Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0284 -- [RedHat]
New Red Hat Packages fix Multiple Vulnerabilities
2 May 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: unzip
w3c-libwww
gcc
gdb
util-linux
busybox
cpio
sendmail
openssh
shadow-utils
gdm
openldap
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux 4
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Denial of Service
Modify Permissions
Modify Arbitrary Files
Provide Misleading Information
Reduced Security
Access: Remote/Unauthenticated
CVE Names: CVE-2005-4667 CVE-2006-4146 CVE-2005-2475
CVE-2005-3183 CVE-2006-3619 CVE-2006-7108
CVE-2006-1058 CVE-2005-4268 CVE-2006-7176
CVE-2005-2666 CVE-2006-1174 CVE-2006-1057
CVE-2006-4600
Ref: ESB-2006.0036
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0203.html
https://rhn.redhat.com/errata/RHSA-2007-0208.html
https://rhn.redhat.com/errata/RHSA-2007-0220.html
https://rhn.redhat.com/errata/RHSA-2007-0229.html
https://rhn.redhat.com/errata/RHSA-2007-0235.html
https://rhn.redhat.com/errata/RHSA-2007-0244.html
https://rhn.redhat.com/errata/RHSA-2007-0245.html
https://rhn.redhat.com/errata/RHSA-2007-0252.html
https://rhn.redhat.com/errata/RHSA-2007-0257.html
https://rhn.redhat.com/errata/RHSA-2007-0276.html
https://rhn.redhat.com/errata/RHSA-2007-0286.html
https://rhn.redhat.com/errata/RHSA-2007-0310.html
Comment: This bulletin contains 12 separate Red Hat security advisories
documenting packages addressing multiple vulnerabilities in products
which run on Red Hat linux.
Many of the products referenced in this bulletin run on operating
systems other than Red Hat. Administrators are advised to check for
updated versions of these products for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: unzip security and bug fix update
Advisory ID: RHSA-2007:0203-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0203.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: large file toctou
CVE Names: CVE-2005-2475 CVE-2005-4667
- - ---------------------------------------------------------------------
1. Summary:
Updated unzip packages that fix two security issues and various bugs are
now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The unzip utility is used to list, test, or extract files from a zip archive.
A race condition was found in Unzip. Local users could use this flaw to
modify permissions of arbitrary files via a hard link attack on a file
while it was being decompressed (CVE-2005-2475)
A buffer overflow was found in Unzip command line argument handling.
If a user could be tricked into running Unzip with a specially crafted long
file name, an attacker could execute arbitrary code with that user's
privileges. (CVE-2005-4667)
As well, this update adds support for files larger than 2GB.
All users of unzip should upgrade to these updated packages, which
contain backported patches that resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
164927 - CVE-2005-2475 TOCTOU issue in unzip
178960 - CVE-2005-4667 unzip long filename buffer overflow
199104 - unzip has not been compiled with large file support and cannot unzip files > 2G
230558 - unzip-5.51-8 leaves files as read-only (400)
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/unzip-5.51-9.EL4.5.src.rpm
dde2030ecdb6904361b00056d6271c5d unzip-5.51-9.EL4.5.src.rpm
i386:
d694a66c36337360c4b4dc46e4295e17 unzip-5.51-9.EL4.5.i386.rpm
5dbb123e8ed4f0dffc7d6a9691eac735 unzip-debuginfo-5.51-9.EL4.5.i386.rpm
ia64:
fd654f89bbb37937ac5c0bdf0df80843 unzip-5.51-9.EL4.5.ia64.rpm
e25f4b007bf0d17e8cdee7cd174cf48b unzip-debuginfo-5.51-9.EL4.5.ia64.rpm
ppc:
fea3d9b6075db7578c5d55dc10712bfc unzip-5.51-9.EL4.5.ppc.rpm
eaa0d171e25e267f4acafb4e8915e3d4 unzip-debuginfo-5.51-9.EL4.5.ppc.rpm
s390:
e154c6e1e1d5da18a4134582fd78df6f unzip-5.51-9.EL4.5.s390.rpm
f45a8c6ce1c46b81226f54d829eb4f09 unzip-debuginfo-5.51-9.EL4.5.s390.rpm
s390x:
dc980ef3c7de918e07ed51c73e63ba4a unzip-5.51-9.EL4.5.s390x.rpm
ab39363bdc419029745e17c31c793fa9 unzip-debuginfo-5.51-9.EL4.5.s390x.rpm
x86_64:
c70ff5fb35d0fae41b4440361095f25b unzip-5.51-9.EL4.5.x86_64.rpm
e61b242fa13104fe2b4ab1be68dac892 unzip-debuginfo-5.51-9.EL4.5.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/unzip-5.51-9.EL4.5.src.rpm
dde2030ecdb6904361b00056d6271c5d unzip-5.51-9.EL4.5.src.rpm
i386:
d694a66c36337360c4b4dc46e4295e17 unzip-5.51-9.EL4.5.i386.rpm
5dbb123e8ed4f0dffc7d6a9691eac735 unzip-debuginfo-5.51-9.EL4.5.i386.rpm
x86_64:
c70ff5fb35d0fae41b4440361095f25b unzip-5.51-9.EL4.5.x86_64.rpm
e61b242fa13104fe2b4ab1be68dac892 unzip-debuginfo-5.51-9.EL4.5.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/unzip-5.51-9.EL4.5.src.rpm
dde2030ecdb6904361b00056d6271c5d unzip-5.51-9.EL4.5.src.rpm
i386:
d694a66c36337360c4b4dc46e4295e17 unzip-5.51-9.EL4.5.i386.rpm
5dbb123e8ed4f0dffc7d6a9691eac735 unzip-debuginfo-5.51-9.EL4.5.i386.rpm
ia64:
