Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0158 -- Red Hat Enterprise Linux
Multiple updates fix security issues
16 February 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libtiff
vim
ethereal
enscript
krb5
CUPS
gpdf
squid
kdelibs
kdegraphics
ImageMagick
perl-DBI
cpio
htdig
thunderbird
squirrelmail
mod_python
perl
python
emacs
xemacs
mailman
postgresql
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Desktop version 4
Comment: Recent advisories from Red Hat for RH Linux v2.1, v3 and v4 regarding
the same vulnerability have been released with varying delays between
them. With a view to timely notification and reduced duplication,
AusCERT will only be redistributing the first Red Hat advisory
received relating to a particular vulnerability. Administrators of
other Red Hat Linux versions will be required to check with the Red Hat
web site or update management software.
In the past month, Red Hat have been releasing advisories for RH Linux
versions 2.1 and 3. Due to the recent release of vulnerability and
patch details for RH Linux 4, many of which have been addressed for
previous versions of RH Linux, AusCERT is providing details released
today of vulnerabilities pertaining to RH Linux v4 in digest form,
containing the following information for each vulnerability:
Package:
Advisory ID:
Advisory URL:
Impact:
In future, AusCERT will continue to redistribute the first Red Hat
advisory received for a particular vulnerability.
- --------------------------BEGIN INCLUDED TEXT--------------------
Package: libtiff
Advisory ID: RHSA-2005:035-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-035.html
Impact: Execute Arbitrary Code/Commands
Denial of Service
Package: vim
Advisory ID: RHSA-2005:036-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-036.html
Impact: Execute Arbitrary Code/Commands
Modify Arbitrary Files
Package: ethereal
Advisory ID: RHSA-2005:037-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-037.htm
Impact: Execute Arbitrary Code/Commands
Denial of Service
Package: enscript
Advisory ID: RHSA-2005:040-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-040.html
Impact: Execute Arbitrary Code/Commands
Package: Kerberos (krb5)
Advisory ID: RHSA-2005:045-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-045.html
Impact: Execute Arbitrary Code/Commands
Package: CUPS
Advisory ID: RHSA-2005:053-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-053.html
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Denial of Service
Package: gpdf
Advisory ID: RHSA-2005:057-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-057.html
Impact: Execute Arbitrary Code/Commands
Denial of Service
Package: squid
Advisory ID: RHSA-2005:060-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-060.html
Impact: Execute Arbitrary Code/Commands
Denial of Service
Inappropriate Access
\
Package: kdelibs
Advisory ID: RHSA-2005:065-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-065.html
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Modify Arbitrary Files
Package: kdegraphics
Advisory ID: RHSA-2005:066-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-066.html
Impact: Execute Arbitrary Code/Commands
Denial of Service
Package: ImageMagick
Advisory ID: RHSA-2005:071-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-071.html
Impact: Execute Arbitrary Code/Commands
Package: Perl-DBI
Advisory ID: RHSA-2005:072-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-072.html
Impact: Modify Arbitrary Files
Inappropriate Access
Package: cpio
Advisory ID: RHSA-2005:073-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-073.html
Impact: Reduced Security
Package: htdig
Advisory ID: RHSA-2005:090-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-090.html
Impact: Execute Arbitrary Code/Commands
Package: thunderbird
Advisory ID: RHSA-2005:094-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-094.html
Impact: Reduced Security
Package: squirrelmail
Advisory ID: RHSA-2005:099-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-099.html
Impact: Cross Site Scripting
Package: mod_python
Advisory ID: RHSA-2005:100-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-100.html
Impact: Access Confidential Data
Package: perl
Advisory ID: RHSA-2005:103-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-103.html
Impact: Root Compromise
Execute Arbitrary Code
Modify Arbitrary Files
Reduced Security
Package: python
Advisory ID: RHSA-2005:108-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-108.html
Impact: Inappropriate Access
Reduced Security
Package: emacs
Advisory ID: RHSA-2005:110-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-110.html
Impact: Execute Arbitrary Code/Commands
Package: xemacs
Advisory ID: RHSA-2005:133-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-133.html
Impact: Execute Arbitrary Code/Commands
Package: mailman
Advisory ID: RHSA-2005:137-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-137.html
Impact: Access Arbitrary Files
Package: postgresql
Advisory ID: RHSA-2005:138-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-138.html
Impact: Execute Arbitrary Code
Increased Privileges
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQhLsSih9+71yA2DNAQLvRgP+LxxnreTPCQ1UzI6R70QrryRp0fkRvypE
8uAH+dIZQTByAyomjYkaMp/AZ2uJctuq7wr8QGQUI507jCd65dfC22X6cjGmRN6w
RcpN4y3a8kK+Nl/98EWFvFMuzUbOScg4zqvF3tMMso4ScENk2YBypzpm4SPWHUQm
Bh1eQfVLYCE=
=dQBh
-----END PGP SIGNATURE-----