ecryptfs-utils-debuginfo-75-5.el5.x86_64.rpm ecryptfs-utils-devel-75-5.el5.i386.rpm ecryptfs-utils-devel-75-5.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ecryptfs-utils-75-5.el5.src.rpm i386: ecryptfs-utils-75-5.el5.i386.rpm ecryptfs-utils-debuginfo-75-5.el5.i386.rpm ecryptfs-utils-devel-75-5.el5.i386.rpm ecryptfs-utils-gui-75-5.el5.i386.rpm ia64: ecryptfs-utils-75-5.el5.ia64.rpm ecryptfs-utils-debuginfo-75-5.el5.ia64.rpm ecryptfs-utils-devel-75-5.el5.ia64.rpm ecryptfs-utils-gui-75-5.el5.ia64.rpm ppc: ecryptfs-utils-75-5.el5.ppc.rpm ecryptfs-utils-75-5.el5.ppc64.rpm ecryptfs-utils-debuginfo-75-5.el5.ppc.rpm ecryptfs-utils-debuginfo-75-5.el5.ppc64.rpm ecryptfs-utils-devel-75-5.el5.ppc.rpm ecryptfs-utils-devel-75-5.el5.ppc64.rpm ecryptfs-utils-gui-75-5.el5.ppc.rpm s390x: ecryptfs-utils-75-5.el5.s390.rpm ecryptfs-utils-75-5.el5.s390x.rpm ecryptfs-utils-debuginfo-75-5.el5.s390.rpm ecryptfs-utils-debuginfo-75-5.el5.s390x.rpm ecryptfs-utils-devel-75-5.el5.s390.rpm ecryptfs-utils-devel-75-5.el5.s390x.rpm ecryptfs-utils-gui-75-5.el5.s390x.rpm x86_64: ecryptfs-utils-75-5.el5.i386.rpm ecryptfs-utils-75-5.el5.x86_64.rpm ecryptfs-utils-debuginfo-75-5.el5.i386.rpm ecryptfs-utils-debuginfo-75-5.el5.x86_64.rpm ecryptfs-utils-devel-75-5.el5.i386.rpm ecryptfs-utils-devel-75-5.el5.x86_64.rpm ecryptfs-utils-gui-75-5.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5188 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniI4XlSAg2UNWIIRAnbuAKCxF6t6zHtZhvTvlCFIc20n9dSEvwCdHNuT YCW86YXnHTHnXN3JMDAAD/Y= =D68/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:44:31 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:44:31 -0400 Subject: [RHSA-2009:1321-02] Low: nfs-utils security and bug fix update Message-ID: <200909020744.n827iWSb009108@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: nfs-utils security and bug fix update Advisory ID: RHSA-2009:1321-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1321.html Issue date: 2009-09-02 Keywords: nfs-utils nfs CVE Names: CVE-2008-4552 ===================================================================== 1. Summary: An updated nfs-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. (CVE-2008-4552) This updated package also fixes the following bugs: * the "LOCKD_TCPPORT" and "LOCKD_UDPPORT" options in "/etc/sysconfig/nfs" were not honored: the lockd daemon continued to use random ports. With this update, these options are honored. (BZ#434795) * it was not possible to mount NFS file systems from a system that has the "/etc/" directory mounted on a read-only file system (this could occur on systems with an NFS-mounted root file system). With this update, it is possible to mount NFS file systems from a system that has "/etc/" mounted on a read-only file system. (BZ#450646) * arguments specified by "STATDARG=" in "/etc/sysconfig/nfs" were removed by the nfslock init script, meaning the arguments specified were never passed to rpc.statd. With this update, the nfslock init script no longer removes these arguments. (BZ#459591) * when mounting an NFS file system from a host not specified in the NFS server's "/etc/exports" file, a misleading "unknown host" error was logged on the server (the hostname lookup did not fail). With this update, a clearer error message is provided for these situations. (BZ#463578) * the nhfsstone benchmark utility did not work with NFS version 3 and 4. This update adds support to nhfsstone for NFS version 3 and 4. The new nhfsstone "-2", "-3", and "-4" options are used to select an NFS version (similar to nfsstat(8)). (BZ#465933) * the exportfs(8) manual page contained a spelling mistake, "djando", in the EXAMPLES section. (BZ#474848) * in some situations the NFS server incorrectly refused mounts to hosts that had a host alias in a NIS netgroup. (BZ#478952) * in some situations the NFS client used its cache, rather than using the latest version of a file or directory from a given export. This update adds a new mount option, "lookupcache=", which allows the NFS client to control how it caches files and directories. Note: The Red Hat Enterprise Linux 5.4 kernel update (the fourth regular update) must be installed in order to use the "lookupcache=" option. Also, "lookupcache=" is currently only available for NFS version 3. Support for NFS version 4 may be introduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat Bugzilla #511312 for further information. (BZ#489335) Users of nfs-utils should upgrade to this updated package, which contains backported patches to correct these issues. After installing this update, the nfs service will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 434795 - lockd not using settings in sysconfig/nfs 450646 - /sbin/mount.nfs fails with read-only /etc 458676 - CVE-2008-4552 nfs-utils: incorrect use of tcp_wrappers, causing hostname-based rules to be ignored 459591 - rpc.statd options not correctly parsed 463578 - confusing 'mount request from unknown host' messages 465933 - nhfsstone does not support NFSv3 and v4 474848 - typo in exportfs manpage 489335 - Add support for lookupcache= option in nfs-utils. 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-1.0.9-42.el5.src.rpm i386: nfs-utils-1.0.9-42.el5.i386.rpm nfs-utils-debuginfo-1.0.9-42.el5.i386.rpm x86_64: nfs-utils-1.0.9-42.el5.x86_64.rpm nfs-utils-debuginfo-1.0.9-42.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nfs-utils-1.0.9-42.el5.src.rpm i386: nfs-utils-1.0.9-42.el5.i386.rpm nfs-utils-debuginfo-1.0.9-42.el5.i386.rpm ia64: nfs-utils-1.0.9-42.el5.ia64.rpm nfs-utils-debuginfo-1.0.9-42.el5.ia64.rpm ppc: nfs-utils-1.0.9-42.el5.ppc.rpm nfs-utils-debuginfo-1.0.9-42.el5.ppc.rpm s390x: nfs-utils-1.0.9-42.el5.s390x.rpm nfs-utils-debuginfo-1.0.9-42.el5.s390x.rpm x86_64: nfs-utils-1.0.9-42.el5.x86_64.rpm nfs-utils-debuginfo-1.0.9-42.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniJMXlSAg2UNWIIRAuFMAJ0VKKheQkOCkPJ4xTF3fb/EUixCGACeOJaI V5pM+UJw2pEzf/E/si2tR5s= =hZpd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:45:15 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:45:15 -0400 Subject: [RHSA-2009:1335-02] Moderate: openssl security, bug fix, and enhancement update Message-ID: <200909020745.n827jGfs018113@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2009:1335-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1335.html Issue date: 2009-09-02 Keywords: FIPS-140-2 CRL SMIME CVE Names: CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 ===================================================================== 1. Summary: Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP). Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387) Note: These flaws only affect applications that use DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. These updated packages also fix the following bugs: * "openssl smime -verify -in" verifies the signature of the input file and the "-verify" switch expects a signed or encrypted input file. Previously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file. (BZ#472440) * when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817) As well, these updated packages add the following enhancements: * both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798) * an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134) * the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798) OpenSSL users should upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 479817 - Do not call pairwise tests in non-FIPS mode 492304 - CVE-2009-0590 openssl: ASN1 printing crash 501253 - CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS 501254 - CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS 501572 - CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS) 503685 - CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request 503688 - CVE-2009-1387 openssl: DTLS out-of-sequence message handling NULL deref DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5.src.rpm i386: openssl-0.9.8e-12.el5.i386.rpm openssl-0.9.8e-12.el5.i686.rpm openssl-debuginfo-0.9.8e-12.el5.i386.rpm openssl-debuginfo-0.9.8e-12.el5.i686.rpm openssl-perl-0.9.8e-12.el5.i386.rpm x86_64: openssl-0.9.8e-12.el5.i686.rpm openssl-0.9.8e-12.el5.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5.i686.rpm openssl-debuginfo-0.9.8e-12.el5.x86_64.rpm openssl-perl-0.9.8e-12.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5.src.rpm i386: openssl-debuginfo-0.9.8e-12.el5.i386.rpm openssl-devel-0.9.8e-12.el5.i386.rpm x86_64: openssl-debuginfo-0.9.8e-12.el5.i386.rpm openssl-debuginfo-0.9.8e-12.el5.x86_64.rpm openssl-devel-0.9.8e-12.el5.i386.rpm openssl-devel-0.9.8e-12.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-12.el5.src.rpm i386: openssl-0.9.8e-12.el5.i386.rpm openssl-0.9.8e-12.el5.i686.rpm openssl-debuginfo-0.9.8e-12.el5.i386.rpm openssl-debuginfo-0.9.8e-12.el5.i686.rpm openssl-devel-0.9.8e-12.el5.i386.rpm openssl-perl-0.9.8e-12.el5.i386.rpm ia64: openssl-0.9.8e-12.el5.i686.rpm openssl-0.9.8e-12.el5.ia64.rpm openssl-debuginfo-0.9.8e-12.el5.i686.rpm openssl-debuginfo-0.9.8e-12.el5.ia64.rpm openssl-devel-0.9.8e-12.el5.ia64.rpm openssl-perl-0.9.8e-12.el5.ia64.rpm ppc: openssl-0.9.8e-12.el5.ppc.rpm openssl-0.9.8e-12.el5.ppc64.rpm openssl-debuginfo-0.9.8e-12.el5.ppc.rpm openssl-debuginfo-0.9.8e-12.el5.ppc64.rpm openssl-devel-0.9.8e-12.el5.ppc.rpm openssl-devel-0.9.8e-12.el5.ppc64.rpm openssl-perl-0.9.8e-12.el5.ppc.rpm s390x: openssl-0.9.8e-12.el5.s390.rpm openssl-0.9.8e-12.el5.s390x.rpm openssl-debuginfo-0.9.8e-12.el5.s390.rpm openssl-debuginfo-0.9.8e-12.el5.s390x.rpm openssl-devel-0.9.8e-12.el5.s390.rpm openssl-devel-0.9.8e-12.el5.s390x.rpm openssl-perl-0.9.8e-12.el5.s390x.rpm x86_64: openssl-0.9.8e-12.el5.i686.rpm openssl-0.9.8e-12.el5.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5.i386.rpm openssl-debuginfo-0.9.8e-12.el5.i686.rpm openssl-debuginfo-0.9.8e-12.el5.x86_64.rpm openssl-devel-0.9.8e-12.el5.i386.rpm openssl-devel-0.9.8e-12.el5.x86_64.rpm openssl-perl-0.9.8e-12.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniJmXlSAg2UNWIIRAlEKAKCWywLE28x/dzwUbCOe7a5WV8vBdACgqKyP JnFEUuNvR1BdMbDxKEIEwHk= =2Ae1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:46:11 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:46:11 -0400 Subject: [RHSA-2009:1337-02] Low: gfs2-utils security and bug fix update Message-ID: <200909020746.n827kBAS013739@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: gfs2-utils security and bug fix update Advisory ID: RHSA-2009:1337-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1337.html Issue date: 2009-09-02 Keywords: gfs2-utils CVE Names: CVE-2008-6552 ===================================================================== 1. Summary: An updated gfs2-utils package that fixes multiple security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems. Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-6552) This update also fixes the following bugs: * gfs2_fsck now properly detects and repairs problems with sequence numbers on GFS2 file systems. * GFS2 user utilities now use the file system UUID. * gfs2_grow now properly updates the file system size during operation. * gfs2_fsck now returns the proper exit codes. * gfs2_convert now properly frees blocks when removing free blocks up to height 2. * the gfs2_fsck manual page has been renamed to fsck.gfs2 to match current standards. * the 'gfs2_tool df' command now provides human-readable output. * mounting GFS2 file systems with the noatime or noquota option now works properly. * new capabilities have been added to the gfs2_edit tool to help in testing and debugging GFS and GFS2 issues. * the 'gfs2_tool df' command no longer segfaults on file systems with a block size other than 4k. * the gfs2_grow manual page no longer references the '-r' option, which has been removed. * the 'gfs2_tool unfreeze' command no longer hangs during use. * gfs2_convert no longer corrupts file systems when converting from GFS to GFS2. * gfs2_fsck no longer segfaults when encountering a block which is listed as both a data and stuffed directory inode. * gfs2_fsck can now fix file systems even if the journal is already locked for use. * a GFS2 file system's metadata is now properly copied with 'gfs2_edit savemeta' and 'gfs2_edit restoremeta'. * the gfs2_edit savemeta function now properly saves blocks of type 2. * 'gfs2_convert -vy' now works properly on the PowerPC architecture. * when mounting a GFS2 file system as '/', mount_gfs2 no longer fails after being unable to find the file system in '/proc/mounts'. * gfs2_fsck no longer segfaults when fixing 'EA leaf block type' problems. All gfs2-utils users should upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 242701 - Add Filesystem UUID to GFS2 utils. 469773 - GFS2: gfs2_grow doesn't grow file system properly 474705 - GFS2: make gfs2_fsck conform to fsck(8) exit codes 474707 - GFS2: gfs2_convert not freeing blocks when removing file with height >=2 477072 - gfs2_fsck man page should be fsck.gfs2 man page 481762 - No longer able to mount GFS volume with noatime,noquota options 483799 - GFS2: gfs2_edit fixes for 5.4 485761 - GFS2: gfs2_tool df segfault on non-4K block size 486034 - gfs2_grow man page references removed -r option 487608 - GFS2: gfs2_tool unfreeze hangs 498646 - gfs2_fsck does not fix filesystem when 'journal is already locked for use' 501732 - mount failure after gfs2_edit restoremeta of GFS file system 502056 - GFS2: gfs2_edit savemeta needs to save freemeta blocks 506629 - GFS2: gfs2_convert, parameter not understood on ppc 510758 - fsck.gfs2 segfaults while fixing 'EA leaf block type' problem. 519436 - CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gfs2-utils-0.1.62-1.el5.src.rpm i386: gfs2-utils-0.1.62-1.el5.i386.rpm gfs2-utils-debuginfo-0.1.62-1.el5.i386.rpm x86_64: gfs2-utils-0.1.62-1.el5.x86_64.rpm gfs2-utils-debuginfo-0.1.62-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gfs2-utils-0.1.62-1.el5.src.rpm i386: gfs2-utils-0.1.62-1.el5.i386.rpm gfs2-utils-debuginfo-0.1.62-1.el5.i386.rpm ia64: gfs2-utils-0.1.62-1.el5.ia64.rpm gfs2-utils-debuginfo-0.1.62-1.el5.ia64.rpm ppc: gfs2-utils-0.1.62-1.el5.ppc.rpm gfs2-utils-debuginfo-0.1.62-1.el5.ppc.rpm s390x: gfs2-utils-0.1.62-1.el5.s390x.rpm gfs2-utils-debuginfo-0.1.62-1.el5.s390x.rpm x86_64: gfs2-utils-0.1.62-1.el5.x86_64.rpm gfs2-utils-debuginfo-0.1.62-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6552 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniKRXlSAg2UNWIIRAuVaAKC4DuQv08PQBMmzJJs/sWnY5aN/pACgkdWH inFl2QiVaXbBJ1dXPZg/nAk= =QTFs -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:46:36 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:46:36 -0400 Subject: [RHSA-2009:1339-02] Low: rgmanager security, bug fix, and enhancement update Message-ID: <200909020746.n827kaOc001464@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: rgmanager security, bug fix, and enhancement update Advisory ID: RHSA-2009:1339-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1339.html Issue date: 2009-09-02 CVE Names: CVE-2008-6552 ===================================================================== 1. Summary: An updated rgmanager package that fixes multiple security issues, various bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications in the event of system downtime. Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552) This update also fixes the following bugs: * clulog now accepts '-' as the first character in messages. * if expire_time is 0, max_restarts is no longer ignored. * the SAP resource agents included in the rgmanager package shipped with Red Hat Enterprise Linux 5.3 were outdated. This update includes the most recent SAP resource agents and, consequently, improves SAP failover support. * empty PID files no longer cause resource start failures. * recovery policy of type 'restart' now works properly when using a resource based on ra-skelet.sh. * samba.sh has been updated to kill the PID listed in the proper PID file. * handling of the '-F' option has been improved to fix issues causing rgmanager to crash if no members of a restricted failover domain were online. * the number of simultaneous status checks can now be limited to prevent load spikes. * forking and cloning during status checks has been optimized to reduce load spikes. * rg_test no longer hangs when run with large cluster configuration files. * when rgmanager is used with a restricted failover domain it will no longer occasionally segfault when some nodes are offline during a failover event. * virtual machine guests no longer restart after a cluster.conf update. * nfsclient.sh no longer leaves temporary files after running. * extra checks from the Oracle agents have been removed. * vm.sh now uses libvirt. * users can now define an explicit service processing order when central_processing is enabled. * virtual machine guests can no longer start on 2 nodes at the same time. * in some cases a successfully migrated virtual machine guest could restart when the cluster.conf file was updated. * incorrect reporting of a service being started when it was not started has been addressed. As well, this update adds the following enhancements: * a startup_wait option has been added to the MySQL resource agent. * services can now be prioritized. * rgmanager now checks to see if it has been killed by the OOM killer and if so, reboots the node. Users of rgmanager are advised to upgrade to this updated package, which resolves these issues and adds these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 250718 - fs.sh inefficient scripting leads to load peaks and disk saturation 412911 - Convert all XM management calls to either lib virt or virsh 449394 - Recovery policy of type restart doesn't work with a service using a resource based on ra-skelet.sh 468691 - Virtual Services guest can start on 2 nodes at same time 470917 - The oracledb.sh script checks in strange intervals(10s, 5m, 4.5m) 471066 - rgmanager oracledb.sh resource agent does not properly check for all db startup failures. 