fd654f89bbb37937ac5c0bdf0df80843 unzip-5.51-9.EL4.5.ia64.rpm
e25f4b007bf0d17e8cdee7cd174cf48b unzip-debuginfo-5.51-9.EL4.5.ia64.rpm
x86_64:
c70ff5fb35d0fae41b4440361095f25b unzip-5.51-9.EL4.5.x86_64.rpm
e61b242fa13104fe2b4ab1be68dac892 unzip-debuginfo-5.51-9.EL4.5.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/unzip-5.51-9.EL4.5.src.rpm
dde2030ecdb6904361b00056d6271c5d unzip-5.51-9.EL4.5.src.rpm
i386:
d694a66c36337360c4b4dc46e4295e17 unzip-5.51-9.EL4.5.i386.rpm
5dbb123e8ed4f0dffc7d6a9691eac735 unzip-debuginfo-5.51-9.EL4.5.i386.rpm
ia64:
fd654f89bbb37937ac5c0bdf0df80843 unzip-5.51-9.EL4.5.ia64.rpm
e25f4b007bf0d17e8cdee7cd174cf48b unzip-debuginfo-5.51-9.EL4.5.ia64.rpm
x86_64:
c70ff5fb35d0fae41b4440361095f25b unzip-5.51-9.EL4.5.x86_64.rpm
e61b242fa13104fe2b4ab1be68dac892 unzip-debuginfo-5.51-9.EL4.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4667
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN31tXlSAg2UNWIIRAvwBAJ9e3TGUs/MntTO6nBIA/FvEqCD1NACfS2uy
6I4eZ9h0+Bj19I2AF+qRwX0=
=ksGK
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: w3c-libwww security and bug fix update
Advisory ID: RHSA-2007:0208-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0208.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3183
- - ---------------------------------------------------------------------
1. Summary:
Updated w3c-libwww packages that fix a security issue and a bug are now
available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
w3c-libwww is a general-purpose web library.
Several buffer overflow flaws in w3c-libwww were found. If a client
application that uses w3c-libwww connected to a malicious HTTP server, it
could trigger an out of bounds memory access, causing the client
application to crash (CVE-2005-3183).
This updated version of w3c-libwww also fixes an issue when computing MD5
sums on a 64 bit machine.
Users of w3c-libwww should upgrade to these updated packages, which contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
163664 - /usr/lib64/libmd5.so is broken.
169495 - CVE-2005-3183 Multiple bugs in libwww - one exploitable - in Library/src/HTBound.c
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm
ia64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582 w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm
ppc:
e20415ead6919058b5e0792e7f038201 w3c-libwww-5.4.0-10.1.RHEL4.2.ppc.rpm
54e29e788248fba9c1a1b1a21468de37 w3c-libwww-5.4.0-10.1.RHEL4.2.ppc64.rpm
6718eb3dc7804724e7d2c48f1f29b66b w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ppc.rpm
38faec06014cb339e95f4b7c4cf602d3 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ppc.rpm
6d1b95e5446ee605df8c7d1e01625209 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ppc64.rpm
b4babec6d53b2d34db31be94e0dbfb26 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ppc.rpm
s390:
ba843212e12261ad439c9703a33f3ed6 w3c-libwww-5.4.0-10.1.RHEL4.2.s390.rpm
5e6d19c48b5a5ffae7048ccab6d68d06 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.s390.rpm
134fd18a7741d12ad813f572793b2088 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390.rpm
2a2f963f31a9920b4577e4ce7ab39e3c w3c-libwww-devel-5.4.0-10.1.RHEL4.2.s390.rpm
s390x:
ba843212e12261ad439c9703a33f3ed6 w3c-libwww-5.4.0-10.1.RHEL4.2.s390.rpm
ebd676d4cbc19756aabf06ba6537262c w3c-libwww-5.4.0-10.1.RHEL4.2.s390x.rpm
dc750df9eb1e58bb0887e4969e3d7a8d w3c-libwww-apps-5.4.0-10.1.RHEL4.2.s390x.rpm
134fd18a7741d12ad813f572793b2088 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390.rpm
1e03d6c927269840db1520a26cf2880c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390x.rpm
68054495a7e29a855f85b83bac370e57 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.s390x.rpm
x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm
x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm
ia64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582 w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm
x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm
ia64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582 w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm
x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN32iXlSAg2UNWIIRAraNAJ0W3mm7s+/hronXSb988l+qTtJrsQCdFR05
DmK+mbsb8eNas5F9M7yj0Ks=
=ajAM
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: gcc security and bug fix update
Advisory ID: RHSA-2007:0220-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0220.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: fastjar directory traversal
CVE Names: CVE-2006-3619
- - ---------------------------------------------------------------------
1. Summary:
Updated gcc packages that fix a security issue and various bugs are now
available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The gcc packages include C, C++, Java, Fortran 77, Objective C, and Ada 95
GNU compilers and related support libraries.
