Operating System:


16 February 2005

Protect yourself against future threats.

Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                 ESB-2005.0158 -- Red Hat Enterprise Linux
                   Multiple updates fix security issues
                             16 February 2005


        AusCERT Security Bulletin Summary

Product:           libtiff
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Desktop version 4

Comment: Recent advisories from Red Hat for RH Linux v2.1, v3 and v4 regarding
         the same vulnerability have been released with varying delays between
         them. With a view to timely notification and reduced duplication,
         AusCERT will only be redistributing the first Red Hat advisory
         received relating to a particular vulnerability. Administrators of
         other Red Hat Linux versions will be required to check with the Red Hat
         web site or update management software.
         In the past month, Red Hat have been releasing advisories for RH Linux
         versions 2.1 and 3.  Due to the recent release of vulnerability and
         patch details for RH Linux 4, many of which have been addressed for
         previous versions of RH Linux, AusCERT is providing details released
         today of vulnerabilities pertaining to RH Linux v4 in digest form,
         containing the following information for each vulnerability:
         Advisory ID:
         Advisory URL:
         In future, AusCERT will continue to redistribute the first Red Hat
         advisory received for a particular vulnerability.

- --------------------------BEGIN INCLUDED TEXT--------------------

Package:	   libtiff
Advisory ID:       RHSA-2005:035-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-035.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service

Package:	   vim
Advisory ID:	   RHSA-2005:036-01  
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-036.html
Impact:		   Execute Arbitrary Code/Commands
		   Modify Arbitrary Files

Package:	   ethereal
Advisory ID:  	   RHSA-2005:037-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-037.htm
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service

Package:	   enscript
Advisory ID:  	   RHSA-2005:040-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-040.html
Impact:		   Execute Arbitrary Code/Commands

Package:	   Kerberos (krb5)
Advisory ID:  	   RHSA-2005:045-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-045.html
Impact:	 	   Execute Arbitrary  Code/Commands

Package:	   CUPS
Advisory ID:	   RHSA-2005:053-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-053.html
Impact:		   Execute Arbitrary Code/Commands
		   Increased Privileges
		   Denial of Service

Package:	   gpdf
Advisory ID:	   RHSA-2005:057-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-057.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service

Package:           squid
Advisory ID:	   RHSA-2005:060-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-060.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service
		   Inappropriate Access

Package:	   kdelibs	
Advisory ID:	   RHSA-2005:065-01 
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-065.html
Impact:		   Execute Arbitrary Code/Commands
		   Increased Privileges
		   Modify Arbitrary Files

Package:	   kdegraphics
Advisory ID:	   RHSA-2005:066-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-066.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service

Package:	   ImageMagick
Advisory ID:	   RHSA-2005:071-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-071.html
Impact:		   Execute Arbitrary Code/Commands

Package:	   Perl-DBI
Advisory ID:	   RHSA-2005:072-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-072.html
Impact:		   Modify Arbitrary Files
		   Inappropriate Access

Package:	   cpio
Advisory ID:	   RHSA-2005:073-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-073.html
Impact:		   Reduced Security

Package:	   htdig
Advisory ID:	   RHSA-2005:090-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-090.html
Impact:		   Execute Arbitrary Code/Commands

Package:	   thunderbird
Advisory ID:	   RHSA-2005:094-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-094.html
Impact:		   Reduced Security

Package:	   squirrelmail
Advisory ID:	   RHSA-2005:099-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-099.html
Impact:		   Cross Site Scripting

Package:	   mod_python
Advisory ID:	   RHSA-2005:100-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-100.html
Impact:		   Access Confidential Data

Package:	   perl
Advisory ID:	   RHSA-2005:103-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-103.html
Impact:		   Root Compromise
		   Execute Arbitrary Code
		   Modify Arbitrary Files
		   Reduced Security

Package:	   python
Advisory ID:	   RHSA-2005:108-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-108.html
Impact:		   Inappropriate Access
	  	   Reduced Security

Package:	   emacs
Advisory ID:	   RHSA-2005:110-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-110.html
Impact:		   Execute Arbitrary Code/Commands

Package:	   xemacs
Advisory ID:	   RHSA-2005:133-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-133.html
Impact:		   Execute Arbitrary Code/Commands

Package:	   mailman
Advisory ID:	   RHSA-2005:137-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-137.html
Impact:		   Access Arbitrary Files

Package:	   postgresql
Advisory ID:	   RHSA-2005:138-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-138.html
Impact:    	   Execute Arbitrary Code
		   Increased Privileges
- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.

Comment: http://www.auscert.org.au/render.html?it=1967