471226 - oracledb.sh script kills ALL oracle instances when failing over 471431 - second ocf_log message doesn't make it to /var/log/messages 474444 - Zero-length pid files cause resource start failures 475826 - Update support for SAP resource agents (rgmanager) 481058 - MySQL Service Startup Timeout after Crash 482858 - Cluster Event Script needs Updates to include Group Exclusive 483093 - rgmanager: samba.sh tries to kill the wrong pid file 486349 - nfsclient.sh leaves temporary files /tmp/nfsclient-status-cache-$$ 486717 - clusvcadm -e <service> -F handling bugs 488714 - Enabling (according to failover domain rules) a frozen service results in a unusable failed+frozen service 489785 - /usr/share/cluster/apache.sh does not handle a valid /etc/httpd/conf/httpd.conf configuration correctly 490449 - domU's restart after cluster.conf update 490455 - rg_test hangs when running against cluster 492828 - RFE: priorities for services/virtual machines 494977 - segfault in check_rdomain_crash() during failover 505340 - VM migration and subsequent cluster.conf update can cause the VM restart 514044 - vm.sh does will fail resource if "no state" is detected 519436 - CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues 6. Package List: RHEL Clustering (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rgmanager-2.0.52-1.el5.src.rpm i386: rgmanager-2.0.52-1.el5.i386.rpm rgmanager-debuginfo-2.0.52-1.el5.i386.rpm ia64: rgmanager-2.0.52-1.el5.ia64.rpm rgmanager-debuginfo-2.0.52-1.el5.ia64.rpm ppc: rgmanager-2.0.52-1.el5.ppc.rpm rgmanager-debuginfo-2.0.52-1.el5.ppc.rpm x86_64: rgmanager-2.0.52-1.el5.x86_64.rpm rgmanager-debuginfo-2.0.52-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6552 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniLIXlSAg2UNWIIRAlb4AJwIkJJHbOXlvjwOcbwjt70V0asv/wCeNBm+ xcb6vJWVqnC+4Fu+Rc5pXaw= =ohX8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:46:55 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:46:55 -0400 Subject: [RHSA-2009:1341-02] Low: cman security, bug fix, and enhancement update Message-ID: <200909020746.n827ktuU018380@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: cman security, bug fix, and enhancement update Advisory ID: RHSA-2009:1341-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1341.html Issue date: 2009-09-02 Keywords: cman CVE Names: CVE-2008-4579 CVE-2008-6552 ===================================================================== 1. Summary: Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579, CVE-2008-6552) Bug fixes: * a buffer could overflow if cluster.conf had more than 52 entries per block inside the block. The limit is now 1024. * the output of the group_tool dump subcommands were NULL padded. * using device="" instead of label="" no longer causes qdiskd to incorrectly exit. * the IPMI fencing agent has been modified to time out after 10 seconds. It is also now possible to specify a different timeout value with the '-t' option. * the IPMI fencing agent now allows punctuation in passwords. * quickly starting and stopping the cman service no longer causes the cluster membership to become inconsistent across the cluster. * an issue with lock syncing caused 'receive_own from' errors to be logged to '/var/log/messages'. * an issue which caused gfs_controld to segfault when mounting hundreds of file systems has been fixed. * the LPAR fencing agent now properly reports status when an LPAR is in Open Firmware mode. * the LPAR fencing agent now works properly with systems using the Integrated Virtualization Manager (IVM). * the APC SNMP fencing agent now properly recognizes outletStatusOn and outletStatusOff return codes from the SNMP agent. * the WTI fencing agent can now connect to fencing devices with no password. * the rps-10 fencing agent now properly performs a reboot when run with no options. * the IPMI fencing agent now supports different cipher types with the '-C' option. * qdisk now properly scans devices and partitions. * cman now checks to see if a new node has state to prevent killing the first node during cluster setup. * 'service qdiskd start' now works properly. * the McData fence agent now works properly with the McData Sphereon 4500 Fabric Switch. * the Egenera fence agent can now specify an SSH login name. * the APC fence agent now works with non-admin accounts when using the 3.5.x firmware. * fence_xvmd now tries two methods to reboot a virtual machine. * connections to OpenAIS are now allowed from unprivileged CPG clients with the user and group of 'ais'. * groupd no longer allows the default fence domain to be '0', which previously caused rgmanager to hang. Now, rgmanager no longer hangs. * the RSA fence agent now supports SSH enabled RSA II devices. * the DRAC fence agent now works with the Integrated Dell Remote Access Controller (iDRAC) on Dell PowerEdge M600 blade servers. * fixed a memory leak in cman. * qdisk now displays a warning if more than one label is found with the same name. * the DRAC5 fencing agent now shows proper usage instructions for the '-D' option. * cman no longer uses the wrong node name when getnameinfo() fails. * the SCSI fence agent now verifies that sg_persist is installed. * the DRAC5 fencing agent now properly handles modulename. * QDisk now logs warning messages if it appears its I/O to shared storage is hung. * fence_apc no longer fails with a pexpect exception. * removing a node from the cluster using 'cman_tool leave remove' now properly reduces the expected_votes and quorum. * a semaphore leak in cman has been fixed. * 'cman_tool nodes -F name' no longer segfaults when a node is out of membership. Enhancements: * support for: ePowerSwitch 8+ and LPAR/HMC v3 devices, Cisco MDS 9124 and MDS 9134 SAN switches, the virsh fencing agent, and broadcast communication with cman. * fence_scsi limitations added to fence_scsi man page. Users of cman are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 276541 - fence_impilan blocks alternative fencing agents when connectivity to IPMI fails. 322291 - rps-10 fence agent does not perform default reboot action 447497 - RFE: support for IPMI v2.0 ciphersuites in fence_ipmilan 447964 - fence_ipmilan does not handle punctuation in password 467386 - CVE-2008-4579 cman/fence: insecure temporary file usage in the apc fence agents 468966 - Possible buffer overflow in cman config loader can lead to memory corruption 472460 - cman_tool nodes -F name segfaults when a node is out of membership 472786 - cluster view inconsistent after "service cman stop; service cman start" 473961 - clvmd memory leak 474163 - gfs_controld: receive_own from N messages with plock_ownership enabled 480178 - fence_xvmd Fails to Reboot VM 480401 - gfs_controld segfault during multiple mount attempt 480836 - [RFE] Add support for Cisco 9124 and 9134 SAN switches as fence devices 481566 - [PATCH] /sbin/fence_lpar - properly report status on systems in Open Firmware 481664 - fence_wti is unable to connect to (password-less) fencing device 484095 - fence_apc_snmp: invalid status outletStatusOff 484956 - qdiskd does not prune partitions mapped to dm-mpio devices 485026 - Cman kills first node in initial cluster setup 485199 - 'service qdiskd restart' doesn't work 485469 - Normal users cannot run CPG clients if openais is started by cman. 485700 - fence_lpar doesn't work with hmc version 3 487436 - Qdisk should choose first disk if multiple disks containing same label exist 487501 - Exceptions in fencing agents 488565 - cman uses local node name for lookup during start up 488958 - GFS: Allow fence_egenera to specify ssh login name 491640 - APC Fence Agent does not work with non-admin account 493165 - group_tool ls fence returns one for fence id ZERO 493207 - groupd assigns zero group id 493802 - [RFE] Providing support for ssh enabled RSA II fence devices 496629 - [RFE] Include fence_virsh along with the present agents 496724 - fence_drac5 uses module_name instead of modulename 498329 - fence_drac5 help output shows incorrect usage 499767 - groupd segfaults on start 500450 - qdiskd I/O hang reporting 500567 - Flag added to openais to report security errors causes cman not to build 501586 - fence agents (fence_apc, fence_wti) fails with pexpect exception 502674 - fence_lpar can't log in to IVM systems 504705 - fence_lpar: lssyscfg command on HMC can take longer than SHELL_TIMEOUT 505258 - cman_tool leave remove does not reduce quorum 505594 - semaphore leak during cluster startup/shutdown cycle 512998 - Fence_scsi limitations man page fix needed 514758 - [RHEL5][cman] fence_apc_snmp: local variable 'verbose_filename' referenced before assignment 519436 - CVE-2008-6552 cman, gfs2-utils, rgmanager: multiple insecure temporary file use issues 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cman-2.0.115-1.el5.src.rpm i386: cman-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.i386.rpm x86_64: cman-2.0.115-1.el5.x86_64.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.x86_64.rpm cman-devel-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cman-2.0.115-1.el5.src.rpm i386: cman-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.i386.rpm ia64: cman-2.0.115-1.el5.ia64.rpm cman-debuginfo-2.0.115-1.el5.ia64.rpm cman-devel-2.0.115-1.el5.ia64.rpm ppc: cman-2.0.115-1.el5.ppc.rpm cman-debuginfo-2.0.115-1.el5.ppc.rpm cman-debuginfo-2.0.115-1.el5.ppc64.rpm cman-devel-2.0.115-1.el5.ppc.rpm cman-devel-2.0.115-1.el5.ppc64.rpm s390x: cman-2.0.115-1.el5.s390x.rpm cman-debuginfo-2.0.115-1.el5.s390.rpm cman-debuginfo-2.0.115-1.el5.s390x.rpm cman-devel-2.0.115-1.el5.s390.rpm cman-devel-2.0.115-1.el5.s390x.rpm x86_64: cman-2.0.115-1.el5.x86_64.rpm cman-debuginfo-2.0.115-1.el5.i386.rpm cman-debuginfo-2.0.115-1.el5.x86_64.rpm cman-devel-2.0.115-1.el5.i386.rpm cman-devel-2.0.115-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4579 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6552 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniLhXlSAg2UNWIIRAtAOAJ0SrFjaDs000GRLzUBIVXmP0EOnhgCgpvoq x+uMGBr8XX8kuPre5qpRyLE= =e/BF -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:47:31 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:47:31 -0400 Subject: [RHSA-2009:1364-02] Low: gdm security and bug fix update Message-ID: <200909020747.n827lVq0012876@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: gdm security and bug fix update Advisory ID: RHSA-2009:1364-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1364.html Issue date: 2009-09-02 CVE Names: CVE-2009-2697 ===================================================================== 1. Summary: Updated gdm packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time. A flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697) This update also fixes the following bugs: * the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in "/usr/share/doc/". (BZ#196054) * GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931) * the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process. This was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process. This update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971) * the "gdm" user is now part of the "audio" group by default. This enables audio support at the login screen. (BZ#458331) * the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262) * a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in "/etc/X11/xorg.conf" was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in "/etc/X11/xorg.conf" are not plugged in. (BZ#474588) All users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 239818 - CVE-2009-2697 gdm not built with tcp_wrappers 441971 - [RHEL5] GDM sometimes doesn't come back after ctrl-alt-backspace 458331 - Add supplementary audio group to the gdm user 473262 - Mouse cursor not movable when using tablet instead of mouse 474588 - gdmgreeter crashes if input device (ex wacom) is defined but not plugged 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gdm-2.16.0-56.el5.src.rpm i386: gdm-2.16.0-56.el5.i386.rpm gdm-debuginfo-2.16.0-56.el5.i386.rpm gdm-docs-2.16.0-56.el5.i386.rpm x86_64: gdm-2.16.0-56.el5.x86_64.rpm gdm-debuginfo-2.16.0-56.el5.x86_64.rpm gdm-docs-2.16.0-56.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gdm-2.16.0-56.el5.src.rpm i386: gdm-2.16.0-56.el5.i386.rpm gdm-debuginfo-2.16.0-56.el5.i386.rpm gdm-docs-2.16.0-56.el5.i386.rpm ia64: gdm-2.16.0-56.el5.ia64.rpm gdm-debuginfo-2.16.0-56.el5.ia64.rpm gdm-docs-2.16.0-56.el5.ia64.rpm ppc: gdm-2.16.0-56.el5.ppc.rpm gdm-debuginfo-2.16.0-56.el5.ppc.rpm gdm-docs-2.16.0-56.el5.ppc.rpm s390x: gdm-2.16.0-56.el5.s390x.rpm gdm-debuginfo-2.16.0-56.el5.s390x.rpm gdm-docs-2.16.0-56.el5.s390x.rpm x86_64: gdm-2.16.0-56.el5.x86_64.rpm gdm-debuginfo-2.16.0-56.el5.x86_64.rpm gdm-docs-2.16.0-56.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2697 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniL2XlSAg2UNWIIRAln6AKC3/M5ZmpbmaBVFLdn7RNzOulSzmQCdGBZe YksBLpZC8+2hI3t5kPK3WvM= =5JMs -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 2 07:56:57 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Sep 2009 03:56:57 -0400 Subject: [RHSA-2009:1289-02] Moderate: mysql security and bug fix update Message-ID: <200909020756.n827uw33020242@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql security and bug fix update Advisory ID: RHSA-2009:1289-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1289.html Issue date: 2009-09-02 CVE Names: CVE-2008-2079 CVE-2008-3963 CVE-2008-4456 CVE-2009-2446 ===================================================================== 1. Summary: Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: This attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed. (CVE-2008-2079) A flaw was found in the way MySQL handles an empty bit-string literal. A remote, authenticated attacker could crash the MySQL server daemon (mysqld) if they used an empty bit-string literal in an SQL statement. This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash. (CVE-2008-3963) An insufficient HTML entities quoting flaw was found in the mysql command line client's HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later retrieved using the mysql command line client and its HTML output mode, they could perform a cross-site scripting (XSS) attack against victims viewing the HTML output in a web browser. (CVE-2008-4456) Multiple format string flaws were found in the way the MySQL server logs user commands when creating and deleting databases. A remote, authenticated attacker with permissions to CREATE and DROP databases could use these flaws to formulate a specifically-crafted SQL command that would cause a temporary denial of service (open connections to mysqld are terminated). (CVE-2009-2446) Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld "--log" command line option or the "log" option in "/etc/my.cnf") must be enabled. This logging is not enabled by default. This update also fixes multiple bugs. Details regarding these bugs can be found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find a link to the Technical Notes in the References section of this errata. Note: These updated packages upgrade MySQL to version 5.0.77 to incorporate numerous upstream bug fixes. Details of these changes are found in the following MySQL Release Notes: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html All MySQL users are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 435494 - Timeout error starting MySQL when using non-default socket file value (fix provided) 445222 - CVE-2008-2079 mysql: privilege escalation via DATA/INDEX DIRECTORY directives 448534 - upgrade to RHEL5.2 - breaks mysql replication between MasterDB and Slave 450178 - Somewhat dubious code in mysqld init.d script 452824 - mysql-server crash permanently 453156 - DATE function used in WHERE clause - broken 455619 - tmpdir variable not honored for internally created temporary tables 457218 - 'Explicit or implicit commit' error/server crash with concurrent transactions 462071 - CVE-2008-3963 MySQL: Using an empty binary value leads to server crash 462534 - SQL Config files should not be read more than once 466518 - CVE-2008-4456 mysql: mysql command line client XSS flaw 470036 - Got query result when using ORDER BY ASC, but empty result when using DESC 476896 - CVE-2008-3963 MySQL: Using an empty binary value leads to server crash 511020 - CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.77-3.el5.src.rpm i386: mysql-5.0.77-3.el5.i386.rpm mysql-debuginfo-5.0.77-3.el5.i386.rpm x86_64: mysql-5.0.77-3.el5.i386.rpm mysql-5.0.77-3.el5.x86_64.rpm mysql-debuginfo-5.0.77-3.el5.i386.rpm mysql-debuginfo-5.0.77-3.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.77-3.el5.src.rpm i386: mysql-bench-5.0.77-3.el5.i386.rpm mysql-debuginfo-5.0.77-3.el5.i386.rpm mysql-devel-5.0.77-3.el5.i386.rpm mysql-server-5.0.77-3.el5.i386.rpm mysql-test-5.0.77-3.el5.i386.rpm x86_64: mysql-bench-5.0.77-3.el5.x86_64.rpm mysql-debuginfo-5.0.77-3.el5.i386.rpm mysql-debuginfo-5.0.77-3.el5.x86_64.rpm mysql-devel-5.0.77-3.el5.i386.rpm mysql-devel-5.0.77-3.el5.x86_64.rpm mysql-server-5.0.77-3.el5.x86_64.rpm mysql-test-5.0.77-3.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql-5.0.77-3.el5.src.rpm i386: mysql-5.0.77-3.el5.i386.rpm mysql-bench-5.0.77-3.el5.i386.rpm mysql-debuginfo-5.0.77-3.el5.i386.rpm mysql-devel-5.0.77-3.el5.i386.rpm mysql-server-5.0.77-3.el5.i386.rpm mysql-test-5.0.77-3.el5.i386.rpm ia64: mysql-5.0.77-3.el5.i386.rpm mysql-5.0.77-3.el5.ia64.rpm mysql-bench-5.0.77-3.el5.ia64.rpm mysql-debuginfo-5.0.77-3.el5.i386.rpm mysql-debuginfo-5.0.77-3.el5.ia64.rpm mysql-devel-5.0.77-3.el5.ia64.rpm mysql-server-5.0.77-3.el5.ia64.rpm mysql-test-5.0.77-3.el5.ia64.rpm ppc: mysql-5.0.77-3.el5.ppc.rpm mysql-5.0.77-3.el5.ppc64.rpm mysql-bench-5.0.77-3.el5.ppc.rpm mysql-debuginfo-5.0.77-3.el5.ppc.rpm mysql-debuginfo-5.0.77-3.el5.ppc64.rpm mysql-devel-5.0.77-3.el5.ppc.rpm mysql-devel-5.0.77-3.el5.ppc64.rpm mysql-server-5.0.77-3.el5.ppc.rpm mysql-server-5.0.77-3.el5.ppc64.rpm mysql-test-5.0.77-3.el5.ppc.rpm s390x: mysql-5.0.77-3.el5.s390.rpm mysql-5.0.77-3.el5.s390x.rpm mysql-bench-5.0.77-3.el5.s390x.rpm mysql-debuginfo-5.0.77-3.el5.s390.rpm mysql-debuginfo-5.0.77-3.el5.s390x.rpm mysql-devel-5.0.77-3.el5.s390.rpm mysql-devel-5.0.77-3.el5.s390x.rpm mysql-server-5.0.77-3.el5.s390x.rpm mysql-test-5.0.77-3.el5.s390x.rpm x86_64: mysql-5.0.77-3.el5.i386.rpm mysql-5.0.77-3.el5.x86_64.rpm mysql-bench-5.0.77-3.el5.x86_64.rpm mysql-debuginfo-5.0.77-3.el5.i386.rpm mysql-debuginfo-5.0.77-3.el5.x86_64.rpm mysql-devel-5.0.77-3.el5.i386.rpm mysql-devel-5.0.77-3.el5.x86_64.rpm mysql-server-5.0.77-3.el5.x86_64.rpm mysql-test-5.0.77-3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3963 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446 http://www.redhat.com/security/updates/classification/#moderate http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/mysql.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKniUnXlSAg2UNWIIRAgHTAJ4nWXhZtNNdx7brfVOXYpCHYV41GACgj4Oc wet7FvGJwfZ7S/QaKZqUIEE= =2TRT -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Sep 4 10:25:07 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 4 Sep 2009 06:25:07 -0400 Subject: [RHSA-2009:1426-01] Important: openoffice.org security update Message-ID: <200909041025.n84APIwh009921@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2009:1426-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1426.html Issue date: 2009-09-04 CVE Names: CVE-2009-0200 CVE-2009-0201 ===================================================================== 1. Summary: Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, x86_64 Red Hat Enterprise Linux WS version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 500993 - CVE-2009-0200 OpenOffice.org Word document Integer Underflow 502194 - CVE-2009-0201 OpenOffice.org Word document buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-44.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-44.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-44.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-44.2.0.EL3.src.rpm i386: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm x86_64: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.1.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.1.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm ppc: openoffice.org-1.1.5-10.6.0.7.EL4.1.ppc.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.ppc.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.ppc.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.1.ppc.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.ppc.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.ppc.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.ppc.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.1.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.1.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.1.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.1.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.7.EL4.1.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.0.1.src.rpm i386: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-kde-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm x86_64: openoffice.org-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-debuginfo-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-i18n-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org-libs-1.1.5-10.6.0.7.EL4.1.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.0.1.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.0.1.i386.