Jürgen Weigert discovered a directory traversal flaw in fastjar. An
attacker could create a malicious JAR file which, if unpacked using
fastjar, could write to any files the victim had write access to.
(CVE-2006-3619)
These updated packages also fix several bugs, including:
* two debug information generator bugs
* two internal compiler errors
In addition to this, protoize.1 and unprotoize.1 manual pages have been
added to the package and __cxa_get_exception_ptr@@CXXABI_1.3.1 symbol has
been added into libstdc++.so.6.
For full details regarding all fixed bugs, refer to the package changelog
as well as the specified list of bug reports from bugzilla.
All users of gcc should upgrade to these updated packages, which contain
backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
198912 - CVE-2006-3619 Directory traversal issue in fastjar
205919 - ICE related to std::vector<std::vector<...> > >
207277 - g++: internal compiler error: Segmentation fault
207303 - cannot rebuild gcc when build_java is 0
214353 - gcc-3.4.6-3 didn't produce correct debug_line info for some kernel functions
218377 - g++ compile runs forever on test file with optimization and debug info
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gcc-3.4.6-8.src.rpm
8e6d5bcabca302c16b2a30048535ed95 gcc-3.4.6-8.src.rpm
i386:
e0f0b27595ba48be28632359ff165c39 cpp-3.4.6-8.i386.rpm
45c3458477b291a2697a033881df32a0 gcc-3.4.6-8.i386.rpm
dd4e2d846118f1427a69a5c0f830d309 gcc-c++-3.4.6-8.i386.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
cb382c90c0d49b9a89953200e926cac7 gcc-g77-3.4.6-8.i386.rpm
e18b2ecd6bc4d629669fa9cc04c13783 gcc-gnat-3.4.6-8.i386.rpm
8b1c1291089ae1563e9aab28e355edbc gcc-java-3.4.6-8.i386.rpm
d78c21e48d809c73f135aeaa64c9b08c gcc-objc-3.4.6-8.i386.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
f49a9b6d82b9d927b671e554f38d3bb0 libgcj-devel-3.4.6-8.i386.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
ia64:
53151d63f347253b3cadd53c0662ec14 cpp-3.4.6-8.ia64.rpm
6877e97cf5621ddc7e5d7fae8d9c6a75 gcc-3.4.6-8.ia64.rpm
22a1d15a93c7e829374571a56a9efd10 gcc-c++-3.4.6-8.ia64.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
59a46e0c30fc53d75d2de5d0605d9b9e gcc-debuginfo-3.4.6-8.ia64.rpm
ad9a10b271548981be50921b0bf6809b gcc-g77-3.4.6-8.ia64.rpm
e38028f17015901d79056a5b48deb15c gcc-gnat-3.4.6-8.ia64.rpm
4a0c397ee2a273abcde6ea23c193ec35 gcc-java-3.4.6-8.ia64.rpm
122c53a5d130d92bfd28a995ceb71ad3 gcc-objc-3.4.6-8.ia64.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
3c31efaa2abd006aff2a8f6a6af1ca6f libf2c-3.4.6-8.ia64.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
8a7350a7c6b1b039fd3b4a22793b93a5 libgcc-3.4.6-8.ia64.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
1245d9cd9b0082fc7b2c6e8443b8ea68 libgcj-3.4.6-8.ia64.rpm
1515bc758b2030e9f6aabcdc1254b790 libgcj-devel-3.4.6-8.ia64.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
c3942bb6d70dd577f7b22df4fdf27b79 libgnat-3.4.6-8.ia64.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
c85a5ba5aecf418f354c9ddede23b517 libobjc-3.4.6-8.ia64.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
0544c5cef58e795c428d0ff0a45945b1 libstdc++-3.4.6-8.ia64.rpm
5bacbaf2ec67bd447a67ce79809022ba libstdc++-devel-3.4.6-8.ia64.rpm
ppc:
7bcacf33e4d080b2893c7c71f2b330fa cpp-3.4.6-8.ppc.rpm
3933ade1c97a5d3c3c05044eb984daa6 gcc-3.4.6-8.ppc.rpm
aec5b2230e95ddbfc760bbd5550ad976 gcc-c++-3.4.6-8.ppc.rpm
aab9558484c6f35c0f556a6f69d3720c gcc-c++-ppc32-3.4.6-8.ppc.rpm
6fba4225aff873dd46dbf6db4ba7411f gcc-debuginfo-3.4.6-8.ppc.rpm
1f27cf4fd5e7749db43d27b7422f49a7 gcc-debuginfo-3.4.6-8.ppc64.rpm
de92b05d631c854c4ed607a5249d846e gcc-g77-3.4.6-8.ppc.rpm
