Operating System:

Published:

16 February 2005

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                 ESB-2005.0158 -- Red Hat Enterprise Linux
                   Multiple updates fix security issues
                             16 February 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libtiff
                   vim
                   ethereal
                   enscript
                   krb5
                   CUPS
                   gpdf
                   squid
                   kdelibs
                   kdegraphics
                   ImageMagick
                   perl-DBI
                   cpio
                   htdig
                   thunderbird
                   squirrelmail
                   mod_python
                   perl
                   python
                   emacs
                   xemacs
                   mailman
                   postgresql
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Desktop version 4

Comment: Recent advisories from Red Hat for RH Linux v2.1, v3 and v4 regarding
         the same vulnerability have been released with varying delays between
         them. With a view to timely notification and reduced duplication,
         AusCERT will only be redistributing the first Red Hat advisory
         received relating to a particular vulnerability. Administrators of
         other Red Hat Linux versions will be required to check with the Red Hat
         web site or update management software.
         
         In the past month, Red Hat have been releasing advisories for RH Linux
         versions 2.1 and 3.  Due to the recent release of vulnerability and
         patch details for RH Linux 4, many of which have been addressed for
         previous versions of RH Linux, AusCERT is providing details released
         today of vulnerabilities pertaining to RH Linux v4 in digest form,
         containing the following information for each vulnerability:
         
         Package:
         Advisory ID:
         Advisory URL:
         Impact:
         
         In future, AusCERT will continue to redistribute the first Red Hat
         advisory received for a particular vulnerability.

- --------------------------BEGIN INCLUDED TEXT--------------------

Package:	   libtiff
Advisory ID:       RHSA-2005:035-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-035.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service


Package:	   vim
Advisory ID:	   RHSA-2005:036-01  
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-036.html
Impact:		   Execute Arbitrary Code/Commands
		   Modify Arbitrary Files


Package:	   ethereal
Advisory ID:  	   RHSA-2005:037-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-037.htm
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service

	   
Package:	   enscript
Advisory ID:  	   RHSA-2005:040-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-040.html
Impact:		   Execute Arbitrary Code/Commands


Package:	   Kerberos (krb5)
Advisory ID:  	   RHSA-2005:045-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-045.html
Impact:	 	   Execute Arbitrary  Code/Commands


Package:	   CUPS
Advisory ID:	   RHSA-2005:053-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-053.html
Impact:		   Execute Arbitrary Code/Commands
		   Increased Privileges
		   Denial of Service


Package:	   gpdf
Advisory ID:	   RHSA-2005:057-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-057.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service


Package:           squid
Advisory ID:	   RHSA-2005:060-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-060.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service
		   Inappropriate Access

\		   
Package:	   kdelibs	
Advisory ID:	   RHSA-2005:065-01 
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-065.html
Impact:		   Execute Arbitrary Code/Commands
		   Increased Privileges
		   Modify Arbitrary Files


Package:	   kdegraphics
Advisory ID:	   RHSA-2005:066-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-066.html
Impact:		   Execute Arbitrary Code/Commands
		   Denial of Service

		   
Package:	   ImageMagick
Advisory ID:	   RHSA-2005:071-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-071.html
Impact:		   Execute Arbitrary Code/Commands


Package:	   Perl-DBI
Advisory ID:	   RHSA-2005:072-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-072.html
Impact:		   Modify Arbitrary Files
		   Inappropriate Access


Package:	   cpio
Advisory ID:	   RHSA-2005:073-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-073.html
Impact:		   Reduced Security


Package:	   htdig
Advisory ID:	   RHSA-2005:090-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-090.html
Impact:		   Execute Arbitrary Code/Commands


Package:	   thunderbird
Advisory ID:	   RHSA-2005:094-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-094.html
Impact:		   Reduced Security


Package:	   squirrelmail
Advisory ID:	   RHSA-2005:099-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-099.html
Impact:		   Cross Site Scripting


Package:	   mod_python
Advisory ID:	   RHSA-2005:100-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-100.html
Impact:		   Access Confidential Data


Package:	   perl
Advisory ID:	   RHSA-2005:103-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-103.html
Impact:		   Root Compromise
		   Execute Arbitrary Code
		   Modify Arbitrary Files
		   Reduced Security


Package:	   python
Advisory ID:	   RHSA-2005:108-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-108.html
Impact:		   Inappropriate Access
	  	   Reduced Security


Package:	   emacs
Advisory ID:	   RHSA-2005:110-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-110.html
Impact:		   Execute Arbitrary Code/Commands
		   

Package:	   xemacs
Advisory ID:	   RHSA-2005:133-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-133.html
Impact:		   Execute Arbitrary Code/Commands


Package:	   mailman
Advisory ID:	   RHSA-2005:137-01
Advisory URL:	   https://rhn.redhat.com/errata/RHSA-2005-137.html
Impact:		   Access Arbitrary Files


Package:	   postgresql
Advisory ID:	   RHSA-2005:138-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-138.html
Impact:    	   Execute Arbitrary Code
		   Increased Privileges
		   
- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQhLsSih9+71yA2DNAQLvRgP+LxxnreTPCQ1UzI6R70QrryRp0fkRvypE
8uAH+dIZQTByAyomjYkaMp/AZ2uJctuq7wr8QGQUI507jCd65dfC22X6cjGmRN6w
RcpN4y3a8kK+Nl/98EWFvFMuzUbOScg4zqvF3tMMso4ScENk2YBypzpm4SPWHUQm
Bh1eQfVLYCE=
=dQBh
-----END PGP SIGNATURE-----