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.3.0-6.11.el5_4.1.src.rpm i386: openoffice.org-base-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-calc-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-core-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-debuginfo-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-draw-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-emailmerge-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-graphicfilter-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-headless-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-impress-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-javafilter-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-af_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ar-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-as_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-bg_BG-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-bn-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ca_ES-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-cy_GB-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-da_DK-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-de-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-el_GR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-es-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-et_EE-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-eu_ES-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-fi_FI-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-fr-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ga_IE-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-gl_ES-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-gu_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-he_IL-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-hi_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-hr_HR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-hu_HU-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-it-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ja_JP-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-kn_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ko_KR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-lt_LT-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ml_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-mr_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ms_MY-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nb_NO-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nl-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nn_NO-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-or_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pa_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pl_PL-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pt_BR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pt_PT-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ru-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sk_SK-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sl_SI-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sr_CS-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-st_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sv-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ta_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-te_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-th_TH-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-tr_TR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ur-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-zh_CN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-zh_TW-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-math-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-pyuno-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-testtools-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-writer-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-xsltfilter-2.3.0-6.11.el5_4.1.i386.rpm x86_64: openoffice.org-base-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-calc-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-core-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-debuginfo-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-draw-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-emailmerge-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-graphicfilter-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-headless-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-impress-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-javafilter-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-af_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ar-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-as_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-bg_BG-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-bn-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ca_ES-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-cy_GB-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-da_DK-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-de-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-el_GR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-es-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-et_EE-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-eu_ES-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-fi_FI-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-fr-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ga_IE-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-gl_ES-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-gu_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-he_IL-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-hi_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-hr_HR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-hu_HU-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-it-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ja_JP-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-kn_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ko_KR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-lt_LT-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ml_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-mr_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ms_MY-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nb_NO-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nl-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nn_NO-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-or_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pa_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pl_PL-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pt_BR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pt_PT-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ru-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sk_SK-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sl_SI-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sr_CS-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-st_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sv-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ta_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-te_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-th_TH-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-tr_TR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ur-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-zh_CN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-zh_TW-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-math-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-pyuno-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-testtools-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-writer-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-xsltfilter-2.3.0-6.11.el5_4.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.3.0-6.11.el5_4.1.src.rpm i386: openoffice.org-debuginfo-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-sdk-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-sdk-doc-2.3.0-6.11.el5_4.1.i386.rpm x86_64: openoffice.org-debuginfo-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-sdk-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-sdk-doc-2.3.0-6.11.el5_4.1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-2.3.0-6.11.el5_4.1.src.rpm i386: openoffice.org-base-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-calc-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-core-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-debuginfo-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-draw-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-emailmerge-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-graphicfilter-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-headless-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-impress-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-javafilter-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-af_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ar-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-as_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-bg_BG-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-bn-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ca_ES-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-cy_GB-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-da_DK-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-de-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-el_GR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-es-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-et_EE-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-eu_ES-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-fi_FI-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-fr-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ga_IE-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-gl_ES-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-gu_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-he_IL-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-hi_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-hr_HR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-hu_HU-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-it-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ja_JP-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-kn_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ko_KR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-lt_LT-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ml_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-mr_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ms_MY-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nb_NO-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nl-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nn_NO-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-or_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pa_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pl_PL-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pt_BR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-pt_PT-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ru-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sk_SK-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sl_SI-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sr_CS-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-st_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-sv-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ta_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-te_IN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-th_TH-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-tr_TR-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ur-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-zh_CN-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-zh_TW-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-math-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-pyuno-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-sdk-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-sdk-doc-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-testtools-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-writer-2.3.0-6.11.el5_4.1.i386.rpm openoffice.org-xsltfilter-2.3.0-6.11.el5_4.1.i386.rpm x86_64: openoffice.org-base-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-calc-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-core-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-debuginfo-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-draw-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-emailmerge-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-graphicfilter-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-headless-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-impress-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-javafilter-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-af_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ar-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-as_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-bg_BG-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-bn-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ca_ES-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-cs_CZ-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-cy_GB-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-da_DK-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-de-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-el_GR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-es-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-et_EE-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-eu_ES-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-fi_FI-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-fr-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ga_IE-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-gl_ES-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-gu_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-he_IL-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-hi_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-hr_HR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-hu_HU-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-it-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ja_JP-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-kn_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ko_KR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-lt_LT-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ml_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-mr_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ms_MY-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nb_NO-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nl-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nn_NO-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nr_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-nso_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-or_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pa_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pl_PL-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pt_BR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-pt_PT-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ru-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sk_SK-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sl_SI-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sr_CS-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ss_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-st_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-sv-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ta_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-te_IN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-th_TH-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-tn_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-tr_TR-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ts_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ur-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-ve_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-xh_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-zh_CN-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-zh_TW-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-langpack-zu_ZA-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-math-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-pyuno-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-sdk-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-sdk-doc-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-testtools-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-writer-2.3.0-6.11.el5_4.1.x86_64.rpm openoffice.org-xsltfilter-2.3.0-6.11.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0200 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0201 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKoOreXlSAg2UNWIIRAuFAAKC8NYr/7EvNrv2/37AQUn88NQo7NwCfVhmW rDGoFxn7sgeuHY63eJJSws8= =mwLa -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 8 15:55:40 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Sep 2009 11:55:40 -0400 Subject: [RHSA-2009:1427-01] Moderate: fetchmail security update Message-ID: <200909081555.n88FtesX032180@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: fetchmail security update Advisory ID: RHSA-2009:1427-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1427.html Issue date: 2009-09-08 CVE Names: CVE-2007-4565 CVE-2008-2711 CVE-2009-2666 ===================================================================== 1. Summary: An updated fetchmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse fetchmail into accepting it by mistake. (CVE-2009-2666) A flaw was found in the way fetchmail handles rejections from a remote SMTP server when sending warning mail to the postmaster. If fetchmail sent a warning mail to the postmaster of an SMTP server and that SMTP server rejected it, fetchmail could crash. (CVE-2007-4565) A flaw was found in fetchmail. When fetchmail is run in double verbose mode ("-v -v"), it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was also running in daemon mode ("-d"). (CVE-2008-2711) Note: when using SSL-enabled services, it is recommended that the fetchmail "--sslcertck" option be used to enforce strict SSL certificate checking. All fetchmail users should upgrade to this updated package, which contains backported patches to correct these issues. If fetchmail is running in daemon mode, it must be restarted for this update to take effect (use the "fetchmail --quit" command to stop the fetchmail process). 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 260601 - CVE-2007-4565 Fetchmail NULL pointer dereference 451758 - CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode 515804 - CVE-2009-2666 fetchmail: SSL null terminator bypass 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/fetchmail-6.2.0-3.el3.5.src.rpm i386: fetchmail-6.2.0-3.el3.5.i386.rpm fetchmail-debuginfo-6.2.0-3.el3.5.i386.rpm ia64: fetchmail-6.2.0-3.el3.5.ia64.rpm fetchmail-debuginfo-6.2.0-3.el3.5.ia64.rpm ppc: fetchmail-6.2.0-3.el3.5.ppc.rpm fetchmail-debuginfo-6.2.0-3.el3.5.ppc.rpm s390: fetchmail-6.2.0-3.el3.5.s390.rpm fetchmail-debuginfo-6.2.0-3.el3.5.s390.rpm s390x: fetchmail-6.2.0-3.el3.5.s390x.rpm fetchmail-debuginfo-6.2.0-3.el3.5.s390x.rpm x86_64: fetchmail-6.2.0-3.el3.5.x86_64.rpm fetchmail-debuginfo-6.2.0-3.el3.5.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/fetchmail-6.2.0-3.el3.5.src.rpm i386: fetchmail-6.2.0-3.el3.5.i386.rpm fetchmail-debuginfo-6.2.0-3.el3.5.i386.rpm x86_64: fetchmail-6.2.0-3.el3.5.x86_64.rpm fetchmail-debuginfo-6.2.0-3.el3.5.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/fetchmail-6.2.0-3.el3.5.src.rpm i386: fetchmail-6.2.0-3.el3.5.i386.rpm fetchmail-debuginfo-6.2.0-3.el3.5.i386.rpm ia64: fetchmail-6.2.0-3.el3.5.ia64.rpm fetchmail-debuginfo-6.2.0-3.el3.5.ia64.rpm x86_64: fetchmail-6.2.0-3.el3.5.x86_64.rpm fetchmail-debuginfo-6.2.0-3.el3.5.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/fetchmail-6.2.0-3.el3.5.src.rpm i386: fetchmail-6.2.0-3.el3.5.i386.rpm fetchmail-debuginfo-6.2.0-3.el3.5.i386.rpm ia64: fetchmail-6.2.0-3.el3.5.ia64.rpm fetchmail-debuginfo-6.2.0-3.el3.5.ia64.rpm x86_64: fetchmail-6.2.0-3.el3.5.x86_64.rpm fetchmail-debuginfo-6.2.0-3.el3.5.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/fetchmail-6.2.5-6.0.1.el4_8.1.src.rpm i386: fetchmail-6.2.5-6.0.1.el4_8.1.i386.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.i386.rpm ia64: fetchmail-6.2.5-6.0.1.el4_8.1.ia64.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.ia64.rpm ppc: fetchmail-6.2.5-6.0.1.el4_8.1.ppc.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.ppc.rpm s390: fetchmail-6.2.5-6.0.1.el4_8.1.s390.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.s390.rpm s390x: fetchmail-6.2.5-6.0.1.el4_8.1.s390x.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.s390x.rpm x86_64: fetchmail-6.2.5-6.0.1.el4_8.1.x86_64.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/fetchmail-6.2.5-6.0.1.el4_8.1.src.rpm i386: fetchmail-6.2.5-6.0.1.el4_8.1.i386.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.i386.rpm x86_64: fetchmail-6.2.5-6.0.1.el4_8.1.x86_64.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/fetchmail-6.2.5-6.0.1.el4_8.1.src.rpm i386: fetchmail-6.2.5-6.0.1.el4_8.1.i386.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.i386.rpm ia64: fetchmail-6.2.5-6.0.1.el4_8.1.ia64.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.ia64.rpm x86_64: fetchmail-6.2.5-6.0.1.el4_8.1.x86_64.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/fetchmail-6.2.5-6.0.1.el4_8.1.src.rpm i386: fetchmail-6.2.5-6.0.1.el4_8.1.i386.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.i386.rpm ia64: fetchmail-6.2.5-6.0.1.el4_8.1.ia64.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.ia64.rpm x86_64: fetchmail-6.2.5-6.0.1.el4_8.1.x86_64.rpm fetchmail-debuginfo-6.2.5-6.0.1.el4_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/fetchmail-6.3.6-1.1.el5_3.1.src.rpm i386: fetchmail-6.3.6-1.1.el5_3.1.i386.rpm fetchmail-debuginfo-6.3.6-1.1.el5_3.1.i386.rpm x86_64: fetchmail-6.3.6-1.1.el5_3.1.x86_64.rpm fetchmail-debuginfo-6.3.6-1.1.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/fetchmail-6.3.6-1.1.el5_3.1.src.rpm i386: fetchmail-6.3.6-1.1.el5_3.1.i386.rpm fetchmail-debuginfo-6.3.6-1.1.el5_3.1.i386.rpm ia64: fetchmail-6.3.6-1.1.el5_3.1.ia64.rpm fetchmail-debuginfo-6.3.6-1.1.el5_3.1.ia64.rpm ppc: fetchmail-6.3.6-1.1.el5_3.1.ppc.rpm fetchmail-debuginfo-6.3.6-1.1.el5_3.1.ppc.rpm s390x: fetchmail-6.3.6-1.1.el5_3.1.s390x.rpm fetchmail-debuginfo-6.3.6-1.1.el5_3.1.s390x.rpm x86_64: fetchmail-6.3.6-1.1.el5_3.1.x86_64.rpm fetchmail-debuginfo-6.3.6-1.1.