2236e86699a53d30c61f53a60483338d gcc-gnat-3.4.6-8.ppc.rpm
6e80c51665417760754faaf19aa7097a gcc-java-3.4.6-8.ppc.rpm
98a012640f4a836127bcd14e065d6189 gcc-objc-3.4.6-8.ppc.rpm
74e9d56b3c472a9a4b8f2e3dfde8036d gcc-ppc32-3.4.6-8.ppc.rpm
bc84da137a87c9cbedc5a6154d1d2ea3 libf2c-3.4.6-8.ppc.rpm
996a27956f0bc0967557985edcfa82f0 libf2c-3.4.6-8.ppc64.rpm
210c908488246b0481c62048b4d1bb5a libgcc-3.4.6-8.ppc.rpm
890daf9d58f76ee8160b242f4b7bf850 libgcc-3.4.6-8.ppc64.rpm
b1be12da4e88f726354548fbc1566f4f libgcj-3.4.6-8.ppc.rpm
7952ca607d18ae24a274037dc99ffff0 libgcj-3.4.6-8.ppc64.rpm
6641f7d5d0b8aa235f70a0c0613d3661 libgcj-devel-3.4.6-8.ppc.rpm
5f3591d81cfcc9e53c0c186c03931501 libgnat-3.4.6-8.ppc.rpm
3d4ec7d0f15ad614abba76ebf47e0efe libobjc-3.4.6-8.ppc.rpm
0ff3d9983d00093c750b513c3e7c8d14 libobjc-3.4.6-8.ppc64.rpm
7103f9a707bc4313f9469a7972cebeb0 libstdc++-3.4.6-8.ppc.rpm
a070d50d537574ab4dc7e914b3a7c82d libstdc++-3.4.6-8.ppc64.rpm
a3bd8b792b29e1738b0dcc9eba69ff97 libstdc++-devel-3.4.6-8.ppc.rpm
637a47724a1f38dd9d24bc1fd1628c8c libstdc++-devel-3.4.6-8.ppc64.rpm
s390:
d014cfeb93a06eb017169ff63c0661b6 cpp-3.4.6-8.s390.rpm
7b84f19edccd4848fa9f0e3983e60ab0 gcc-3.4.6-8.s390.rpm
98de418852d2e57c4c07f2bf29bfefd8 gcc-c++-3.4.6-8.s390.rpm
b0a474d524995c06ca16ec749a9e28a9 gcc-debuginfo-3.4.6-8.s390.rpm
1b9d2b645c74189c1a52dbf4e360cdd4 gcc-g77-3.4.6-8.s390.rpm
e8a4662655c60504893ebbb2343eb9e0 gcc-gnat-3.4.6-8.s390.rpm
2465ea2b421adf8aa7e9da6ffb3ed78c gcc-java-3.4.6-8.s390.rpm
09cd5a8ce56af7f384a2ed9bca23f784 gcc-objc-3.4.6-8.s390.rpm
1c319c6b8ea14ea01024f57414b9abad libf2c-3.4.6-8.s390.rpm
eda1a1be25206d44a3f21ada054819a1 libgcc-3.4.6-8.s390.rpm
aab10079cea0a347f7ac6c4b80ee4780 libgcj-3.4.6-8.s390.rpm
6eb1fa827b941424070128b98a77f625 libgcj-devel-3.4.6-8.s390.rpm
d778a79cb6250144a1212e4242cbaedc libgnat-3.4.6-8.s390.rpm
f41ec334e4c57b17c38a2f4f1cd94cc7 libobjc-3.4.6-8.s390.rpm
a64e290b4a83236b5dc21a23d18f3ed7 libstdc++-3.4.6-8.s390.rpm
a8e598977b442c0e5df441a3a3383061 libstdc++-devel-3.4.6-8.s390.rpm
s390x:
fdac75f0bd52d4d84d935797ed1817db cpp-3.4.6-8.s390x.rpm
484c854725ddcff7db95f96d17498a68 gcc-3.4.6-8.s390x.rpm
43023cf38028fc21df55f83fc2c375d6 gcc-c++-3.4.6-8.s390x.rpm
b0a474d524995c06ca16ec749a9e28a9 gcc-debuginfo-3.4.6-8.s390.rpm
62410b01befe2ae50e5d75c863508828 gcc-debuginfo-3.4.6-8.s390x.rpm
f86fbb58956047b84d8d4009a568bd72 gcc-g77-3.4.6-8.s390x.rpm
43457662e68e3228b7364641f10699be gcc-java-3.4.6-8.s390x.rpm
0840eb9f5166ac4b604dd76a6e8ea85f gcc-objc-3.4.6-8.s390x.rpm
1c319c6b8ea14ea01024f57414b9abad libf2c-3.4.6-8.s390.rpm
311d8fe045d856061cb6584294201d6c libf2c-3.4.6-8.s390x.rpm
eda1a1be25206d44a3f21ada054819a1 libgcc-3.4.6-8.s390.rpm
2f6ef4706c6b20e16af93643f10ba68c libgcc-3.4.6-8.s390x.rpm
aab10079cea0a347f7ac6c4b80ee4780 libgcj-3.4.6-8.s390.rpm
60ea99c20d3c8fa9ce45870a4356cbb0 libgcj-3.4.6-8.s390x.rpm
c192ebf530834ce80e891cd6935d8643 libgcj-devel-3.4.6-8.s390x.rpm
d778a79cb6250144a1212e4242cbaedc libgnat-3.4.6-8.s390.rpm
f41ec334e4c57b17c38a2f4f1cd94cc7 libobjc-3.4.6-8.s390.rpm
23163deb52841a42b35a58373fe97878 libobjc-3.4.6-8.s390x.rpm
a64e290b4a83236b5dc21a23d18f3ed7 libstdc++-3.4.6-8.s390.rpm
c297464879195fd3639b142816e3d759 libstdc++-3.4.6-8.s390x.rpm
a8e598977b442c0e5df441a3a3383061 libstdc++-devel-3.4.6-8.s390.rpm
64827b2143a30bdcfd16a5cfc53c89ea libstdc++-devel-3.4.6-8.s390x.rpm
x86_64:
40116339dd861a83bda482ac3ebd18fb cpp-3.4.6-8.x86_64.rpm
1b8311eac3e34d85e76a6acb5b013840 gcc-3.4.6-8.x86_64.rpm
4ee9ca08efc2baa4d3e7fe2a1961f220 gcc-c++-3.4.6-8.x86_64.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
6357989477901fc4f25459251b80a8b1 gcc-debuginfo-3.4.6-8.x86_64.rpm
4a1e4092e081518bf44dad5f815ad440 gcc-g77-3.4.6-8.x86_64.rpm
03c4e9a30379f8f84cd5211c33173556 gcc-gnat-3.4.6-8.x86_64.rpm
0c12b7b8a9c44950106afe1e5ca58799 gcc-java-3.4.6-8.x86_64.rpm
d01754b1bf8bd20188afd0b66de5b2f4 gcc-objc-3.4.6-8.x86_64.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
351534d4346969a1f2ad59e63c2208f1 libf2c-3.4.6-8.x86_64.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
5e7654868b3230e58b5bc4610f852eb1 libgcc-3.4.6-8.x86_64.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
818ba6d58164f73f3c6eb7c72ed20361 libgcj-3.4.6-8.x86_64.rpm
f4f754aeb2fa9385d72b0e0cba94c8b0 libgcj-devel-3.4.6-8.x86_64.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
cbb86751fc904d8b5e49cc96dc06715f libgnat-3.4.6-8.x86_64.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
331ca84f80b34eec096726959b67b618 libobjc-3.4.6-8.x86_64.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
4d0db429dc4a86984dad3174345446ee libstdc++-3.4.6-8.x86_64.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
e0197111269e3799af9ad3fa37b857ad libstdc++-devel-3.4.6-8.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gcc-3.4.6-8.src.rpm
8e6d5bcabca302c16b2a30048535ed95 gcc-3.4.6-8.src.rpm
i386:
e0f0b27595ba48be28632359ff165c39 cpp-3.4.6-8.i386.rpm
45c3458477b291a2697a033881df32a0 gcc-3.4.6-8.i386.rpm
dd4e2d846118f1427a69a5c0f830d309 gcc-c++-3.4.6-8.i386.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
cb382c90c0d49b9a89953200e926cac7 gcc-g77-3.4.6-8.i386.rpm
e18b2ecd6bc4d629669fa9cc04c13783 gcc-gnat-3.4.6-8.i386.rpm
8b1c1291089ae1563e9aab28e355edbc gcc-java-3.4.6-8.i386.rpm
d78c21e48d809c73f135aeaa64c9b08c gcc-objc-3.4.6-8.i386.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
f49a9b6d82b9d927b671e554f38d3bb0 libgcj-devel-3.4.6-8.i386.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
x86_64:
40116339dd861a83bda482ac3ebd18fb cpp-3.4.6-8.x86_64.rpm
1b8311eac3e34d85e76a6acb5b013840 gcc-3.4.6-8.x86_64.rpm
4ee9ca08efc2baa4d3e7fe2a1961f220 gcc-c++-3.4.6-8.x86_64.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
6357989477901fc4f25459251b80a8b1 gcc-debuginfo-3.4.6-8.x86_64.rpm
4a1e4092e081518bf44dad5f815ad440 gcc-g77-3.4.6-8.x86_64.rpm
03c4e9a30379f8f84cd5211c33173556 gcc-gnat-3.4.6-8.x86_64.rpm
0c12b7b8a9c44950106afe1e5ca58799 gcc-java-3.4.6-8.x86_64.rpm
d01754b1bf8bd20188afd0b66de5b2f4 gcc-objc-3.4.6-8.x86_64.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
351534d4346969a1f2ad59e63c2208f1 libf2c-3.4.6-8.x86_64.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
5e7654868b3230e58b5bc4610f852eb1 libgcc-3.4.6-8.x86_64.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
818ba6d58164f73f3c6eb7c72ed20361 libgcj-3.4.6-8.x86_64.rpm
f4f754aeb2fa9385d72b0e0cba94c8b0 libgcj-devel-3.4.6-8.x86_64.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
cbb86751fc904d8b5e49cc96dc06715f libgnat-3.4.6-8.x86_64.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
331ca84f80b34eec096726959b67b618 libobjc-3.4.6-8.x86_64.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
4d0db429dc4a86984dad3174345446ee libstdc++-3.4.6-8.x86_64.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
e0197111269e3799af9ad3fa37b857ad libstdc++-devel-3.4.6-8.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gcc-3.4.6-8.src.rpm
8e6d5bcabca302c16b2a30048535ed95 gcc-3.4.6-8.src.rpm
i386:
e0f0b27595ba48be28632359ff165c39 cpp-3.4.6-8.i386.rpm
45c3458477b291a2697a033881df32a0 gcc-3.4.6-8.i386.rpm
dd4e2d846118f1427a69a5c0f830d309 gcc-c++-3.4.6-8.i386.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
cb382c90c0d49b9a89953200e926cac7 gcc-g77-3.4.6-8.i386.rpm
e18b2ecd6bc4d629669fa9cc04c13783 gcc-gnat-3.4.6-8.i386.rpm