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKpn40XlSAg2UNWIIRAt+aAKCYcJCAoG3hKpdS8+ToLeKFbSY+0ACfW1HK 6cxSCqhXF2Mh76xUL1CRBWM= =w9r2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 8 15:56:28 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Sep 2009 11:56:28 -0400 Subject: [RHSA-2009:1428-01] Moderate: xmlsec1 security update Message-ID: <200909081556.n88FuSEH007436@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlsec1 security update Advisory ID: RHSA-2009:1428-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1428.html Issue date: 2009-09-08 CVE Names: CVE-2009-0217 ===================================================================== 1. Summary: Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 511915 - CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xmlsec1-1.2.6-3.1.src.rpm i386: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-devel-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-devel-1.2.6-3.1.i386.rpm ia64: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-1.2.6-3.1.ia64.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.ia64.rpm xmlsec1-devel-1.2.6-3.1.ia64.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.1.ia64.rpm ppc: xmlsec1-1.2.6-3.1.ppc.rpm xmlsec1-1.2.6-3.1.ppc64.rpm xmlsec1-debuginfo-1.2.6-3.1.ppc.rpm xmlsec1-debuginfo-1.2.6-3.1.ppc64.rpm xmlsec1-devel-1.2.6-3.1.ppc.rpm xmlsec1-openssl-1.2.6-3.1.ppc.rpm xmlsec1-openssl-1.2.6-3.1.ppc64.rpm xmlsec1-openssl-devel-1.2.6-3.1.ppc.rpm s390: xmlsec1-1.2.6-3.1.s390.rpm xmlsec1-debuginfo-1.2.6-3.1.s390.rpm xmlsec1-devel-1.2.6-3.1.s390.rpm xmlsec1-openssl-1.2.6-3.1.s390.rpm xmlsec1-openssl-devel-1.2.6-3.1.s390.rpm s390x: xmlsec1-1.2.6-3.1.s390.rpm xmlsec1-1.2.6-3.1.s390x.rpm xmlsec1-debuginfo-1.2.6-3.1.s390.rpm xmlsec1-debuginfo-1.2.6-3.1.s390x.rpm xmlsec1-devel-1.2.6-3.1.s390x.rpm xmlsec1-openssl-1.2.6-3.1.s390.rpm xmlsec1-openssl-1.2.6-3.1.s390x.rpm xmlsec1-openssl-devel-1.2.6-3.1.s390x.rpm x86_64: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-1.2.6-3.1.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.x86_64.rpm xmlsec1-devel-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xmlsec1-1.2.6-3.1.src.rpm i386: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-devel-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-devel-1.2.6-3.1.i386.rpm x86_64: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-1.2.6-3.1.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.x86_64.rpm xmlsec1-devel-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xmlsec1-1.2.6-3.1.src.rpm i386: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-devel-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-devel-1.2.6-3.1.i386.rpm ia64: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-1.2.6-3.1.ia64.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.ia64.rpm xmlsec1-devel-1.2.6-3.1.ia64.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.1.ia64.rpm x86_64: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-1.2.6-3.1.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.x86_64.rpm xmlsec1-devel-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xmlsec1-1.2.6-3.1.src.rpm i386: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-devel-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-devel-1.2.6-3.1.i386.rpm ia64: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-1.2.6-3.1.ia64.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.ia64.rpm xmlsec1-devel-1.2.6-3.1.ia64.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.1.ia64.rpm x86_64: xmlsec1-1.2.6-3.1.i386.rpm xmlsec1-1.2.6-3.1.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.1.i386.rpm xmlsec1-debuginfo-1.2.6-3.1.x86_64.rpm xmlsec1-devel-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-1.2.6-3.1.i386.rpm xmlsec1-openssl-1.2.6-3.1.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xmlsec1-1.2.9-8.1.1.src.rpm i386: xmlsec1-1.2.9-8.1.1.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-1.2.9-8.1.1.i386.rpm xmlsec1-nss-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-1.2.9-8.1.1.i386.rpm x86_64: xmlsec1-1.2.9-8.1.1.i386.rpm xmlsec1-1.2.9-8.1.1.x86_64.rpm xmlsec1-debuginfo-1.2.9-8.1.1.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.1.x86_64.rpm xmlsec1-gnutls-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-1.2.9-8.1.1.x86_64.rpm xmlsec1-nss-1.2.9-8.1.1.i386.rpm xmlsec1-nss-1.2.9-8.1.1.x86_64.rpm xmlsec1-openssl-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-1.2.9-8.1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xmlsec1-1.2.9-8.1.1.src.rpm i386: xmlsec1-debuginfo-1.2.9-8.1.1.i386.rpm xmlsec1-devel-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.i386.rpm x86_64: xmlsec1-debuginfo-1.2.9-8.1.1.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.1.x86_64.rpm xmlsec1-devel-1.2.9-8.1.1.i386.rpm xmlsec1-devel-1.2.9-8.1.1.x86_64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.x86_64.rpm xmlsec1-nss-devel-1.2.9-8.1.1.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.1.x86_64.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xmlsec1-1.2.9-8.1.1.src.rpm i386: xmlsec1-1.2.9-8.1.1.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.1.i386.rpm xmlsec1-devel-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.i386.rpm xmlsec1-nss-1.2.9-8.1.1.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.i386.rpm ia64: xmlsec1-1.2.9-8.1.1.ia64.rpm xmlsec1-debuginfo-1.2.9-8.1.1.ia64.rpm xmlsec1-devel-1.2.9-8.1.1.ia64.rpm xmlsec1-gnutls-1.2.9-8.1.1.ia64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.ia64.rpm xmlsec1-nss-1.2.9-8.1.1.ia64.rpm xmlsec1-nss-devel-1.2.9-8.1.1.ia64.rpm xmlsec1-openssl-1.2.9-8.1.1.ia64.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.ia64.rpm ppc: xmlsec1-1.2.9-8.1.1.ppc.rpm xmlsec1-1.2.9-8.1.1.ppc64.rpm xmlsec1-debuginfo-1.2.9-8.1.1.ppc.rpm xmlsec1-debuginfo-1.2.9-8.1.1.ppc64.rpm xmlsec1-devel-1.2.9-8.1.1.ppc.rpm xmlsec1-devel-1.2.9-8.1.1.ppc64.rpm xmlsec1-gnutls-1.2.9-8.1.1.ppc.rpm xmlsec1-gnutls-1.2.9-8.1.1.ppc64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.ppc.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.ppc64.rpm xmlsec1-nss-1.2.9-8.1.1.ppc.rpm xmlsec1-nss-1.2.9-8.1.1.ppc64.rpm xmlsec1-nss-devel-1.2.9-8.1.1.ppc.rpm xmlsec1-nss-devel-1.2.9-8.1.1.ppc64.rpm xmlsec1-openssl-1.2.9-8.1.1.ppc.rpm xmlsec1-openssl-1.2.9-8.1.1.ppc64.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.ppc.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.ppc64.rpm s390x: xmlsec1-1.2.9-8.1.1.s390.rpm xmlsec1-1.2.9-8.1.1.s390x.rpm xmlsec1-debuginfo-1.2.9-8.1.1.s390.rpm xmlsec1-debuginfo-1.2.9-8.1.1.s390x.rpm xmlsec1-devel-1.2.9-8.1.1.s390.rpm xmlsec1-devel-1.2.9-8.1.1.s390x.rpm xmlsec1-gnutls-1.2.9-8.1.1.s390.rpm xmlsec1-gnutls-1.2.9-8.1.1.s390x.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.s390.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.s390x.rpm xmlsec1-nss-1.2.9-8.1.1.s390.rpm xmlsec1-nss-1.2.9-8.1.1.s390x.rpm xmlsec1-nss-devel-1.2.9-8.1.1.s390.rpm xmlsec1-nss-devel-1.2.9-8.1.1.s390x.rpm xmlsec1-openssl-1.2.9-8.1.1.s390.rpm xmlsec1-openssl-1.2.9-8.1.1.s390x.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.s390.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.s390x.rpm x86_64: xmlsec1-1.2.9-8.1.1.i386.rpm xmlsec1-1.2.9-8.1.1.x86_64.rpm xmlsec1-debuginfo-1.2.9-8.1.1.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.1.x86_64.rpm xmlsec1-devel-1.2.9-8.1.1.i386.rpm xmlsec1-devel-1.2.9-8.1.1.x86_64.rpm xmlsec1-gnutls-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-1.2.9-8.1.1.x86_64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.1.x86_64.rpm xmlsec1-nss-1.2.9-8.1.1.i386.rpm xmlsec1-nss-1.2.9-8.1.1.x86_64.rpm xmlsec1-nss-devel-1.2.9-8.1.1.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.1.x86_64.rpm xmlsec1-openssl-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-1.2.9-8.1.1.x86_64.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217 http://www.redhat.com/security/updates/classification/#moderate http://www.w3.org/TR/xmldsig-core/ http://tools.ietf.org/html/rfc2104 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKpn6BXlSAg2UNWIIRAkQvAKC/9IRYmCcHmsT3uDHJEXxcrVP6kQCgrVZT QVi1XvTTRfVEMxsk3BCKHjs= =+Wgs -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 9 23:51:58 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Sep 2009 19:51:58 -0400 Subject: [RHSA-2009:1430-01] Critical: firefox security update Message-ID: <200909092351.n89NpwTP007144@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2009:1430-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1430.html Issue date: 2009-09-09 CVE Names: CVE-2009-2654 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075) A use-after-free flaw was found in Firefox. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3077) A flaw was found in the way Firefox handles malformed JavaScript. A website with an object containing malicious JavaScript could execute that JavaScript with the privileges of the user running Firefox. (CVE-2009-3079) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3076) A flaw was found in the way Firefox displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) A flaw was found in the way Firefox displays certain Unicode characters. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-3078) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.14. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 521311 - CVE-2009-2654 firefox: URL bar spoofing vulnerability 521686 - CVE-2009-3070 Firefox 3.5 3.0.14 browser engine crashes 521687 - CVE-2009-3071 Firefox 3.5.2 3.0.14 browser engine crashes 521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes 521690 - CVE-2009-3074 Firefox 3.5 3.0.14 JavaScript engine crashes 521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes 521692 - CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal 521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability 521694 - CVE-2009-3078 Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters 521695 - CVE-2009-3079 Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.14-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nspr-4.7.5-1.el4_8.src.rpm i386: firefox-3.0.14-1.el4.i386.rpm firefox-debuginfo-3.0.14-1.el4.i386.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-devel-4.7.5-1.el4_8.i386.rpm ia64: firefox-3.0.14-1.el4.ia64.rpm firefox-debuginfo-3.0.14-1.el4.ia64.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-4.7.5-1.el4_8.ia64.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.ia64.rpm nspr-devel-4.7.5-1.el4_8.ia64.rpm ppc: firefox-3.0.14-1.el4.ppc.rpm firefox-debuginfo-3.0.14-1.el4.ppc.rpm nspr-4.7.5-1.el4_8.ppc.rpm nspr-4.7.5-1.el4_8.ppc64.rpm nspr-debuginfo-4.7.5-1.el4_8.ppc.rpm nspr-debuginfo-4.7.5-1.el4_8.ppc64.rpm nspr-devel-4.7.5-1.el4_8.ppc.rpm s390: firefox-3.0.14-1.el4.s390.rpm firefox-debuginfo-3.0.14-1.el4.s390.rpm nspr-4.7.5-1.el4_8.s390.rpm nspr-debuginfo-4.7.5-1.el4_8.s390.rpm nspr-devel-4.7.5-1.el4_8.s390.rpm s390x: firefox-3.0.14-1.el4.s390x.rpm firefox-debuginfo-3.0.14-1.el4.s390x.rpm nspr-4.7.5-1.el4_8.s390.rpm nspr-4.7.5-1.el4_8.s390x.rpm nspr-debuginfo-4.7.5-1.el4_8.s390.rpm nspr-debuginfo-4.7.5-1.el4_8.s390x.rpm nspr-devel-4.7.5-1.el4_8.s390x.rpm x86_64: firefox-3.0.14-1.el4.x86_64.rpm firefox-debuginfo-3.0.14-1.el4.x86_64.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-4.7.5-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.x86_64.rpm nspr-devel-4.7.5-1.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.14-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nspr-4.7.5-1.el4_8.src.rpm i386: firefox-3.0.14-1.el4.i386.rpm firefox-debuginfo-3.0.14-1.el4.i386.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-devel-4.7.5-1.el4_8.i386.rpm x86_64: firefox-3.0.14-1.el4.x86_64.rpm firefox-debuginfo-3.0.14-1.el4.x86_64.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-4.7.5-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.x86_64.rpm nspr-devel-4.7.5-1.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.14-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nspr-4.7.5-1.el4_8.src.rpm i386: firefox-3.0.14-1.el4.i386.rpm firefox-debuginfo-3.0.14-1.el4.i386.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-devel-4.7.5-1.el4_8.i386.rpm ia64: firefox-3.0.14-1.el4.ia64.rpm firefox-debuginfo-3.0.14-1.el4.ia64.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-4.7.5-1.el4_8.ia64.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.ia64.rpm nspr-devel-4.7.5-1.el4_8.ia64.rpm x86_64: firefox-3.0.14-1.el4.x86_64.rpm firefox-debuginfo-3.0.14-1.el4.x86_64.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-4.7.5-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.x86_64.rpm nspr-devel-4.7.5-1.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.14-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nspr-4.7.5-1.el4_8.src.rpm i386: firefox-3.0.14-1.el4.i386.rpm firefox-debuginfo-3.0.14-1.el4.i386.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-devel-4.7.5-1.el4_8.i386.rpm ia64: firefox-3.0.14-1.el4.ia64.rpm firefox-debuginfo-3.0.14-1.el4.ia64.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-4.7.5-1.el4_8.ia64.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.ia64.rpm nspr-devel-4.7.5-1.el4_8.ia64.rpm x86_64: firefox-3.0.14-1.el4.x86_64.rpm firefox-debuginfo-3.0.14-1.el4.x86_64.rpm nspr-4.7.5-1.el4_8.i386.rpm nspr-4.7.5-1.el4_8.x86_64.rpm nspr-debuginfo-4.7.5-1.el4_8.i386.rpm nspr-debuginfo-4.7.5-1.el4_8.x86_64.rpm nspr-devel-4.7.5-1.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.14-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.7.5-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.14-1.el5_4.src.rpm i386: firefox-3.0.14-1.el5_4.i386.rpm firefox-debuginfo-3.0.14-1.el5_4.i386.rpm nspr-4.7.5-1.el5_4.i386.rpm nspr-debuginfo-4.7.5-1.el5_4.i386.rpm xulrunner-1.9.0.14-1.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.i386.rpm x86_64: firefox-3.0.14-1.el5_4.i386.rpm firefox-3.0.14-1.el5_4.x86_64.rpm firefox-debuginfo-3.0.14-1.el5_4.i386.rpm firefox-debuginfo-3.0.14-1.el5_4.x86_64.rpm nspr-4.7.5-1.el5_4.i386.rpm nspr-4.7.5-1.el5_4.x86_64.rpm nspr-debuginfo-4.7.5-1.el5_4.i386.rpm nspr-debuginfo-4.7.5-1.el5_4.x86_64.rpm xulrunner-1.9.0.14-1.el5_4.i386.rpm xulrunner-1.9.0.14-1.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.7.5-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.14-1.el5_4.src.rpm i386: nspr-debuginfo-4.7.5-1.el5_4.i386.rpm nspr-devel-4.7.5-1.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.i386.rpm xulrunner-devel-1.9.0.14-1.el5_4.i386.rpm xulrunner-devel-unstable-1.9.0.14-1.el5_4.i386.rpm x86_64: nspr-debuginfo-4.7.5-1.el5_4.i386.rpm nspr-debuginfo-4.7.5-1.el5_4.x86_64.rpm nspr-devel-4.7.5-1.el5_4.i386.rpm nspr-devel-4.7.5-1.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.x86_64.rpm xulrunner-devel-1.9.0.14-1.el5_4.i386.rpm xulrunner-devel-1.9.0.14-1.el5_4.x86_64.rpm xulrunner-devel-unstable-1.9.0.14-1.el5_4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.14-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.7.5-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.14-1.el5_4.src.rpm i386: firefox-3.0.14-1.el5_4.i386.rpm firefox-debuginfo-3.0.14-1.el5_4.i386.rpm nspr-4.7.5-1.el5_4.i386.rpm nspr-debuginfo-4.7.5-1.el5_4.i386.rpm nspr-devel-4.7.5-1.el5_4.i386.rpm xulrunner-1.9.0.14-1.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.i386.rpm xulrunner-devel-1.9.0.14-1.el5_4.i386.rpm xulrunner-devel-unstable-1.9.0.14-1.el5_4.i386.rpm ia64: firefox-3.0.14-1.el5_4.ia64.rpm firefox-debuginfo-3.0.14-1.el5_4.ia64.rpm nspr-4.7.5-1.el5_4.i386.rpm nspr-4.7.5-1.el5_4.ia64.rpm nspr-debuginfo-4.7.5-1.el5_4.i386.rpm nspr-debuginfo-4.7.5-1.el5_4.ia64.rpm nspr-devel-4.7.5-1.el5_4.ia64.rpm xulrunner-1.9.0.14-1.el5_4.ia64.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.ia64.rpm xulrunner-devel-1.9.0.14-1.el5_4.ia64.rpm xulrunner-devel-unstable-1.9.0.14-1.el5_4.ia64.rpm ppc: firefox-3.0.14-1.el5_4.ppc.rpm firefox-debuginfo-3.0.14-1.el5_4.ppc.rpm nspr-4.7.5-1.el5_4.ppc.rpm nspr-4.7.5-1.el5_4.ppc64.rpm nspr-debuginfo-4.7.5-1.el5_4.ppc.rpm nspr-debuginfo-4.7.5-1.el5_4.ppc64.rpm nspr-devel-4.7.5-1.el5_4.ppc.rpm nspr-devel-4.7.5-1.el5_4.ppc64.rpm xulrunner-1.9.0.14-1.el5_4.ppc.rpm xulrunner-1.9.0.14-1.el5_4.ppc64.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.ppc.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.ppc64.rpm xulrunner-devel-1.9.0.14-1.el5_4.ppc.rpm xulrunner-devel-1.9.0.14-1.el5_4.ppc64.rpm xulrunner-devel-unstable-1.9.0.14-1.el5_4.ppc.rpm s390x: firefox-3.0.14-1.el5_4.s390.rpm firefox-3.0.14-1.el5_4.s390x.rpm firefox-debuginfo-3.0.14-1.el5_4.s390.rpm firefox-debuginfo-3.0.14-1.el5_4.s390x.rpm nspr-4.7.5-1.el5_4.s390.rpm nspr-4.7.5-1.el5_4.s390x.rpm nspr-debuginfo-4.7.5-1.el5_4.s390.rpm nspr-debuginfo-4.7.5-1.el5_4.s390x.rpm nspr-devel-4.7.5-1.el5_4.s390.rpm nspr-devel-4.7.5-1.el5_4.s390x.rpm xulrunner-1.9.0.14-1.el5_4.s390.rpm xulrunner-1.9.0.14-1.el5_4.s390x.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.s390.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.s390x.rpm xulrunner-devel-1.9.0.14-1.el5_4.s390.rpm xulrunner-devel-1.9.0.14-1.el5_4.s390x.rpm xulrunner-devel-unstable-1.9.0.14-1.el5_4.s390x.rpm x86_64: firefox-3.0.14-1.el5_4.i386.rpm firefox-3.0.14-1.el5_4.x86_64.rpm firefox-debuginfo-3.0.14-1.el5_4.i386.rpm firefox-debuginfo-3.0.14-1.el5_4.x86_64.rpm nspr-4.7.5-1.el5_4.i386.rpm nspr-4.7.5-1.el5_4.x86_64.rpm nspr-debuginfo-4.7.5-1.el5_4.i386.rpm nspr-debuginfo-4.7.5-1.el5_4.x86_64.rpm nspr-devel-4.7.5-1.el5_4.i386.rpm nspr-devel-4.7.5-1.el5_4.x86_64.rpm xulrunner-1.9.0.14-1.el5_4.i386.rpm xulrunner-1.9.0.14-1.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.14-1.el5_4.x86_64.rpm xulrunner-devel-1.9.0.14-1.el5_4.i386.rpm xulrunner-devel-1.9.0.14-1.el5_4.x86_64.rpm xulrunner-devel-unstable-1.9.0.14-1.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079 http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.14 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKqD9yXlSAg2UNWIIRAhKWAJ9nDdWECOvP39qUCISpW9u1fOrU3wCeIMhB CXiLS5LPLfkBSkp7XEwxZdQ= =+U+t -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 9 23:52:48 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Sep 2009 19:52:48 -0400 Subject: [RHSA-2009:1431-01] Critical: seamonkey security update Message-ID: <200909092352.n89Nqm0C005131@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2009:1431-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1431.html Issue date: 2009-09-09 CVE Names: CVE-2009-2654 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 521311 - CVE-2009-2654 firefox: URL bar spoofing vulnerability 521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes 521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes 521692 - CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal 521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-48.el4_8.src.rpm i386: seamonkey-1.0.9-48.el4_8.i386.rpm seamonkey-chat-1.0.9-48.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-48.el4_8.i386.rpm seamonkey-devel-1.0.9-48.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-48.el4_8.i386.rpm seamonkey-mail-1.0.9-48.el4_8.i386.rpm ia64: seamonkey-1.0.9-48.el4_8.ia64.rpm seamonkey-chat-1.0.9-48.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-48.el4_8.ia64.rpm seamonkey-devel-1.0.9-48.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-48.el4_8.ia64.rpm seamonkey-mail-1.0.9-48.el4_8.ia64.rpm ppc: seamonkey-1.0.9-48.el4_8.ppc.rpm seamonkey-chat-1.0.9-48.el4_8.ppc.rpm seamonkey-debuginfo-1.0.9-48.el4_8.ppc.rpm seamonkey-devel-1.0.9-48.el4_8.ppc.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.ppc.rpm seamonkey-js-debugger-1.0.9-48.el4_8.ppc.rpm seamonkey-mail-1.0.9-48.el4_8.ppc.rpm s390: seamonkey-1.0.9-48.el4_8.s390.rpm seamonkey-chat-1.0.9-48.el4_8.s390.rpm seamonkey-debuginfo-1.0.9-48.el4_8.s390.rpm seamonkey-devel-1.0.9-48.el4_8.s390.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.s390.rpm seamonkey-js-debugger-1.0.9-48.el4_8.s390.rpm seamonkey-mail-1.0.9-48.el4_8.s390.rpm s390x: seamonkey-1.0.9-48.el4_8.s390x.rpm seamonkey-chat-1.0.9-48.el4_8.s390x.rpm seamonkey-debuginfo-1.0.9-48.el4_8.s390x.rpm seamonkey-devel-1.0.9-48.el4_8.s390x.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.s390x.rpm seamonkey-js-debugger-1.0.9-48.el4_8.s390x.rpm seamonkey-mail-1.0.9-48.el4_8.s390x.rpm x86_64: seamonkey-1.0.9-48.el4_8.x86_64.rpm seamonkey-chat-1.0.9-48.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-48.el4_8.x86_64.rpm seamonkey-devel-1.0.9-48.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-48.el4_8.x86_64.rpm seamonkey-mail-1.0.9-48.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-48.el4_8.src.rpm i386: seamonkey-1.0.9-48.el4_8.i386.rpm seamonkey-chat-1.0.9-48.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-48.el4_8.i386.rpm seamonkey-devel-1.0.9-48.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-48.el4_8.i386.rpm seamonkey-mail-1.0.9-48.el4_8.i386.rpm x86_64: seamonkey-1.0.9-48.el4_8.x86_64.rpm seamonkey-chat-1.0.9-48.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-48.el4_8.x86_64.rpm seamonkey-devel-1.0.9-48.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-48.el4_8.x86_64.rpm seamonkey-mail-1.0.9-48.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-48.el4_8.src.rpm i386: seamonkey-1.0.9-48.el4_8.i386.rpm seamonkey-chat-1.0.9-48.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-48.el4_8.i386.rpm seamonkey-devel-1.0.9-48.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-48.el4_8.i386.rpm seamonkey-mail-1.0.9-48.el4_8.i386.rpm ia64: seamonkey-1.0.9-48.el4_8.ia64.rpm seamonkey-chat-1.0.9-48.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-48.el4_8.ia64.rpm seamonkey-devel-1.0.9-48.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-48.el4_8.ia64.rpm seamonkey-mail-1.0.9-48.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-48.el4_8.x86_64.rpm seamonkey-chat-1.0.9-48.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-48.el4_8.x86_64.rpm seamonkey-devel-1.0.9-48.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-48.el4_8.x86_64.rpm seamonkey-mail-1.0.9-48.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-48.el4_8.src.rpm i386: seamonkey-1.0.9-48.el4_8.i386.rpm seamonkey-chat-1.0.9-48.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-48.el4_8.i386.rpm seamonkey-devel-1.0.9-48.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-48.el4_8.i386.rpm seamonkey-mail-1.0.9-48.el4_8.i386.rpm ia64: seamonkey-1.0.9-48.el4_8.ia64.rpm seamonkey-chat-1.0.9-48.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-48.el4_8.ia64.rpm seamonkey-devel-1.0.9-48.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-48.el4_8.ia64.rpm seamonkey-mail-1.0.9-48.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-48.el4_8.x86_64.rpm seamonkey-chat-1.0.9-48.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-48.el4_8.x86_64.rpm seamonkey-devel-1.0.9-48.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-48.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-48.el4_8.x86_64.rpm seamonkey-mail-1.0.9-48.el4_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKqD+rXlSAg2UNWIIRAhTfAKCH0OnSQzZxcmLNFGVt9VqKPF/idQCeL4n7 JxRipaOirbVGo9YXsS0c9Wk= =rQE+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 9 23:53:11 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Sep 2009 19:53:11 -0400 Subject: [RHSA-2009:1432-01] Critical: seamonkey security update Message-ID: <200909092353.n89NrBwj007308@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2009:1432-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1432.html Issue date: 2009-09-09 CVE Names: CVE-2009-2408 CVE-2009-2409 CVE-2009-2654 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) 510251 - CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly 521311 - CVE-2009-2654 firefox: URL bar spoofing vulnerability 521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes 521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes 521692 - CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal 521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.45.el3.src.rpm i386: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-chat-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-devel-1.0.9-0.45.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.45.el3.i386.rpm seamonkey-mail-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.45.el3.i386.rpm ia64: seamonkey-1.0.9-0.45.el3.ia64.rpm seamonkey-chat-1.0.9-0.45.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.ia64.rpm seamonkey-devel-1.0.9-0.45.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.45.el3.ia64.rpm seamonkey-mail-1.0.9-0.45.el3.ia64.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.ia64.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.45.el3.ia64.rpm ppc: seamonkey-1.0.9-0.45.el3.ppc.rpm seamonkey-chat-1.0.9-0.45.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.45.el3.ppc.rpm seamonkey-devel-1.0.9-0.45.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.45.el3.ppc.rpm seamonkey-mail-1.0.9-0.45.el3.ppc.rpm seamonkey-nspr-1.0.9-0.45.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.ppc.rpm seamonkey-nss-1.0.9-0.45.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.45.el3.ppc.rpm s390: seamonkey-1.0.9-0.45.el3.s390.rpm seamonkey-chat-1.0.9-0.45.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.45.el3.s390.rpm seamonkey-devel-1.0.9-0.45.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.45.el3.s390.rpm seamonkey-mail-1.0.9-0.45.el3.s390.rpm seamonkey-nspr-1.0.9-0.45.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.s390.rpm seamonkey-nss-1.0.9-0.45.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.45.el3.s390.rpm s390x: seamonkey-1.0.9-0.45.el3.s390x.rpm seamonkey-chat-1.0.9-0.45.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.45.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.45.el3.s390x.rpm seamonkey-devel-1.0.9-0.45.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.45.el3.s390x.rpm seamonkey-mail-1.0.9-0.45.el3.s390x.rpm seamonkey-nspr-1.0.9-0.45.el3.s390.rpm seamonkey-nspr-1.0.9-0.45.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.s390x.rpm seamonkey-nss-1.0.9-0.45.el3.s390.rpm seamonkey-nss-1.0.9-0.45.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.45.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-1.0.9-0.45.el3.x86_64.rpm seamonkey-chat-1.0.9-0.45.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.x86_64.rpm seamonkey-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.45.el3.x86_64.rpm seamonkey-mail-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.45.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.45.el3.src.rpm i386: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-chat-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-devel-1.0.9-0.45.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.45.el3.i386.rpm seamonkey-mail-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.45.el3.i386.rpm x86_64: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-1.0.9-0.45.el3.x86_64.rpm seamonkey-chat-1.0.9-0.45.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.x86_64.rpm seamonkey-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.45.el3.x86_64.rpm seamonkey-mail-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.45.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.45.el3.src.rpm i386: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-chat-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-devel-1.0.9-0.45.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.45.el3.i386.rpm seamonkey-mail-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.45.el3.i386.rpm ia64: seamonkey-1.0.9-0.45.el3.ia64.rpm seamonkey-chat-1.0.9-0.45.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.ia64.rpm seamonkey-devel-1.0.9-0.45.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.45.el3.ia64.rpm seamonkey-mail-1.0.9-0.45.el3.ia64.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.ia64.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.45.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-1.0.9-0.45.el3.x86_64.rpm seamonkey-chat-1.0.9-0.45.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.x86_64.rpm seamonkey-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.45.el3.x86_64.rpm seamonkey-mail-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.45.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.45.el3.src.rpm i386: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-chat-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-devel-1.0.9-0.45.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.45.el3.i386.rpm seamonkey-mail-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.45.el3.i386.rpm ia64: seamonkey-1.0.9-0.45.el3.ia64.rpm seamonkey-chat-1.0.9-0.45.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.ia64.rpm seamonkey-devel-1.0.9-0.45.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.45.el3.ia64.rpm seamonkey-mail-1.0.9-0.45.el3.ia64.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.ia64.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.45.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.45.el3.i386.rpm seamonkey-1.0.9-0.45.el3.x86_64.rpm seamonkey-chat-1.0.9-0.45.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.45.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.45.el3.x86_64.rpm seamonkey-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.45.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.45.el3.x86_64.rpm seamonkey-mail-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.45.el3.i386.rpm seamonkey-nspr-1.0.9-0.45.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-1.0.9-0.45.el3.i386.rpm seamonkey-nss-1.0.9-0.45.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.45.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKqD/UXlSAg2UNWIIRAiQCAKCuO5lkbfrBndvIqK3wEoxrRYxqigCfYp/3 Iynb/XHKIiazTq0NHRYvPS8= =tVnm -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 15 08:34:24 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Sep 2009 04:34:24 -0400 Subject: [RHSA-2009:1438-01] Important: kernel security and bug fix update Message-ID: <200909150834.n8F8YPfw010353@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1438-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1438.html Issue date: 2009-09-15 CVE Names: CVE-2009-1883 CVE-2009-1895 CVE-2009-2847 CVE-2009-2848 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2009-1895, Important) * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * Solar Designer reported a missing capability check in the z90crypt driver in the Linux kernel. This missing check could allow a local user with an effective user ID (euid) of 0 to bypass intended capability restrictions. (CVE-2009-1883, Moderate) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) This update also fixes the following bugs: * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers. Keeping these checks is a safety measure. (BZ#517964) * the Emulex LPFC driver has been updated to version 8.0.16.47, which fixes a memory leak that caused memory allocation failures and system hangs. (BZ#513192) * an error in the MPT Fusion driver makefile caused CSMI ioctls to not work with Serial Attached SCSI devices. (BZ#516184) * this update adds the mmap_min_addr tunable and restriction checks to help prevent unprivileged users from creating new memory mappings below the minimum address. This can help prevent the exploitation of NULL pointer deference bugs. Note that mmap_min_addr is set to zero (disabled) by default for backwards compatibility. (BZ#517904) * time-outs resulted in I/O errors being logged to "/var/log/messages" when running "mt erase" on tape drives using certain LSI MegaRAID SAS adapters, preventing the command from completing. The megaraid_sas driver's timeout value is now set to the OS layer value. (BZ#517965) * a locking issue caused the qla2xxx ioctl module to hang after encountering errors. This locking issue has been corrected. This ioctl module is used by the QLogic SAN management tools, such as SANsurfer and scli. (BZ#519428) * when a RAID 1 array that uses the mptscsi driver and the LSI 1030 controller became degraded, the whole array was detected as being offline, which could cause kernel panics at boot or data loss. (BZ#517295) * on 32-bit architectures, if a file was held open and frequently written for more than 25 days, it was possible that the kernel would stop flushing those writes to storage. (BZ#515255) * a memory allocation bug in ib_mthca prevented the driver from loading if it was loaded with large values for the "num_mpt=" and "num_mtt=" options. (BZ#518707) * with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. (BZ#519692) * a bug in __ptrace_unlink() caused it to create deadlocked and unkillable processes. (BZ#519446) * previously, multiple threads using the fcntl() F_SETLK command to synchronize file access caused a deadlock in posix_locks_deadlock(). This could cause a system hang. (BZ#519429) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 505983 - CVE-2009-1883 kernel: missing capability check in z90crypt 511171 - CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID 513192 - [Emulex 4.9 bug] DMA zone exhaustion from lpfc driver memory leak 515255 - NFS problems on RHEL 4 where logs show different lengths 515392 - CVE-2009-2847 kernel: information leak in sigaltstack 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid 516184 - MPT driver CC_CSMI_SAS_GET_CNTLR_CONFIG IOCTL fails [rhel-4.8.z] 517295 - Missing mptscsi RAID1 disk causes kernel panic when rebooted before array rebuild. [rhel-4.8.z] 517904 - kernel: security: implement mmap_min_addr infrastructure [rhel-4.8.z] 517964 - kernel: build with -fno-delete-null-pointer-checks [rhel-4.8.z] 517965 - MegaRAID SAS 1078 tape I/O errors when using mt erase [rhel-4.8.z] 518707 - num_mtt settings of 2097152 fails in RHEL with infiniband HCA [rhel-4.8.z] 519428 - [NetApp 4.8 bug] Issues with "qioctlmod" module on RHEL4.8 hosts with QLogic FC inbox drivers [rhel-4.8.z] 519429 - [RHEL 4] Lookups due to infinite loops in posix_locks_deadlock [rhel-4.8.z] 519446 - kernel: ptrace: don't use REMOVE_LINKS/SET_LINKS for reparenting [rhel-4.9] [rhel-4.8.z] 519692 - kernel: random: make get_random_int() more random [rhel-4.9] [rhel-4.8.z] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm i386: kernel-2.6.9-89.0.11.EL.i686.rpm kernel-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm ia64: kernel-2.6.9-89.0.11.EL.ia64.rpm kernel-2.6.9-89.0.11.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ia64.rpm kernel-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.11.EL.noarch.rpm kernel-doc-2.6.9-89.0.11.EL.noarch.rpm ppc: kernel-2.6.9-89.0.11.EL.ppc64.rpm kernel-2.6.9-89.0.11.EL.ppc64.rpm kernel-2.6.9-89.0.11.EL.ppc64iseries.rpm kernel-2.6.9-89.0.11.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.0.11.EL.ppc64.rpm kernel-devel-2.6.9-89.0.11.EL.ppc64.rpm kernel-devel-2.6.9-89.0.11.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.0.11.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.0.11.EL.ppc64.rpm kernel-largesmp-2.6.9-89.0.11.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ppc64.rpm s390: kernel-2.6.9-89.0.11.EL.s390.rpm kernel-2.6.9-89.0.11.EL.s390.rpm kernel-debuginfo-2.6.9-89.0.11.EL.s390.rpm kernel-debuginfo-2.6.9-89.0.11.EL.s390.rpm kernel-devel-2.6.9-89.0.11.EL.s390.rpm kernel-devel-2.6.9-89.0.11.EL.s390.rpm s390x: kernel-2.6.9-89.0.11.EL.s390x.rpm kernel-2.6.9-89.0.11.EL.s390x.rpm kernel-debuginfo-2.6.9-89.0.11.EL.s390x.rpm kernel-debuginfo-2.6.9-89.0.11.EL.s390x.rpm kernel-devel-2.6.9-89.0.11.EL.s390x.rpm kernel-devel-2.6.9-89.0.11.EL.s390x.rpm x86_64: kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm i386: kernel-2.6.9-89.0.11.EL.i686.rpm kernel-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm noarch: kernel-doc-2.6.9-89.0.11.EL.noarch.rpm kernel-doc-2.6.9-89.0.11.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm i386: kernel-2.6.9-89.0.11.EL.i686.rpm kernel-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm ia64: kernel-2.6.9-89.0.11.EL.ia64.rpm kernel-2.6.9-89.0.11.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ia64.rpm kernel-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.11.EL.noarch.rpm kernel-doc-2.6.9-89.0.11.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.11.EL.src.rpm i386: kernel-2.6.9-89.0.11.EL.i686.rpm kernel-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.i686.rpm ia64: kernel-2.6.9-89.0.11.EL.ia64.rpm kernel-2.6.9-89.0.11.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.ia64.rpm kernel-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.11.EL.noarch.rpm kernel-doc-2.6.9-89.0.11.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.11.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKr1F/XlSAg2UNWIIRAs6hAJ992ihzbQycIC8xIMGuarbZCw4eMQCgvXtg 76/lV6z1mNiKZ38TNElVe6M= =cIu4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 17 14:48:52 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Sep 2009 10:48:52 -0400 Subject: [RHSA-2009:1451-01] Moderate: freeradius security update Message-ID: <200909171448.n8HEmqGm018479@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: freeradius security update Advisory ID: RHSA-2009:1451-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1451.html Issue date: 2009-09-17 CVE Names: CVE-2009-3111 ===================================================================== 1. Summary: Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted RADIUS packet. (CVE-2009-3111) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 521912 - CVE-2009-3111 FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freeradius-1.1.3-1.5.el5_4.src.rpm i386: freeradius-1.1.3-1.5.el5_4.i386.rpm freeradius-debuginfo-1.1.3-1.5.el5_4.i386.rpm freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm x86_64: freeradius-1.1.3-1.5.el5_4.x86_64.rpm freeradius-debuginfo-1.1.3-1.5.el5_4.x86_64.rpm freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freeradius-1.1.3-1.5.el5_4.src.rpm i386: freeradius-1.1.3-1.5.el5_4.i386.rpm freeradius-debuginfo-1.1.3-1.5.el5_4.i386.rpm freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm ia64: freeradius-1.1.3-1.5.el5_4.ia64.rpm freeradius-debuginfo-1.1.3-1.5.el5_4.ia64.rpm freeradius-mysql-1.1.3-1.5.el5_4.ia64.rpm freeradius-postgresql-1.1.3-1.5.el5_4.ia64.rpm freeradius-unixODBC-1.1.3-1.5.el5_4.ia64.rpm ppc: freeradius-1.1.3-1.5.el5_4.ppc.rpm freeradius-debuginfo-1.1.3-1.5.el5_4.ppc.rpm freeradius-mysql-1.1.3-1.5.el5_4.ppc.rpm freeradius-postgresql-1.1.3-1.5.el5_4.ppc.rpm freeradius-unixODBC-1.1.3-1.5.el5_4.ppc.rpm s390x: freeradius-1.1.3-1.5.el5_4.s390x.rpm freeradius-debuginfo-1.1.3-1.5.el5_4.s390x.rpm freeradius-mysql-1.1.3-1.5.el5_4.s390x.rpm freeradius-postgresql-1.1.3-1.5.el5_4.s390x.rpm freeradius-unixODBC-1.1.3-1.5.el5_4.s390x.rpm x86_64: freeradius-1.1.3-1.5.el5_4.x86_64.rpm freeradius-debuginfo-1.1.3-1.5.el5_4.x86_64.rpm freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3111 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKskwjXlSAg2UNWIIRAnPPAJ9vZvP/Efrk3MpxKDQqrGn0jajFkACfUbwO 4X9lkzj5kYr7ocvnOEMgGv8= =IMZ0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 21 15:55:42 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Sep 2009 11:55:42 -0400 Subject: [RHSA-2009:1452-01] Moderate: neon security update Message-ID: <200909211555.n8LFtg3N013149@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: neon security update Advisory ID: RHSA-2009:1452-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1452.html Issue date: 2009-09-21 CVE Names: CVE-2009-2473 CVE-2009-2474 ===================================================================== 1. Summary: Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. It was discovered that neon is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse an application using the neon library into accepting it by mistake. (CVE-2009-2474) A denial of service flaw was found in the neon Extensible Markup Language (XML) parser. A remote attacker (malicious DAV server) could provide a specially-crafted XML document that would cause excessive memory and CPU consumption if an application using the neon XML parser was tricked into processing it. (CVE-2009-2473) All neon users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the neon HTTP and WebDAV client library, such as cadaver, must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 518215 - CVE-2009-2473 neon, gnome-vfs2 embedded neon: billion laughs DoS attack 518223 - CVE-2009-2474 neon: Improper verification of x509v3 certificate with NULL (zero) byte in certain fields 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/neon-0.24.7-4.el4_8.2.src.rpm i386: neon-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-devel-0.24.7-4.el4_8.2.i386.rpm ia64: neon-0.24.7-4.el4_8.2.i386.rpm neon-0.24.7-4.el4_8.2.ia64.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.ia64.rpm neon-devel-0.24.7-4.el4_8.2.ia64.rpm ppc: neon-0.24.7-4.el4_8.2.ppc.rpm neon-0.24.7-4.el4_8.2.ppc64.rpm neon-debuginfo-0.24.7-4.el4_8.2.ppc.rpm neon-debuginfo-0.24.7-4.el4_8.2.ppc64.rpm neon-devel-0.24.7-4.el4_8.2.ppc.rpm s390: neon-0.24.7-4.el4_8.2.s390.rpm neon-debuginfo-0.24.7-4.el4_8.2.s390.rpm neon-devel-0.24.7-4.el4_8.2.s390.rpm s390x: neon-0.24.7-4.el4_8.2.s390.rpm neon-0.24.7-4.el4_8.2.s390x.rpm neon-debuginfo-0.24.7-4.el4_8.2.s390.rpm neon-debuginfo-0.24.7-4.el4_8.2.s390x.rpm neon-devel-0.24.7-4.el4_8.2.s390x.rpm x86_64: neon-0.24.7-4.el4_8.2.i386.rpm neon-0.24.7-4.el4_8.2.x86_64.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.x86_64.rpm neon-devel-0.24.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/neon-0.24.7-4.el4_8.2.src.rpm i386: neon-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-devel-0.24.7-4.el4_8.2.i386.rpm x86_64: neon-0.24.7-4.el4_8.2.i386.rpm neon-0.24.7-4.el4_8.2.x86_64.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.x86_64.rpm neon-devel-0.24.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/neon-0.24.7-4.el4_8.2.src.rpm i386: neon-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-devel-0.24.7-4.el4_8.2.i386.rpm ia64: neon-0.24.7-4.el4_8.2.i386.rpm neon-0.24.7-4.el4_8.2.ia64.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.ia64.rpm neon-devel-0.24.7-4.el4_8.2.ia64.rpm x86_64: neon-0.24.7-4.el4_8.2.i386.rpm neon-0.24.7-4.el4_8.2.x86_64.