8b1c1291089ae1563e9aab28e355edbc gcc-java-3.4.6-8.i386.rpm
d78c21e48d809c73f135aeaa64c9b08c gcc-objc-3.4.6-8.i386.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
f49a9b6d82b9d927b671e554f38d3bb0 libgcj-devel-3.4.6-8.i386.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
ia64:
53151d63f347253b3cadd53c0662ec14 cpp-3.4.6-8.ia64.rpm
6877e97cf5621ddc7e5d7fae8d9c6a75 gcc-3.4.6-8.ia64.rpm
22a1d15a93c7e829374571a56a9efd10 gcc-c++-3.4.6-8.ia64.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
59a46e0c30fc53d75d2de5d0605d9b9e gcc-debuginfo-3.4.6-8.ia64.rpm
ad9a10b271548981be50921b0bf6809b gcc-g77-3.4.6-8.ia64.rpm
e38028f17015901d79056a5b48deb15c gcc-gnat-3.4.6-8.ia64.rpm
4a0c397ee2a273abcde6ea23c193ec35 gcc-java-3.4.6-8.ia64.rpm
122c53a5d130d92bfd28a995ceb71ad3 gcc-objc-3.4.6-8.ia64.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
3c31efaa2abd006aff2a8f6a6af1ca6f libf2c-3.4.6-8.ia64.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
8a7350a7c6b1b039fd3b4a22793b93a5 libgcc-3.4.6-8.ia64.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
1245d9cd9b0082fc7b2c6e8443b8ea68 libgcj-3.4.6-8.ia64.rpm
1515bc758b2030e9f6aabcdc1254b790 libgcj-devel-3.4.6-8.ia64.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
c3942bb6d70dd577f7b22df4fdf27b79 libgnat-3.4.6-8.ia64.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
c85a5ba5aecf418f354c9ddede23b517 libobjc-3.4.6-8.ia64.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
0544c5cef58e795c428d0ff0a45945b1 libstdc++-3.4.6-8.ia64.rpm
5bacbaf2ec67bd447a67ce79809022ba libstdc++-devel-3.4.6-8.ia64.rpm
x86_64:
40116339dd861a83bda482ac3ebd18fb cpp-3.4.6-8.x86_64.rpm
1b8311eac3e34d85e76a6acb5b013840 gcc-3.4.6-8.x86_64.rpm
4ee9ca08efc2baa4d3e7fe2a1961f220 gcc-c++-3.4.6-8.x86_64.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
6357989477901fc4f25459251b80a8b1 gcc-debuginfo-3.4.6-8.x86_64.rpm
4a1e4092e081518bf44dad5f815ad440 gcc-g77-3.4.6-8.x86_64.rpm
03c4e9a30379f8f84cd5211c33173556 gcc-gnat-3.4.6-8.x86_64.rpm
0c12b7b8a9c44950106afe1e5ca58799 gcc-java-3.4.6-8.x86_64.rpm
d01754b1bf8bd20188afd0b66de5b2f4 gcc-objc-3.4.6-8.x86_64.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
351534d4346969a1f2ad59e63c2208f1 libf2c-3.4.6-8.x86_64.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
5e7654868b3230e58b5bc4610f852eb1 libgcc-3.4.6-8.x86_64.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
818ba6d58164f73f3c6eb7c72ed20361 libgcj-3.4.6-8.x86_64.rpm
f4f754aeb2fa9385d72b0e0cba94c8b0 libgcj-devel-3.4.6-8.x86_64.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
cbb86751fc904d8b5e49cc96dc06715f libgnat-3.4.6-8.x86_64.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
331ca84f80b34eec096726959b67b618 libobjc-3.4.6-8.x86_64.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
4d0db429dc4a86984dad3174345446ee libstdc++-3.4.6-8.x86_64.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
e0197111269e3799af9ad3fa37b857ad libstdc++-devel-3.4.6-8.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gcc-3.4.6-8.src.rpm
8e6d5bcabca302c16b2a30048535ed95 gcc-3.4.6-8.src.rpm
i386:
e0f0b27595ba48be28632359ff165c39 cpp-3.4.6-8.i386.rpm
45c3458477b291a2697a033881df32a0 gcc-3.4.6-8.i386.rpm
dd4e2d846118f1427a69a5c0f830d309 gcc-c++-3.4.6-8.i386.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
cb382c90c0d49b9a89953200e926cac7 gcc-g77-3.4.6-8.i386.rpm
e18b2ecd6bc4d629669fa9cc04c13783 gcc-gnat-3.4.6-8.i386.rpm
8b1c1291089ae1563e9aab28e355edbc gcc-java-3.4.6-8.i386.rpm
d78c21e48d809c73f135aeaa64c9b08c gcc-objc-3.4.6-8.i386.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