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.x86_64.rpm neon-devel-0.24.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/neon-0.24.7-4.el4_8.2.src.rpm i386: neon-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-devel-0.24.7-4.el4_8.2.i386.rpm ia64: neon-0.24.7-4.el4_8.2.i386.rpm neon-0.24.7-4.el4_8.2.ia64.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.ia64.rpm neon-devel-0.24.7-4.el4_8.2.ia64.rpm x86_64: neon-0.24.7-4.el4_8.2.i386.rpm neon-0.24.7-4.el4_8.2.x86_64.rpm neon-debuginfo-0.24.7-4.el4_8.2.i386.rpm neon-debuginfo-0.24.7-4.el4_8.2.x86_64.rpm neon-devel-0.24.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/neon-0.25.5-10.el5_4.1.src.rpm i386: neon-0.25.5-10.el5_4.1.i386.rpm neon-debuginfo-0.25.5-10.el5_4.1.i386.rpm x86_64: neon-0.25.5-10.el5_4.1.i386.rpm neon-0.25.5-10.el5_4.1.x86_64.rpm neon-debuginfo-0.25.5-10.el5_4.1.i386.rpm neon-debuginfo-0.25.5-10.el5_4.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/neon-0.25.5-10.el5_4.1.src.rpm i386: neon-debuginfo-0.25.5-10.el5_4.1.i386.rpm neon-devel-0.25.5-10.el5_4.1.i386.rpm x86_64: neon-debuginfo-0.25.5-10.el5_4.1.i386.rpm neon-debuginfo-0.25.5-10.el5_4.1.x86_64.rpm neon-devel-0.25.5-10.el5_4.1.i386.rpm neon-devel-0.25.5-10.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/neon-0.25.5-10.el5_4.1.src.rpm i386: neon-0.25.5-10.el5_4.1.i386.rpm neon-debuginfo-0.25.5-10.el5_4.1.i386.rpm neon-devel-0.25.5-10.el5_4.1.i386.rpm ia64: neon-0.25.5-10.el5_4.1.ia64.rpm neon-debuginfo-0.25.5-10.el5_4.1.ia64.rpm neon-devel-0.25.5-10.el5_4.1.ia64.rpm ppc: neon-0.25.5-10.el5_4.1.ppc.rpm neon-0.25.5-10.el5_4.1.ppc64.rpm neon-debuginfo-0.25.5-10.el5_4.1.ppc.rpm neon-debuginfo-0.25.5-10.el5_4.1.ppc64.rpm neon-devel-0.25.5-10.el5_4.1.ppc.rpm neon-devel-0.25.5-10.el5_4.1.ppc64.rpm s390x: neon-0.25.5-10.el5_4.1.s390.rpm neon-0.25.5-10.el5_4.1.s390x.rpm neon-debuginfo-0.25.5-10.el5_4.1.s390.rpm neon-debuginfo-0.25.5-10.el5_4.1.s390x.rpm neon-devel-0.25.5-10.el5_4.1.s390.rpm neon-devel-0.25.5-10.el5_4.1.s390x.rpm x86_64: neon-0.25.5-10.el5_4.1.i386.rpm neon-0.25.5-10.el5_4.1.x86_64.rpm neon-debuginfo-0.25.5-10.el5_4.1.i386.rpm neon-debuginfo-0.25.5-10.el5_4.1.x86_64.rpm neon-devel-0.25.5-10.el5_4.1.i386.rpm neon-devel-0.25.5-10.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKt6HwXlSAg2UNWIIRAu2oAJ4risB4IoARBXb5EmGa3lM7hMUMvwCgh54a EWt982isJFdvbWrsh48+Ypg= =u2Hw -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 21 15:56:12 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Sep 2009 11:56:12 -0400 Subject: [RHSA-2009:1453-01] Moderate: pidgin security update Message-ID: <200909211556.n8LFuCmS005296@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pidgin security update Advisory ID: RHSA-2009:1453-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1453.html Issue date: 2009-09-21 CVE Names: CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3085 ===================================================================== 1. Summary: Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query (IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin. (CVE-2009-3085) A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703) It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the user to believe they are using an encrypted connection when they are not, leading to sensitive information disclosure (session sniffing). (CVE-2009-3026) A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083) These packages upgrade Pidgin to version 2.6.2. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users should upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 519224 - CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber servers 521823 - CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topic(s) (DoS) 521832 - CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite (DoS) 521853 - CVE-2009-3085 Pidgin: NULL pointer dereference by processing a custom smiley (DoS) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pidgin-2.6.2-2.el4.src.rpm i386: finch-2.6.2-2.el4.i386.rpm finch-devel-2.6.2-2.el4.i386.rpm libpurple-2.6.2-2.el4.i386.rpm libpurple-devel-2.6.2-2.el4.i386.rpm libpurple-perl-2.6.2-2.el4.i386.rpm libpurple-tcl-2.6.2-2.el4.i386.rpm pidgin-2.6.2-2.el4.i386.rpm pidgin-debuginfo-2.6.2-2.el4.i386.rpm pidgin-devel-2.6.2-2.el4.i386.rpm pidgin-perl-2.6.2-2.el4.i386.rpm ia64: finch-2.6.2-2.el4.ia64.rpm finch-devel-2.6.2-2.el4.ia64.rpm libpurple-2.6.2-2.el4.ia64.rpm libpurple-devel-2.6.2-2.el4.ia64.rpm libpurple-perl-2.6.2-2.el4.ia64.rpm libpurple-tcl-2.6.2-2.el4.ia64.rpm pidgin-2.6.2-2.el4.ia64.rpm pidgin-debuginfo-2.6.2-2.el4.ia64.rpm pidgin-devel-2.6.2-2.el4.ia64.rpm pidgin-perl-2.6.2-2.el4.ia64.rpm ppc: finch-2.6.2-2.el4.ppc.rpm finch-devel-2.6.2-2.el4.ppc.rpm libpurple-2.6.2-2.el4.ppc.rpm libpurple-devel-2.6.2-2.el4.ppc.rpm libpurple-perl-2.6.2-2.el4.ppc.rpm libpurple-tcl-2.6.2-2.el4.ppc.rpm pidgin-2.6.2-2.el4.ppc.rpm pidgin-debuginfo-2.6.2-2.el4.ppc.rpm pidgin-devel-2.6.2-2.el4.ppc.rpm pidgin-perl-2.6.2-2.el4.ppc.rpm x86_64: finch-2.6.2-2.el4.x86_64.rpm finch-devel-2.6.2-2.el4.x86_64.rpm libpurple-2.6.2-2.el4.x86_64.rpm libpurple-devel-2.6.2-2.el4.x86_64.rpm libpurple-perl-2.6.2-2.el4.x86_64.rpm libpurple-tcl-2.6.2-2.el4.x86_64.rpm pidgin-2.6.2-2.el4.x86_64.rpm pidgin-debuginfo-2.6.2-2.el4.x86_64.rpm pidgin-devel-2.6.2-2.el4.x86_64.rpm pidgin-perl-2.6.2-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pidgin-2.6.2-2.el4.src.rpm i386: finch-2.6.2-2.el4.i386.rpm finch-devel-2.6.2-2.el4.i386.rpm libpurple-2.6.2-2.el4.i386.rpm libpurple-devel-2.6.2-2.el4.i386.rpm libpurple-perl-2.6.2-2.el4.i386.rpm libpurple-tcl-2.6.2-2.el4.i386.rpm pidgin-2.6.2-2.el4.i386.rpm pidgin-debuginfo-2.6.2-2.el4.i386.rpm pidgin-devel-2.6.2-2.el4.i386.rpm pidgin-perl-2.6.2-2.el4.i386.rpm x86_64: finch-2.6.2-2.el4.x86_64.rpm finch-devel-2.6.2-2.el4.x86_64.rpm libpurple-2.6.2-2.el4.x86_64.rpm libpurple-devel-2.6.2-2.el4.x86_64.rpm libpurple-perl-2.6.2-2.el4.x86_64.rpm libpurple-tcl-2.6.2-2.el4.x86_64.rpm pidgin-2.6.2-2.el4.x86_64.rpm pidgin-debuginfo-2.6.2-2.el4.x86_64.rpm pidgin-devel-2.6.2-2.el4.x86_64.rpm pidgin-perl-2.6.2-2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pidgin-2.6.2-2.el4.src.rpm i386: finch-2.6.2-2.el4.i386.rpm finch-devel-2.6.2-2.el4.i386.rpm libpurple-2.6.2-2.el4.i386.rpm libpurple-devel-2.6.2-2.el4.i386.rpm libpurple-perl-2.6.2-2.el4.i386.rpm libpurple-tcl-2.6.2-2.el4.i386.rpm pidgin-2.6.2-2.el4.i386.rpm pidgin-debuginfo-2.6.2-2.el4.i386.rpm pidgin-devel-2.6.2-2.el4.i386.rpm pidgin-perl-2.6.2-2.el4.i386.rpm ia64: finch-2.6.2-2.el4.ia64.rpm finch-devel-2.6.2-2.el4.ia64.rpm libpurple-2.6.2-2.el4.ia64.rpm libpurple-devel-2.6.2-2.el4.ia64.rpm libpurple-perl-2.6.2-2.el4.ia64.rpm libpurple-tcl-2.6.2-2.el4.ia64.rpm pidgin-2.6.2-2.el4.ia64.rpm pidgin-debuginfo-2.6.2-2.el4.ia64.rpm pidgin-devel-2.6.2-2.el4.ia64.rpm pidgin-perl-2.6.2-2.el4.ia64.rpm x86_64: finch-2.6.2-2.el4.x86_64.rpm finch-devel-2.6.2-2.el4.x86_64.rpm libpurple-2.6.2-2.el4.x86_64.rpm libpurple-devel-2.6.2-2.el4.x86_64.rpm libpurple-perl-2.6.2-2.el4.x86_64.rpm libpurple-tcl-2.6.2-2.el4.x86_64.rpm pidgin-2.6.2-2.el4.x86_64.rpm pidgin-debuginfo-2.6.2-2.el4.x86_64.rpm pidgin-devel-2.6.2-2.el4.x86_64.rpm pidgin-perl-2.6.2-2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pidgin-2.6.2-2.el4.src.rpm i386: finch-2.6.2-2.el4.i386.rpm finch-devel-2.6.2-2.el4.i386.rpm libpurple-2.6.2-2.el4.i386.rpm libpurple-devel-2.6.2-2.el4.i386.rpm libpurple-perl-2.6.2-2.el4.i386.rpm libpurple-tcl-2.6.2-2.el4.i386.rpm pidgin-2.6.2-2.el4.i386.rpm pidgin-debuginfo-2.6.2-2.el4.i386.rpm pidgin-devel-2.6.2-2.el4.i386.rpm pidgin-perl-2.6.2-2.el4.i386.rpm ia64: finch-2.6.2-2.el4.ia64.rpm finch-devel-2.6.2-2.el4.ia64.rpm libpurple-2.6.2-2.el4.ia64.rpm libpurple-devel-2.6.2-2.el4.ia64.rpm libpurple-perl-2.6.2-2.el4.ia64.rpm libpurple-tcl-2.6.2-2.el4.ia64.rpm pidgin-2.6.2-2.el4.ia64.rpm pidgin-debuginfo-2.6.2-2.el4.ia64.rpm pidgin-devel-2.6.2-2.el4.ia64.rpm pidgin-perl-2.6.2-2.el4.ia64.rpm x86_64: finch-2.6.2-2.el4.x86_64.rpm finch-devel-2.6.2-2.el4.x86_64.rpm libpurple-2.6.2-2.el4.x86_64.rpm libpurple-devel-2.6.2-2.el4.x86_64.rpm libpurple-perl-2.6.2-2.el4.x86_64.rpm libpurple-tcl-2.6.2-2.el4.x86_64.rpm pidgin-2.6.2-2.el4.x86_64.rpm pidgin-debuginfo-2.6.2-2.el4.x86_64.rpm pidgin-devel-2.6.2-2.el4.x86_64.rpm pidgin-perl-2.6.2-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.2-2.el5.src.rpm i386: finch-2.6.2-2.el5.i386.rpm libpurple-2.6.2-2.el5.i386.rpm libpurple-perl-2.6.2-2.el5.i386.rpm libpurple-tcl-2.6.2-2.el5.i386.rpm pidgin-2.6.2-2.el5.i386.rpm pidgin-debuginfo-2.6.2-2.el5.i386.rpm pidgin-perl-2.6.2-2.el5.i386.rpm x86_64: finch-2.6.2-2.el5.i386.rpm finch-2.6.2-2.el5.x86_64.rpm libpurple-2.6.2-2.el5.i386.rpm libpurple-2.6.2-2.el5.x86_64.rpm libpurple-perl-2.6.2-2.el5.x86_64.rpm libpurple-tcl-2.6.2-2.el5.x86_64.rpm pidgin-2.6.2-2.el5.i386.rpm pidgin-2.6.2-2.el5.x86_64.rpm pidgin-debuginfo-2.6.2-2.el5.i386.rpm pidgin-debuginfo-2.6.2-2.el5.x86_64.rpm pidgin-perl-2.6.2-2.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.2-2.el5.src.rpm i386: finch-devel-2.6.2-2.el5.i386.rpm libpurple-devel-2.6.2-2.el5.i386.rpm pidgin-debuginfo-2.6.2-2.el5.i386.rpm pidgin-devel-2.6.2-2.el5.i386.rpm x86_64: finch-devel-2.6.2-2.el5.i386.rpm finch-devel-2.6.2-2.el5.x86_64.rpm libpurple-devel-2.6.2-2.el5.i386.rpm libpurple-devel-2.6.2-2.el5.x86_64.rpm pidgin-debuginfo-2.6.2-2.el5.i386.rpm pidgin-debuginfo-2.6.2-2.el5.x86_64.rpm pidgin-devel-2.6.2-2.el5.i386.rpm pidgin-devel-2.6.2-2.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pidgin-2.6.2-2.el5.src.rpm i386: finch-2.6.2-2.el5.i386.rpm finch-devel-2.6.2-2.el5.i386.rpm libpurple-2.6.2-2.el5.i386.rpm libpurple-devel-2.6.2-2.el5.i386.rpm libpurple-perl-2.6.2-2.el5.i386.rpm libpurple-tcl-2.6.2-2.el5.i386.rpm pidgin-2.6.2-2.el5.i386.rpm pidgin-debuginfo-2.6.2-2.el5.i386.rpm pidgin-devel-2.6.2-2.el5.i386.rpm pidgin-perl-2.6.2-2.el5.i386.rpm x86_64: finch-2.6.2-2.el5.i386.rpm finch-2.6.2-2.el5.x86_64.rpm finch-devel-2.6.2-2.el5.i386.rpm finch-devel-2.6.2-2.el5.x86_64.rpm libpurple-2.6.2-2.el5.i386.rpm libpurple-2.6.2-2.el5.x86_64.rpm libpurple-devel-2.6.2-2.el5.i386.rpm libpurple-devel-2.6.2-2.el5.x86_64.rpm libpurple-perl-2.6.2-2.el5.x86_64.rpm libpurple-tcl-2.6.2-2.el5.x86_64.rpm pidgin-2.6.2-2.el5.i386.rpm pidgin-2.6.2-2.el5.x86_64.rpm pidgin-debuginfo-2.6.2-2.el5.i386.rpm pidgin-debuginfo-2.6.2-2.el5.x86_64.rpm pidgin-devel-2.6.2-2.el5.i386.rpm pidgin-devel-2.6.2-2.el5.x86_64.rpm pidgin-perl-2.6.2-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085 http://www.redhat.com/security/updates/classification/#moderate http://xmpp.org/rfcs/rfc3920.html#stanzas-semantics-iq 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKt6IDXlSAg2UNWIIRAkB5AKCWlaxwTC9/X6tqYBYTOytmKnN++ACgtbvk JknVVejYErgfzo6OyrOovu8= =KVNz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 22 15:05:21 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Sep 2009 11:05:21 -0400 Subject: [RHSA-2009:1457-01] Important: kernel security update Message-ID: <200909221505.n8MF5M1o002745@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2009:1457-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1457.html Issue date: 2009-09-22 CVE Names: CVE-2009-1389 CVE-2009-2692 CVE-2009-2698 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.2.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 504726 - CVE-2009-1389 kernel: r8169: fix crash when large packets are received 516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc 518034 - CVE-2009-2698 kernel: udp socket NULL ptr dereference 6. Package List: Red Hat Enterprise Linux (v. 5.2.z server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.28.el5.src.rpm i386: kernel-2.6.18-92.1.28.el5.i686.rpm kernel-PAE-2.6.18-92.1.28.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.28.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.28.el5.i686.rpm kernel-debug-2.6.18-92.1.28.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.28.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.28.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.28.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.28.el5.i686.rpm kernel-devel-2.6.18-92.1.28.el5.i686.rpm kernel-headers-2.6.18-92.1.28.el5.i386.rpm kernel-xen-2.6.18-92.1.28.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.28.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.28.el5.i686.rpm ia64: kernel-2.6.18-92.1.28.el5.ia64.rpm kernel-debug-2.6.18-92.1.28.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.28.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.28.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.28.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.28.el5.ia64.rpm kernel-devel-2.6.18-92.1.28.el5.ia64.rpm kernel-headers-2.6.18-92.1.28.el5.ia64.rpm kernel-xen-2.6.18-92.1.28.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.28.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.28.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.28.el5.noarch.rpm ppc: kernel-2.6.18-92.1.28.el5.ppc64.rpm kernel-debug-2.6.18-92.1.28.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.28.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.28.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.28.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.28.el5.ppc64.rpm kernel-devel-2.6.18-92.1.28.el5.ppc64.rpm kernel-headers-2.6.18-92.1.28.el5.ppc.rpm kernel-headers-2.6.18-92.1.28.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.28.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.28.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.28.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.28.el5.s390x.rpm kernel-debug-2.6.18-92.1.28.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.28.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.28.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.28.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.28.el5.s390x.rpm kernel-devel-2.6.18-92.1.28.el5.s390x.rpm kernel-headers-2.6.18-92.1.28.el5.s390x.rpm kernel-kdump-2.6.18-92.1.28.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.28.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.28.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.28.el5.x86_64.rpm kernel-debug-2.6.18-92.1.28.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.28.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.28.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.28.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.28.el5.x86_64.rpm kernel-devel-2.6.18-92.1.28.el5.x86_64.rpm kernel-headers-2.6.18-92.1.28.el5.x86_64.rpm kernel-xen-2.6.18-92.1.28.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.28.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.28.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKuOeCXlSAg2UNWIIRAk+NAJ96pVuKDQZvWjEe4REJuq5jIdlSqACeNm9e 36g7TBNgSEUiYCcl4o2Uw5o= =Xisa -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 23 15:28:27 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Sep 2009 11:28:27 -0400 Subject: [RHSA-2009:1459-04] Important: cyrus-imapd security update Message-ID: <200909231528.n8NFSRhQ002706@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cyrus-imapd security update Advisory ID: RHSA-2009:1459-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1459.html Issue date: 2009-09-23 CVE Names: CVE-2009-2632 CVE-2009-3235 ===================================================================== 1. Summary: Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 521010 - CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve 523910 - CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cyrus-imapd-2.2.12-10.el4_8.4.src.rpm i386: cyrus-imapd-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpm perl-Cyrus-2.2.12-10.el4_8.4.i386.rpm ia64: cyrus-imapd-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.ia64.rpm perl-Cyrus-2.2.12-10.el4_8.4.ia64.rpm ppc: cyrus-imapd-2.2.12-10.el4_8.4.ppc.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.ppc.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.ppc.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.ppc.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.ppc.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.ppc.rpm perl-Cyrus-2.2.12-10.el4_8.4.ppc.rpm s390: cyrus-imapd-2.2.12-10.el4_8.4.s390.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.s390.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.s390.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.s390.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.s390.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.s390.rpm perl-Cyrus-2.2.12-10.el4_8.4.s390.rpm s390x: cyrus-imapd-2.2.12-10.el4_8.4.s390x.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.s390x.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.s390x.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.s390x.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.s390x.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.s390x.rpm perl-Cyrus-2.2.12-10.el4_8.4.s390x.rpm x86_64: cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpm perl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cyrus-imapd-2.2.12-10.el4_8.4.src.rpm i386: cyrus-imapd-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpm perl-Cyrus-2.2.12-10.el4_8.4.i386.rpm x86_64: cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpm perl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cyrus-imapd-2.2.12-10.el4_8.4.src.rpm i386: cyrus-imapd-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpm perl-Cyrus-2.2.12-10.el4_8.4.i386.rpm ia64: cyrus-imapd-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.ia64.rpm perl-Cyrus-2.2.12-10.el4_8.4.ia64.rpm x86_64: cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpm perl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cyrus-imapd-2.2.12-10.el4_8.4.src.rpm i386: cyrus-imapd-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpm perl-Cyrus-2.2.12-10.el4_8.4.i386.rpm ia64: cyrus-imapd-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.ia64.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.ia64.rpm perl-Cyrus-2.2.12-10.el4_8.4.ia64.rpm x86_64: cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpm cyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpm perl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cyrus-imapd-2.3.7-7.el5_4.3.src.rpm i386: cyrus-imapd-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-perl-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-utils-2.3.7-7.el5_4.3.i386.rpm x86_64: cyrus-imapd-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-perl-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-utils-2.3.7-7.el5_4.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cyrus-imapd-2.3.7-7.el5_4.3.src.rpm i386: cyrus-imapd-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-perl-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-utils-2.3.7-7.el5_4.3.i386.rpm ia64: cyrus-imapd-2.3.7-7.el5_4.3.ia64.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.ia64.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.ia64.rpm cyrus-imapd-perl-2.3.7-7.el5_4.3.ia64.rpm cyrus-imapd-utils-2.3.7-7.el5_4.3.ia64.rpm ppc: cyrus-imapd-2.3.7-7.el5_4.3.ppc.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.ppc.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.ppc64.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.ppc.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.ppc64.rpm cyrus-imapd-perl-2.3.7-7.el5_4.3.ppc.rpm cyrus-imapd-utils-2.3.7-7.el5_4.3.ppc.rpm s390x: cyrus-imapd-2.3.7-7.el5_4.3.s390x.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.s390.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.s390x.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.s390.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.s390x.rpm cyrus-imapd-perl-2.3.7-7.el5_4.3.s390x.rpm cyrus-imapd-utils-2.3.7-7.el5_4.3.s390x.rpm x86_64: cyrus-imapd-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-perl-2.3.7-7.el5_4.3.x86_64.rpm cyrus-imapd-utils-2.3.7-7.el5_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3235 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKuj3SXlSAg2UNWIIRAlDOAJ9Mv6K81o+GhCU/b0D0zt0+HpjasQCfRW/r DyTQFg0LOlGMCajRVruzyo8= =eIsi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 23 21:51:20 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Sep 2009 17:51:20 -0400 Subject: [RHSA-2009:1461-01] Important: Red Hat Application Stack v2.4 security and enhancement update Message-ID: <200909232151.n8NLpKCc028848@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Application Stack v2.4 security and enhancement update Advisory ID: RHSA-2009:1461-01 Product: Red Hat Application Stack Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1461.html Issue date: 2009-09-23 CVE Names: CVE-2008-4456 CVE-2009-2446 CVE-2009-2687 CVE-2009-3094 CVE-2009-3095 CVE-2009-3229 CVE-2009-3230 CVE-2009-3231 ===================================================================== 1. Summary: Red Hat Application Stack v2.4 is now available. This update fixes several security issues and adds various enhancements. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, noarch, x86_64 3. Description: Red Hat Application Stack v2.4 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform (EAP). JBoss EAP is provided through the JBoss EAP channels on the Red Hat Network. PostgreSQL was updated to version 8.2.14, fixing the following security issues: A flaw was found in the way PostgreSQL handles LDAP-based authentication. If PostgreSQL was configured to use LDAP authentication and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given database could use this flaw to log in as any database user, including a PostgreSQL superuser, without supplying a password. (CVE-2009-3231) It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0040 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handles external plug-ins. This flaw could allow remote, authenticated users without superuser privileges to crash the back-end server by using the LOAD command on libraries in "/var/lib/pgsql/plugins/" that have already been loaded, causing a temporary denial of service during crash recovery. (CVE-2009-3229) MySQL was updated to version 5.0.84, fixing the following security issues: An insufficient HTML entities quoting flaw was found in the mysql command line client's HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later retrieved using the mysql command line client and its HTML output mode, they could perform a cross-site scripting (XSS) attack against victims viewing the HTML output in a web browser. (CVE-2008-4456) Multiple format string flaws were found in the way the MySQL server logs user commands when creating and deleting databases. A remote, authenticated attacker with permissions to CREATE and DROP databases could use these flaws to formulate a specifically-crafted SQL command that would cause a temporary denial of service (open connections to mysqld are terminated). (CVE-2009-2446) Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld "--log" command line option or the "log" option in "/etc/my.cnf") must be enabled. This logging is not enabled by default. PHP was updated to version 5.2.10, fixing the following security issue: An insufficient input validation flaw was discovered in the PHP exif_read_data() function, used to read Exchangeable image file format (Exif) metadata from images. An attacker could create a specially-crafted image that could cause the PHP interpreter to crash or disclose portions of its memory while reading the Exif metadata from the image. (CVE-2009-2687) Apache httpd has been updated with backported patches to correct the following security issues: A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. (CVE-2009-3094) A second flaw was found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. (CVE-2009-3095) Also, the following packages have been updated: * postgresql-jdbc to 8.2.510 * php-pear to 1.8.1 * perl-DBI to 1.609 * perl-DBD-MySQL to 4.012 All users should upgrade to these updated packages, which resolve these issues. Users must restart the individual services, including postgresql, mysqld, and httpd, for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 466518 - CVE-2008-4456 mysql: mysql command line client XSS flaw 506896 - CVE-2009-2687 php: exif_read_data crash on corrupted JPEG files 511020 - CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash) 521619 - CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply 522084 - CVE-2009-3231 postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed 522085 - CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600 522092 - CVE-2009-3229 postgresql: authenticated user server DoS via plugin re-LOAD-ing 522209 - CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header 6. Package List: Red Hat Application Stack v2 for Enterprise Linux (v.5): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/httpd-2.2.13-2.el5s2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/mysql-5.0.84-2.el5s2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/perl-DBD-MySQL-4.012-1.el5s2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/perl-DBI-1.609-1.el5s2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/php-5.2.10-1.el5s2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/php-pear-1.8.1-2.el5s2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/postgresql-8.2.14-1.el5s2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/postgresql-jdbc-8.2.510-1jpp.el5s2.src.rpm i386: httpd-2.2.13-2.el5s2.i386.rpm httpd-debuginfo-2.2.13-2.el5s2.i386.rpm httpd-devel-2.2.13-2.el5s2.i386.rpm httpd-manual-2.2.13-2.el5s2.i386.rpm mod_ssl-2.2.13-2.el5s2.i386.rpm mysql-5.0.84-2.el5s2.i386.rpm mysql-bench-5.0.84-2.el5s2.i386.rpm mysql-cluster-5.0.84-2.el5s2.i386.rpm mysql-debuginfo-5.0.84-2.el5s2.i386.rpm mysql-devel-5.0.84-2.el5s2.i386.rpm mysql-libs-5.0.84-2.el5s2.i386.rpm mysql-server-5.0.84-2.el5s2.i386.rpm mysql-test-5.0.84-2.el5s2.i386.rpm perl-DBD-MySQL-4.012-1.el5s2.i386.rpm perl-DBD-MySQL-debuginfo-4.012-1.el5s2.i386.rpm perl-DBI-1.609-1.el5s2.i386.rpm perl-DBI-debuginfo-1.609-1.el5s2.i386.rpm php-5.2.10-1.el5s2.i386.rpm php-bcmath-5.2.10-1.el5s2.i386.rpm php-cli-5.2.10-1.el5s2.i386.rpm php-common-5.2.10-1.el5s2.i386.rpm php-dba-5.2.10-1.el5s2.i386.rpm php-debuginfo-5.2.10-1.el5s2.i386.rpm php-devel-5.2.10-1.el5s2.i386.rpm php-gd-5.2.10-1.el5s2.i386.rpm php-imap-5.2.10-1.el5s2.i386.rpm php-ldap-5.2.10-1.el5s2.i386.rpm php-mbstring-5.2.10-1.el5s2.i386.rpm php-mysql-5.2.10-1.el5s2.i386.rpm php-ncurses-5.2.10-1.el5s2.i386.rpm php-odbc-5.2.10-1.el5s2.i386.rpm php-pdo-5.2.10-1.el5s2.i386.rpm php-pgsql-5.2.10-1.el5s2.i386.rpm php-snmp-5.2.10-1.el5s2.i386.rpm php-soap-5.2.10-1.el5s2.i386.rpm php-xml-5.2.10-1.el5s2.i386.rpm php-xmlrpc-5.2.10-1.el5s2.i386.rpm postgresql-8.2.14-1.el5s2.i386.rpm postgresql-contrib-8.2.14-1.el5s2.i386.rpm postgresql-debuginfo-8.2.14-1.el5s2.i386.rpm postgresql-devel-8.2.14-1.el5s2.i386.rpm postgresql-docs-8.2.14-1.el5s2.i386.rpm postgresql-jdbc-8.2.510-1jpp.el5s2.i386.rpm postgresql-jdbc-debuginfo-8.2.510-1jpp.el5s2.i386.rpm postgresql-libs-8.2.14-1.el5s2.i386.rpm postgresql-plperl-8.2.14-1.el5s2.i386.rpm postgresql-plpython-8.2.14-1.el5s2.i386.rpm postgresql-pltcl-8.2.14-1.el5s2.i386.rpm postgresql-python-8.2.14-1.el5s2.i386.rpm postgresql-server-8.2.14-1.el5s2.i386.rpm postgresql-tcl-8.2.14-1.el5s2.i386.rpm postgresql-test-8.2.14-1.el5s2.i386.rpm noarch: php-pear-1.8.1-2.el5s2.noarch.rpm x86_64: httpd-2.2.13-2.el5s2.x86_64.rpm httpd-debuginfo-2.2.13-2.el5s2.i386.rpm httpd-debuginfo-2.2.13-2.el5s2.x86_64.rpm httpd-devel-2.2.13-2.el5s2.i386.rpm httpd-devel-2.2.13-2.el5s2.x86_64.rpm httpd-manual-2.2.13-2.el5s2.x86_64.rpm mod_ssl-2.2.13-2.el5s2.x86_64.rpm mysql-5.0.84-2.el5s2.i386.rpm mysql-5.0.84-2.el5s2.x86_64.rpm mysql-bench-5.0.84-2.el5s2.x86_64.rpm mysql-cluster-5.0.84-2.el5s2.x86_64.rpm mysql-debuginfo-5.0.84-2.el5s2.i386.rpm mysql-debuginfo-5.0.84-2.el5s2.x86_64.rpm mysql-devel-5.0.84-2.el5s2.i386.rpm mysql-devel-5.0.84-2.el5s2.x86_64.rpm mysql-libs-5.0.84-2.el5s2.i386.rpm mysql-libs-5.0.84-2.el5s2.x86_64.rpm mysql-server-5.0.84-2.el5s2.x86_64.rpm mysql-test-5.0.84-2.el5s2.x86_64.rpm perl-DBD-MySQL-4.012-1.el5s2.x86_64.rpm perl-DBD-MySQL-debuginfo-4.012-1.el5s2.x86_64.rpm perl-DBI-1.609-1.el5s2.x86_64.rpm perl-DBI-debuginfo-1.609-1.el5s2.x86_64.rpm php-5.2.10-1.el5s2.x86_64.rpm php-bcmath-5.2.10-1.el5s2.x86_64.rpm php-cli-5.2.10-1.el5s2.x86_64.rpm php-common-5.2.10-1.el5s2.x86_64.rpm php-dba-5.2.10-1.el5s2.x86_64.rpm php-debuginfo-5.2.10-1.el5s2.x86_64.rpm php-devel-5.2.10-1.el5s2.x86_64.rpm php-gd-5.2.10-1.el5s2.x86_64.rpm php-imap-5.2.10-1.el5s2.x86_64.rpm php-ldap-5.2.10-1.el5s2.x86_64.rpm php-mbstring-5.2.10-1.el5s2.x86_64.rpm php-mysql-5.2.10-1.el5s2.x86_64.rpm php-ncurses-5.2.10-1.el5s2.x86_64.rpm php-odbc-5.2.10-1.el5s2.x86_64.rpm php-pdo-5.2.10-1.el5s2.x86_64.rpm php-pgsql-5.2.10-1.el5s2.x86_64.rpm php-snmp-5.2.10-1.el5s2.x86_64.rpm php-soap-5.2.10-1.el5s2.x86_64.rpm php-xml-5.2.10-1.el5s2.x86_64.rpm php-xmlrpc-5.2.10-1.el5s2.x86_64.rpm postgresql-8.2.14-1.el5s2.x86_64.rpm postgresql-contrib-8.2.14-1.el5s2.x86_64.rpm postgresql-debuginfo-8.2.14-1.el5s2.i386.rpm postgresql-debuginfo-8.2.14-1.el5s2.x86_64.rpm postgresql-devel-8.2.14-1.el5s2.i386.rpm postgresql-devel-8.2.14-1.el5s2.x86_64.rpm postgresql-docs-8.2.14-1.el5s2.x86_64.rpm postgresql-jdbc-8.2.510-1jpp.el5s2.x86_64.rpm postgresql-jdbc-debuginfo-8.2.510-1jpp.el5s2.x86_64.rpm postgresql-libs-8.2.14-1.el5s2.i386.rpm postgresql-libs-8.2.14-1.el5s2.x86_64.rpm postgresql-plperl-8.2.14-1.el5s2.x86_64.rpm postgresql-plpython-8.2.14-1.el5s2.x86_64.rpm postgresql-pltcl-8.2.14-1.el5s2.x86_64.rpm postgresql-python-8.2.14-1.el5s2.x86_64.rpm postgresql-server-8.2.14-1.el5s2.x86_64.rpm postgresql-tcl-8.2.14-1.el5s2.x86_64.rpm postgresql-test-8.2.14-1.el5s2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKupg9XlSAg2UNWIIRAgcCAJ9zN2IdEV695/K9vdqLfujl8HQXfgCgnju5 cbqFD4b56PqnVC0IXfdnA+E= =vy7A -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 24 19:27:21 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Sep 2009 15:27:21 -0400 Subject: [RHSA-2009:1463-01] Moderate: newt security update Message-ID: <200909241927.n8OJRLlb012224@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: newt security update Advisory ID: RHSA-2009:1463-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1463.html Issue date: 2009-09-24 CVE Names: CVE-2009-2905 ===================================================================== 1. Summary: Updated newt packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Newt is a programming library for color text mode, widget-based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, and so on, to text mode user interfaces. A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. (CVE-2009-2905) Users of newt should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all applications using the newt library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 523955 - CVE-2009-2905 newt: heap-overflow in textbox when text reflowing 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/newt-0.51.5-2.el3.src.rpm i386: newt-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-devel-0.51.5-2.el3.i386.rpm ia64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.ia64.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.ia64.rpm newt-devel-0.51.5-2.el3.ia64.rpm ppc: newt-0.51.5-2.el3.ppc.rpm newt-0.51.5-2.el3.ppc64.rpm newt-debuginfo-0.51.5-2.el3.ppc.rpm newt-debuginfo-0.51.5-2.el3.ppc64.rpm newt-devel-0.51.5-2.el3.ppc.rpm s390: newt-0.51.5-2.el3.s390.rpm newt-debuginfo-0.51.5-2.el3.s390.rpm newt-devel-0.51.5-2.el3.s390.rpm s390x: newt-0.51.5-2.el3.s390.rpm newt-0.51.5-2.el3.s390x.rpm newt-debuginfo-0.51.5-2.el3.s390.rpm newt-debuginfo-0.51.5-2.el3.s390x.rpm newt-devel-0.51.5-2.el3.s390x.rpm x86_64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.x86_64.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.x86_64.rpm newt-devel-0.51.5-2.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/newt-0.51.5-2.el3.src.rpm i386: newt-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-devel-0.51.5-2.el3.i386.rpm x86_64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.x86_64.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.x86_64.rpm newt-devel-0.51.5-2.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/newt-0.51.5-2.el3.src.rpm i386: newt-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-devel-0.51.5-2.el3.i386.rpm ia64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.ia64.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.ia64.rpm newt-devel-0.51.5-2.el3.ia64.rpm x86_64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.x86_64.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.x86_64.rpm newt-devel-0.51.5-2.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/newt-0.51.5-2.el3.src.rpm i386: newt-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-devel-0.51.5-2.el3.i386.rpm ia64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.ia64.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.ia64.rpm newt-devel-0.51.5-2.el3.ia64.rpm x86_64: newt-0.51.5-2.el3.i386.rpm newt-0.51.5-2.el3.x86_64.rpm newt-debuginfo-0.51.5-2.el3.i386.rpm newt-debuginfo-0.51.5-2.el3.x86_64.rpm newt-devel-0.51.5-2.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/newt-0.51.6-10.el4_8.1.src.rpm i386: newt-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-devel-0.51.6-10.el4_8.1.i386.rpm ia64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.ia64.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.ia64.rpm newt-devel-0.51.6-10.el4_8.1.ia64.rpm ppc: newt-0.51.6-10.el4_8.1.ppc.rpm newt-0.51.6-10.el4_8.1.ppc64.rpm newt-debuginfo-0.51.6-10.el4_8.1.ppc.rpm newt-debuginfo-0.51.6-10.el4_8.1.ppc64.rpm newt-devel-0.51.6-10.el4_8.1.ppc.rpm s390: newt-0.51.6-10.el4_8.1.s390.rpm newt-debuginfo-0.51.6-10.el4_8.1.s390.rpm newt-devel-0.51.6-10.el4_8.1.s390.rpm s390x: newt-0.51.6-10.el4_8.1.s390.rpm newt-0.51.6-10.el4_8.1.s390x.rpm newt-debuginfo-0.51.6-10.el4_8.1.s390.rpm newt-debuginfo-0.51.6-10.el4_8.1.s390x.rpm newt-devel-0.51.6-10.el4_8.1.s390x.rpm x86_64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.x86_64.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.x86_64.rpm newt-devel-0.51.6-10.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/newt-0.51.6-10.el4_8.1.src.rpm i386: newt-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-devel-0.51.6-10.el4_8.1.i386.rpm x86_64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.x86_64.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.x86_64.rpm newt-devel-0.51.6-10.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/newt-0.51.6-10.el4_8.1.src.rpm i386: newt-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-devel-0.51.6-10.el4_8.1.i386.rpm ia64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.ia64.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.ia64.rpm newt-devel-0.51.6-10.el4_8.1.ia64.rpm x86_64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.x86_64.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.x86_64.rpm newt-devel-0.51.6-10.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/newt-0.51.6-10.el4_8.1.src.rpm i386: newt-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-devel-0.51.6-10.el4_8.1.i386.rpm ia64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.ia64.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.ia64.rpm newt-devel-0.51.6-10.el4_8.1.ia64.rpm x86_64: newt-0.51.6-10.el4_8.1.i386.rpm newt-0.51.6-10.el4_8.1.x86_64.rpm newt-debuginfo-0.51.6-10.el4_8.1.i386.rpm newt-debuginfo-0.51.6-10.el4_8.1.x86_64.rpm newt-devel-0.51.6-10.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/newt-0.52.2-12.el5_4.1.src.rpm i386: newt-0.52.2-12.el5_4.1.i386.rpm newt-debuginfo-0.52.2-12.el5_4.1.i386.rpm x86_64: newt-0.52.2-12.el5_4.1.i386.rpm newt-0.52.2-12.el5_4.1.x86_64.rpm newt-debuginfo-0.52.2-12.el5_4.1.i386.rpm newt-debuginfo-0.52.2-12.el5_4.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/newt-0.52.2-12.el5_4.1.src.rpm i386: newt-debuginfo-0.52.2-12.el5_4.1.i386.rpm newt-devel-0.52.2-12.el5_4.1.i386.rpm x86_64: newt-debuginfo-0.52.2-12.el5_4.1.i386.rpm newt-debuginfo-0.52.2-12.el5_4.1.x86_64.rpm newt-devel-0.52.2-12.el5_4.1.i386.rpm newt-devel-0.52.2-12.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/newt-0.52.2-12.el5_4.1.src.rpm i386: newt-0.52.2-12.el5_4.1.i386.rpm newt-debuginfo-0.52.2-12.el5_4.1.i386.rpm newt-devel-0.52.2-12.el5_4.1.i386.rpm ia64: newt-0.52.2-12.el5_4.1.ia64.rpm newt-debuginfo-0.52.2-12.el5_4.1.ia64.rpm newt-devel-0.52.2-12.el5_4.1.ia64.rpm ppc: newt-0.52.2-12.el5_4.1.ppc.rpm newt-0.52.2-12.el5_4.1.ppc64.rpm newt-debuginfo-0.52.2-12.el5_4.1.ppc.rpm newt-debuginfo-0.52.2-12.el5_4.1.ppc64.rpm newt-devel-0.52.2-12.el5_4.1.ppc.rpm newt-devel-0.52.2-12.el5_4.1.ppc64.rpm s390x: newt-0.52.2-12.el5_4.1.s390.rpm newt-0.52.2-12.el5_4.1.s390x.rpm newt-debuginfo-0.52.2-12.el5_4.1.s390.rpm newt-debuginfo-0.52.2-12.el5_4.1.s390x.rpm newt-devel-0.52.2-12.el5_4.1.s390.rpm newt-devel-0.52.2-12.el5_4.1.s390x.rpm x86_64: newt-0.52.2-12.el5_4.1.i386.rpm newt-0.52.2-12.el5_4.1.x86_64.rpm newt-debuginfo-0.52.2-12.el5_4.1.i386.rpm newt-debuginfo-0.52.2-12.el5_4.1.x86_64.rpm newt-devel-0.52.2-12.el5_4.1.i386.rpm newt-devel-0.52.2-12.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKu8cqXlSAg2UNWIIRAj5rAJ93NojFMID2+HqRFyZ+LIdAKpXa5wCeLZhS 8OoeiLToCoMt/vAvwDtSfbU= =0947 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 29 16:17:29 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 29 Sep 2009 12:17:29 -0400 Subject: [RHSA-2009:1465-01] Important: kvm security and bug fix update Message-ID: <200909291617.n8TGHTDs004109@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security and bug fix update Advisory ID: RHSA-2009:1465-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1465.html Issue date: 2009-09-29 CVE Names: CVE-2009-3290 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. The kvm_emulate_hypercall() implementation was missing a check for the Current Privilege Level (CPL). A local, unprivileged user in a virtual machine could use this flaw to cause a local denial of service or escalate their privileges within that virtual machine. (CVE-2009-3290) This update also fixes the following bugs: * non-maskable interrupts (NMI) were not supported on systems with AMD processors. As a consequence, Windows Server 2008 R2 guests running with more than one virtual CPU assigned on systems with AMD processors would hang at the Windows shut down screen when a restart was attempted. This update adds support for NMI filtering on systems with AMD processors, allowing clean restarts of Windows Server 2008 R2 guests running with multiple virtual CPUs. (BZ#520694) * significant performance issues for guests running 64-bit editions of Windows. This update improves performance for guests running 64-bit editions of Windows. (BZ#521793) * Windows guests may have experienced time drift. (BZ#521794) * removing the Red Hat VirtIO Ethernet Adapter from a guest running Windows Server 2008 R2 caused KVM to crash. With this update, device removal should not cause this issue. (BZ#524557) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update takes effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 The following procedure must be performed before this update takes effect: 1. Stop all KVM guest virtual machines. 2. Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3. Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 520694 - NMI filtering for AMD (Windows 2008 R2 KVM guest can not restart when set it as multiple cpus) 521793 - windows 64 bit does vmexit on each cr8 access. 521794 - rtc-td-hack stopped working. Time drifts in windows 524124 - CVE-2009-3290 kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 524557 - QEMU crash (during virtio-net WHQL tests for Win2008 R2) 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-105.el5_4.7.src.rpm x86_64: kmod-kvm-83-105.el5_4.7.x86_64.rpm kvm-83-105.el5_4.7.x86_64.rpm kvm-debuginfo-83-105.el5_4.7.x86_64.rpm kvm-qemu-img-83-105.el5_4.7.x86_64.rpm kvm-tools-83-105.el5_4.7.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-105.el5_4.7.src.rpm x86_64: kmod-kvm-83-105.el5_4.7.x86_64.rpm kvm-83-105.el5_4.7.x86_64.rpm kvm-debuginfo-83-105.el5_4.7.x86_64.rpm kvm-qemu-img-83-105.el5_4.7.x86_64.rpm kvm-tools-83-105.el5_4.