f49a9b6d82b9d927b671e554f38d3bb0 libgcj-devel-3.4.6-8.i386.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
ia64:
53151d63f347253b3cadd53c0662ec14 cpp-3.4.6-8.ia64.rpm
6877e97cf5621ddc7e5d7fae8d9c6a75 gcc-3.4.6-8.ia64.rpm
22a1d15a93c7e829374571a56a9efd10 gcc-c++-3.4.6-8.ia64.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
59a46e0c30fc53d75d2de5d0605d9b9e gcc-debuginfo-3.4.6-8.ia64.rpm
ad9a10b271548981be50921b0bf6809b gcc-g77-3.4.6-8.ia64.rpm
e38028f17015901d79056a5b48deb15c gcc-gnat-3.4.6-8.ia64.rpm
4a0c397ee2a273abcde6ea23c193ec35 gcc-java-3.4.6-8.ia64.rpm
122c53a5d130d92bfd28a995ceb71ad3 gcc-objc-3.4.6-8.ia64.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
3c31efaa2abd006aff2a8f6a6af1ca6f libf2c-3.4.6-8.ia64.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
8a7350a7c6b1b039fd3b4a22793b93a5 libgcc-3.4.6-8.ia64.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
1245d9cd9b0082fc7b2c6e8443b8ea68 libgcj-3.4.6-8.ia64.rpm
1515bc758b2030e9f6aabcdc1254b790 libgcj-devel-3.4.6-8.ia64.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
c3942bb6d70dd577f7b22df4fdf27b79 libgnat-3.4.6-8.ia64.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
c85a5ba5aecf418f354c9ddede23b517 libobjc-3.4.6-8.ia64.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
0544c5cef58e795c428d0ff0a45945b1 libstdc++-3.4.6-8.ia64.rpm
5bacbaf2ec67bd447a67ce79809022ba libstdc++-devel-3.4.6-8.ia64.rpm
x86_64:
40116339dd861a83bda482ac3ebd18fb cpp-3.4.6-8.x86_64.rpm
1b8311eac3e34d85e76a6acb5b013840 gcc-3.4.6-8.x86_64.rpm
4ee9ca08efc2baa4d3e7fe2a1961f220 gcc-c++-3.4.6-8.x86_64.rpm
743f630cc3ad20bd6b9d30605cd9e366 gcc-debuginfo-3.4.6-8.i386.rpm
6357989477901fc4f25459251b80a8b1 gcc-debuginfo-3.4.6-8.x86_64.rpm
4a1e4092e081518bf44dad5f815ad440 gcc-g77-3.4.6-8.x86_64.rpm
03c4e9a30379f8f84cd5211c33173556 gcc-gnat-3.4.6-8.x86_64.rpm
0c12b7b8a9c44950106afe1e5ca58799 gcc-java-3.4.6-8.x86_64.rpm
d01754b1bf8bd20188afd0b66de5b2f4 gcc-objc-3.4.6-8.x86_64.rpm
b66377ce963df1924d37ce761ef7b5d9 libf2c-3.4.6-8.i386.rpm
351534d4346969a1f2ad59e63c2208f1 libf2c-3.4.6-8.x86_64.rpm
80f40c65a86bad306138fb9586e9784f libgcc-3.4.6-8.i386.rpm
5e7654868b3230e58b5bc4610f852eb1 libgcc-3.4.6-8.x86_64.rpm
93c6c13ae6935070365c716376a9175d libgcj-3.4.6-8.i386.rpm
818ba6d58164f73f3c6eb7c72ed20361 libgcj-3.4.6-8.x86_64.rpm
f4f754aeb2fa9385d72b0e0cba94c8b0 libgcj-devel-3.4.6-8.x86_64.rpm
3380ac1171da87625b4e58b0ea6bf874 libgnat-3.4.6-8.i386.rpm
cbb86751fc904d8b5e49cc96dc06715f libgnat-3.4.6-8.x86_64.rpm
1f9617dc0539352dacf37ffe0a9d2b89 libobjc-3.4.6-8.i386.rpm
331ca84f80b34eec096726959b67b618 libobjc-3.4.6-8.x86_64.rpm
97f04e3fd6cb403754d1071f3aba70b3 libstdc++-3.4.6-8.i386.rpm
4d0db429dc4a86984dad3174345446ee libstdc++-3.4.6-8.x86_64.rpm
63c52bbb40ee198b4c3b6d3d686e75ca libstdc++-devel-3.4.6-8.i386.rpm
e0197111269e3799af9ad3fa37b857ad libstdc++-devel-3.4.6-8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN33RXlSAg2UNWIIRAhUCAKCxCyfgeZ4dWsm+6HyL2GmDCZkcpwCgwe1+
qJKC10PWonyu09ep1hYTf4o=
=Xgjo
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: gdb security and bug fix update
Advisory ID: RHSA-2007:0229-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0229.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: stack buffer overflow dwarf
CVE Names: CVE-2006-4146
- - ---------------------------------------------------------------------
1. Summary:
An updated gdb package that fixes a security issue and various bugs is now
available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
GDB, the GNU debugger, allows debugging of programs written in C, C++, and
other languages by executing them in a controlled fashion and then printing
their data.