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3290 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKwjL+XlSAg2UNWIIRAqNAAJ49kD0ZXnry24TTWuwcPryiP57fyQCdH8ti jVVIrtZL3kSy1/zfUBjWWd0= =D9md -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 29 16:17:52 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 29 Sep 2009 12:17:52 -0400 Subject: [RHSA-2009:1466-01] Important: kernel security and bug fix update Message-ID: <200909291617.n8TGHq8T012257@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1466-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1466.html Issue date: 2009-09-29 CVE Names: CVE-2009-2847 CVE-2009-2848 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.3 Extended Update Support as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.4 update, RHSA-2009:1243. In accordance with the support policy, future security updates to Red Hat Enterprise Linux 5.3 Extended Update Support will only include issues of critical security impact. This update fixes the following security issues: * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) This update also fixes the following bugs: * a regression was found in the SCSI retry logic: SCSI mode select was not retried when retryable errors were encountered. In Device-Mapper Multipath environments, this could cause paths to fail, or possibly prevent successful failover. (BZ#506905) * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers, and keeping these checks is considered a safety measure. (BZ#515468) * due to incorrect APIC timer calibration, a system hang could have occurred while booting certain systems. This incorrect timer calibration could have also caused the system time to become faster or slower. With this update, it is still possible for APIC timer calibration issues to occur; however, a clear warning is now provided if they do. (BZ#521237) * gettimeofday() experienced poor performance (which caused performance problems for applications using gettimeofday()) when running on hypervisors that use hardware assisted virtualization. With this update, MFENCE/LFENCE is used instead of CPUID for gettimeofday() serialization, which resolves this issue. (BZ#523280) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 506905 - LTC 49790: Sync up SCSI DH code with mainline changes [rhel-5.3.z] 515392 - CVE-2009-2847 kernel: information leak in sigaltstack 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid 515468 - kernel: build with -fno-delete-null-pointer-checks [rhel-5.3.z] 521237 - [RHEL 5] Hang on boot due to wrong APIC timer calibration [rhel-5.3.z] 523280 - RFE: improve gettimeofday performance on hypervisors [rhel-5.3.z] 6. Package List: Red Hat Enterprise Linux (v. 5.3.z server): i386: kernel-2.6.18-128.8.1.el5.i686.rpm kernel-PAE-2.6.18-128.8.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-128.8.1.el5.i686.rpm kernel-PAE-devel-2.6.18-128.8.1.el5.i686.rpm kernel-debug-2.6.18-128.8.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-128.8.1.el5.i686.rpm kernel-debug-devel-2.6.18-128.8.1.el5.i686.rpm kernel-debuginfo-2.6.18-128.8.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-128.8.1.el5.i686.rpm kernel-devel-2.6.18-128.8.1.el5.i686.rpm kernel-headers-2.6.18-128.8.1.el5.i386.rpm kernel-xen-2.6.18-128.8.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-128.8.1.el5.i686.rpm kernel-xen-devel-2.6.18-128.8.1.el5.i686.rpm ia64: kernel-2.6.18-128.8.1.el5.ia64.rpm kernel-debug-2.6.18-128.8.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-128.8.1.el5.ia64.rpm kernel-debug-devel-2.6.18-128.8.1.el5.ia64.rpm kernel-debuginfo-2.6.18-128.8.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-128.8.1.el5.ia64.rpm kernel-devel-2.6.18-128.8.1.el5.ia64.rpm kernel-headers-2.6.18-128.8.1.el5.ia64.rpm kernel-xen-2.6.18-128.8.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-128.8.1.el5.ia64.rpm kernel-xen-devel-2.6.18-128.8.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-128.8.1.el5.noarch.rpm ppc: kernel-2.6.18-128.8.1.el5.ppc64.rpm kernel-debug-2.6.18-128.8.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-128.8.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-128.8.1.el5.ppc64.rpm kernel-devel-2.6.18-128.8.1.el5.ppc64.rpm kernel-headers-2.6.18-128.8.1.el5.ppc.rpm kernel-headers-2.6.18-128.8.1.el5.ppc64.rpm kernel-kdump-2.6.18-128.8.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-128.8.1.el5.ppc64.rpm s390x: kernel-2.6.18-128.8.1.el5.s390x.rpm kernel-debug-2.6.18-128.8.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-128.8.1.el5.s390x.rpm kernel-debug-devel-2.6.18-128.8.1.el5.s390x.rpm kernel-debuginfo-2.6.18-128.8.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-128.8.1.el5.s390x.rpm kernel-devel-2.6.18-128.8.1.el5.s390x.rpm kernel-headers-2.6.18-128.8.1.el5.s390x.rpm kernel-kdump-2.6.18-128.8.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-128.8.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-128.8.1.el5.s390x.rpm x86_64: kernel-2.6.18-128.8.1.el5.x86_64.rpm kernel-debug-2.6.18-128.8.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.8.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-128.8.1.el5.x86_64.rpm kernel-devel-2.6.18-128.8.1.el5.x86_64.rpm kernel-headers-2.6.18-128.8.1.el5.x86_64.rpm kernel-xen-2.6.18-128.8.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.8.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKwjMlXlSAg2UNWIIRAkYKAJ4tHjqVF8SG2mPzo/Sw/SYXzkLW7QCdHZkM rZ/np7FbkVx8zWpyzTlQ8wQ= =9r2o -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 29 19:48:44 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 29 Sep 2009 15:48:44 -0400 Subject: [RHSA-2009:1455-01] Moderate: kernel security and bug fix update Message-ID: <200909291948.n8TJmjtT026304@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2009:1455-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1455.html Issue date: 2009-09-29 CVE Names: CVE-2009-2849 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * a NULL pointer dereference flaw was found in the Multiple Devices (md) driver in the Linux kernel. If the "suspend_lo" or "suspend_hi" file on the sysfs file system ("/sys/") is modified when the disk array is inactive, it could lead to a local denial of service or privilege escalation. Note: By default, only the root user can write to the files mentioned above. (CVE-2009-2849, Moderate) Bug fixes: * a bug in nlm_lookup_host() could lead to un-reclaimed locks on file systems, resulting in umount failing and NFS service relocation issues for clusters. (BZ#517967) * a bug in the sky2 driver prevented the phy from being reset properly on some hardware when it hanged, preventing a link from coming back up. (BZ#517976) * disabling MSI-X for qla2xxx also disabled MSI interrupts. (BZ#519782) * performance issues with reads when using the qlge driver on PowerPC systems. A system hang could also occur during reboot. (BZ#519783) * unreliable time keeping for Red Hat Enterprise Linux virtual machines. The KVM pvclock code is now used to detect/correct lost ticks. (BZ#520685) * /proc/cpuinfo was missing flags for new features in supported processors, possibly preventing the operating system and applications from getting the best performance. (BZ#520686) * reading/writing with a serial loopback device on a certain IBM system did not work unless booted with "pnpacpi=off". (BZ#520905) * mlx4_core failed to load on systems with more than 32 CPUs. (BZ#520906) * on big-endian platforms, interfaces using the mlx4_en driver and Large Receive Offload (LRO) did not handle VLAN traffic properly (a segmentation fault in the VLAN stack in the kernel occurred). (BZ#520908) * due to a lock being held for a long time, some systems may have experienced "BUG: soft lockup" messages under very heavy load. (BZ#520919) * incorrect APIC timer calibration may have caused a system hang during boot, as well as the system time becoming faster or slower. A warning is now provided. (BZ#521238) * a Fibre Channel device re-scan via 'echo "---" > /sys/class/scsi_host/ host[x]/scan' may not complete after hot adding a drive, leading to soft lockups ("BUG: soft lockup detected"). (BZ#521239) * the Broadcom BCM5761 network device was unable to be initialized properly; therefore, the associated interface could not obtain an IP address via DHCP, or be assigned one manually. (BZ#521241) * when a process attempted to read from a page that had first been accessed by writing to part of it (via write(2)), the NFS client needed to flush the modified portion of the page out to the server, and then read the entire page back in. This flush caused performance issues. (BZ#521244) * a kernel panic when using bnx2x devices and LRO in a bridge. A warning is now provided to disable LRO in these situations. (BZ#522636) * the scsi_dh_rdac driver was updated to recognize the Sun StorageTek Flexline 380. (BZ#523237) * in FIPS mode, random number generators are required to not return the first block of random data they generate, but rather save it to seed the repetition check. This update brings the random number generator into conformance. (BZ#523289) * an option to disable/enable the use of the first random block is now provided to bring ansi_cprng into compliance with FIPS-140 continuous test requirements. (BZ#523290) * running the SAP Linux Certification Suite in a KVM guest caused severe SAP kernel errors, causing it to exit. (BZ#524150) * attempting to 'online' a CPU for a KVM guest via sysfs caused a system crash. (BZ#524151) * when using KVM, pvclock returned bogus wallclock values. (BZ#524152) * the clock could go backwards when using the vsyscall infrastructure. (BZ#524527) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 517967 - Bug in lockd prevents a locks being freed. [rhel-5.4.z] 517976 - [RHEL 5] sky2 eth0: receiver hang detected [rhel-5.4.z] 518132 - CVE-2009-2849 kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes 519782 - [QLogic 5.5 bug] qla2xxx - allow use of MSI when MSI-X disabled. [rhel-5.4.z] 519783 - [QLogic 5.5 bug] qlge - fix hangs and read perfromance [rhel-5.4.z] 520685 - use KVM pvclock code to detect/correct lost ticks [rhel-5.4.z] 520686 - bare-metal and xen: /proc/cpuinfo does not list all CPU flags presented by CPU [rhel-5.4.z] 520905 - Serial ports don't function on 4838-310 without pnpacpi=off boot option [rhel-5.4.z] 520906 - mlx4_core fails to load on systems with32 cores [rhel-5.4.z] 520908 - TCP traffic for VLAN interfaces fails over mlx4_en parent interface. [rhel-5.4.z] 520919 - BUG: soft lockup - CPU#5 stuck for 10s at .context_struct_compute_av+0x214/0x39c [rhel-5.4.z] 521238 - [RHEL 5] Hang on boot due to wrong APIC timer calibration [rhel-5.4.z] 521239 - scsi_transport_fc: fc_user_scan can loop forever, needs mutex with rport list changes [rhel-5.4.z] 521241 - 5.4 alpha: Broadcom 5761 NIC does not work [rhel-5.4.z] 521244 - Read/Write NFS I/O performance degraded by FLUSH_STABLE page flushing [rhel-5.4.z] 522636 - bridge: Fix LRO crash with tun (tun_chr_read()) [rhel-5.4.z] 523237 - Add kernel (scsi_dh_rdac) support for Sun 6540 storage arrays. [rhel-5.4.z] 523289 - [FIP140-2] the first n- bit block generated after power-up, initialization, or reset shall not be used [rhel-5.4.z] 523290 - [FIPS140-2] Provide option to disable/enable use of the first random block [rhel-5.4.z] 524150 - Can't override KVM clock in a KVM guest with -165 kernel to triage SAP DB create failure [rhel-5.4.z] 524151 - cpu1 didn't come online in a kvm i686 guest [rhel-5.4.z] 524152 - pvclock return bogus wallclock values [rhel-5.4.z] 524527 - RHEV : SAP SLCS 2.3 fails during install/import in a RHEV-H/KVM guest with PV KVM clock [rhel-5.4.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.2.1.el5.src.rpm i386: kernel-2.6.18-164.2.1.el5.i686.rpm kernel-PAE-2.6.18-164.2.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.2.1.el5.i686.rpm kernel-debug-2.6.18-164.2.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.2.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.2.1.el5.i686.rpm kernel-devel-2.6.18-164.2.1.el5.i686.rpm kernel-headers-2.6.18-164.2.1.el5.i386.rpm kernel-xen-2.6.18-164.2.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.2.1.el5.i686.rpm noarch: kernel-doc-2.6.18-164.2.1.el5.noarch.rpm x86_64: kernel-2.6.18-164.2.1.el5.x86_64.rpm kernel-debug-2.6.18-164.2.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.2.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.2.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.2.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.2.1.el5.x86_64.rpm kernel-devel-2.6.18-164.2.1.el5.x86_64.rpm kernel-headers-2.6.18-164.2.1.el5.x86_64.rpm kernel-xen-2.6.18-164.2.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.2.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.2.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.2.1.el5.src.rpm i386: kernel-2.6.18-164.2.1.el5.i686.rpm kernel-PAE-2.6.18-164.2.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.2.1.el5.i686.rpm kernel-debug-2.6.18-164.2.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.2.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.2.1.el5.i686.rpm kernel-devel-2.6.18-164.2.1.el5.i686.rpm kernel-headers-2.6.18-164.2.1.el5.i386.rpm kernel-xen-2.6.18-164.2.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.2.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.2.1.el5.i686.rpm ia64: kernel-2.6.18-164.2.1.el5.ia64.rpm kernel-debug-2.6.18-164.2.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.2.1.el5.ia64.rpm kernel-debug-devel-2.6.18-164.2.1.el5.ia64.rpm kernel-debuginfo-2.6.18-164.2.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.2.1.el5.ia64.rpm kernel-devel-2.6.18-164.2.1.el5.ia64.rpm kernel-headers-2.6.18-164.2.1.el5.ia64.rpm kernel-xen-2.6.18-164.2.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.2.1.el5.ia64.rpm kernel-xen-devel-2.6.18-164.2.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.2.1.el5.noarch.rpm ppc: kernel-2.6.18-164.2.1.el5.ppc64.rpm kernel-debug-2.6.18-164.2.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.2.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.2.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.2.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.2.1.el5.ppc64.rpm kernel-devel-2.6.18-164.2.1.el5.ppc64.rpm kernel-headers-2.6.18-164.2.1.el5.ppc.rpm kernel-headers-2.6.18-164.2.1.el5.ppc64.rpm kernel-kdump-2.6.18-164.2.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.2.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.2.1.el5.ppc64.rpm s390x: kernel-2.6.18-164.2.1.el5.s390x.rpm kernel-debug-2.6.18-164.2.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.2.1.el5.s390x.rpm kernel-debug-devel-2.6.18-164.2.1.el5.s390x.rpm kernel-debuginfo-2.6.18-164.2.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.2.1.el5.s390x.rpm kernel-devel-2.6.18-164.2.1.el5.s390x.rpm kernel-headers-2.6.18-164.2.1.el5.s390x.rpm kernel-kdump-2.6.18-164.2.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.2.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.2.1.el5.s390x.rpm x86_64: kernel-2.6.18-164.2.1.el5.x86_64.rpm kernel-debug-2.6.18-164.2.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.2.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.2.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.2.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.2.1.el5.x86_64.rpm kernel-devel-2.6.18-164.2.1.el5.x86_64.rpm kernel-headers-2.6.18-164.2.1.el5.x86_64.rpm kernel-xen-2.6.18-164.2.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.2.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.2.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2849 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKwmRPXlSAg2UNWIIRApiJAJ0ZsswUu9VyoFsWGKDxEL+1NAuTFgCfbTvI KAiY3cGhmT9HvYtXJ0Zz6wE= =aLny -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 30 15:00:49 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Sep 2009 11:00:49 -0400 Subject: [RHSA-2009:1469-01] Important: kernel security update Message-ID: <200909301500.n8UF0sD2019582@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2009:1469-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1469.html Issue date: 2009-09-30 CVE Names: CVE-2009-1389 CVE-2009-2692 CVE-2009-2698 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 504726 - CVE-2009-1389 kernel: r8169: fix crash when large packets are received 516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc 518034 - CVE-2009-2698 kernel: udp socket NULL ptr dereference 6. Package List: Red Hat Enterprise Linux AS version 4.7.z: i386: kernel-2.6.9-78.0.27.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.27.EL.i686.rpm kernel-devel-2.6.9-78.0.27.EL.i686.rpm kernel-hugemem-2.6.9-78.0.27.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.27.EL.i686.rpm kernel-smp-2.6.9-78.0.27.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.27.EL.i686.rpm kernel-xenU-2.6.9-78.0.27.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.27.EL.i686.rpm ia64: kernel-2.6.9-78.0.27.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.27.EL.ia64.rpm kernel-devel-2.6.9-78.0.27.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.27.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.27.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.27.EL.noarch.rpm ppc: kernel-2.6.9-78.0.27.EL.ppc64.rpm kernel-2.6.9-78.0.27.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-78.0.27.EL.ppc64.rpm kernel-debuginfo-2.6.9-78.0.27.EL.ppc64iseries.rpm kernel-devel-2.6.9-78.0.27.EL.ppc64.rpm kernel-devel-2.6.9-78.0.27.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-78.0.27.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-78.0.27.EL.ppc64.rpm s390: kernel-2.6.9-78.0.27.EL.s390.rpm kernel-debuginfo-2.6.9-78.0.27.EL.s390.rpm kernel-devel-2.6.9-78.0.27.EL.s390.rpm s390x: kernel-2.6.9-78.0.27.EL.s390x.rpm kernel-debuginfo-2.6.9-78.0.27.EL.s390x.rpm kernel-devel-2.6.9-78.0.27.EL.s390x.rpm x86_64: kernel-2.6.9-78.0.27.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.27.EL.x86_64.rpm kernel-devel-2.6.9-78.0.27.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.27.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.27.EL.x86_64.rpm kernel-smp-2.6.9-78.0.27.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.27.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.27.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.27.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4.7.z: i386: kernel-2.6.9-78.0.27.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.27.EL.i686.rpm kernel-devel-2.6.9-78.0.27.EL.i686.rpm kernel-hugemem-2.6.9-78.0.27.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.27.EL.i686.rpm kernel-smp-2.6.9-78.0.27.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.27.EL.i686.rpm kernel-xenU-2.6.9-78.0.27.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.27.EL.i686.rpm ia64: kernel-2.6.9-78.0.27.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.27.EL.ia64.rpm kernel-devel-2.6.9-78.0.27.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.27.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.27.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.27.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.27.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.27.EL.x86_64.rpm kernel-devel-2.6.9-78.0.27.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.27.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.27.EL.x86_64.rpm kernel-smp-2.6.9-78.0.27.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.27.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.27.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.27.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKw3KcXlSAg2UNWIIRAmeQAJ4yc4vES764z91zXBVObNdAPdzY3ACdEaCF gG0/tU4VWhdHtBdx5Fcq7E8= =vDbq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 30 15:12:02 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Sep 2009 11:12:02 -0400 Subject: [RHSA-2009:1470-01] Moderate: openssh security update Message-ID: <200909301512.n8UFC2ju012875@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security update Advisory ID: RHSA-2009:1470-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1470.html Issue date: 2009-09-30 CVE Names: CVE-2009-2904 ===================================================================== 1. Summary: Updated openssh packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904) All OpenSSH users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 522141 - CVE-2009-2904 openssh: possible privilege escalation when using ChrootDirectory setting 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssh-4.3p2-36.el5_4.2.src.rpm i386: openssh-4.3p2-36.el5_4.2.i386.rpm openssh-askpass-4.3p2-36.el5_4.2.i386.rpm openssh-clients-4.3p2-36.el5_4.2.i386.rpm openssh-debuginfo-4.3p2-36.el5_4.2.i386.rpm openssh-server-4.3p2-36.el5_4.2.i386.rpm x86_64: openssh-4.3p2-36.el5_4.2.x86_64.rpm openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm openssh-debuginfo-4.3p2-36.el5_4.2.x86_64.rpm openssh-server-4.3p2-36.el5_4.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssh-4.3p2-36.el5_4.2.src.rpm i386: openssh-4.3p2-36.el5_4.2.i386.rpm openssh-askpass-4.3p2-36.el5_4.2.i386.rpm openssh-clients-4.3p2-36.el5_4.2.i386.rpm openssh-debuginfo-4.3p2-36.el5_4.2.i386.rpm openssh-server-4.3p2-36.el5_4.2.i386.rpm ia64: openssh-4.3p2-36.el5_4.2.ia64.rpm openssh-askpass-4.3p2-36.el5_4.2.ia64.rpm openssh-clients-4.3p2-36.el5_4.2.ia64.rpm openssh-debuginfo-4.3p2-36.el5_4.2.ia64.rpm openssh-server-4.3p2-36.el5_4.2.ia64.rpm ppc: openssh-4.3p2-36.el5_4.2.ppc.rpm openssh-askpass-4.3p2-36.el5_4.2.ppc.rpm openssh-clients-4.3p2-36.el5_4.2.ppc.rpm openssh-debuginfo-4.3p2-36.el5_4.2.ppc.rpm openssh-server-4.3p2-36.el5_4.2.ppc.rpm s390x: openssh-4.3p2-36.el5_4.2.s390x.rpm openssh-askpass-4.3p2-36.el5_4.2.s390x.rpm openssh-clients-4.3p2-36.el5_4.2.s390x.rpm openssh-debuginfo-4.3p2-36.el5_4.2.s390x.rpm openssh-server-4.3p2-36.el5_4.2.s390x.rpm x86_64: openssh-4.3p2-36.el5_4.2.x86_64.rpm openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm openssh-debuginfo-4.3p2-36.el5_4.2.x86_64.rpm openssh-server-4.3p2-36.el5_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFKw3UkXlSAg2UNWIIRAuWCAJ9u9C4e/ffTdZ0qrouXa43T4VegjwCfa0ma PLdLhIVP8WwV37XlVgfW+2Q= =MSQV -----END PGP SIGNATURE-----