Various buffer overflows and underflows were found in the DWARF expression
computation stack in GDB. If a user loaded an executable containing
malicious debugging information into GDB, an attacker might be able to
execute arbitrary code with the privileges of the user. (CVE-2006-4146)
This updated package also addresses the following issues:
* Fixed bogus 0x0 unwind of the thread's topmost function clone(3).
* Fixed deadlock accessing invalid address; for corrupted backtraces.
* Fixed a race which occasionally left the detached processes stopped.
* Fixed 'gcore' command for 32bit debugged processes on 64bit hosts.
* Added support for TLS 'errno' for threaded programs missing its '-debuginfo' package..
* Suggest TLS 'errno' resolving by hand if no threading was found..
* Added a fix to prevent stepping into asynchronously invoked signal handlers.
* Added a fix to avoid false warning on shared objects bfd close on Itanium.
* Fixed segmentation fault on the source display by ^X 1.
* Fixed object names keyboard completion.
* Added a fix to avoid crash of 'info threads' if stale threads exist.
* Fixed a bug where shared libraries occasionally failed to load .
* Fixed handling of exec() called by a threaded debugged program.
* Fixed rebuilding requirements of the gdb package itself on multilib systems.
* Fixed source directory pathname detection for the edit command.
All users of gdb should upgrade to this updated package, which contains
backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
185337 - p errno does not work when stopped at a breakpoint
193763 - Buffer overrun in add_minsym_members
195429 - info threads crashes if zombie threads exist
202682 - print call foo where foo is in library SEGV
202689 - Cannot find user-level thread for LWP 4256: generic error
204841 - CVE-2006-4146 GDB buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gdb-6.3.0.0-1.143.el4.src.rpm
ed563ce21a2006efbc0692d66be0bc53 gdb-6.3.0.0-1.143.el4.src.rpm
i386:
9b62527f67a18e666b0b067bcdd41c80 gdb-6.3.0.0-1.143.el4.i386.rpm
bbe7e50dad259353505bcd74e7ea94d8 gdb-debuginfo-6.3.0.0-1.143.el4.i386.rpm
ia64:
9b62527f67a18e666b0b067bcdd41c80 gdb-6.3.0.0-1.143.el4.i386.rpm
529d36635ac1f649794a221566f2338f gdb-6.3.0.0-1.143.el4.ia64.rpm
bbe7e50dad259353505bcd74e7ea94d8 gdb-debuginfo-6.3.0.0-1.143.el4.i386.rpm
ce560ff1d05b9de73627f650d561b831 gdb-debuginfo-6.3.0.0-1.143.el4.ia64.rpm
ppc:
98566f98be211ce100067cd7b85d3509 gdb-6.3.0.0-1.143.el4.ppc64.rpm
5d5dc74b03dc8832476add8b850a09ed gdb-debuginfo-6.3.0.0-1.143.el4.ppc64.rpm
s390:
bc1203b4bff149f6c2ca5b69e534060b gdb-6.3.0.0-1.143.el4.s390.rpm
e5e6b66defffe1f28c471d5bd877072a gdb-debuginfo-6.3.0.0-1.143.el4.s390.rpm
s390x:
bf0e6243efc9bbe4b99c112bb018f1b3 gdb-6.3.0.0-1.143.el4.s390x.rpm
0019f56e10a21f8a97042fb32144c86a gdb-debuginfo-6.3.0.0-1.143.el4.s390x.rpm
x86_64:
1226da2eef9141ecb6c1a6f8cdd985ab gdb-6.3.0.0-1.143.el4.x86_64.rpm
665fc3e159ab7f043580b89af8900042 gdb-debuginfo-6.3.0.0-1.143.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gdb-6.3.0.0-1.143.el4.src.rpm
ed563ce21a2006efbc0692d66be0bc53 gdb-6.3.0.0-1.143.el4.src.rpm
i386:
9b62527f67a18e666b0b067bcdd41c80 gdb-6.3.0.0-1.143.el4.i386.rpm
bbe7e50dad259353505bcd74e7ea94d8 gdb-debuginfo-6.3.0.0-1.143.el4.i386.rpm
x86_64:
1226da2eef9141ecb6c1a6f8cdd985ab gdb-6.3.0.0-1.143.el4.x86_64.rpm
665fc3e159ab7f043580b89af8900042 gdb-debuginfo-6.3.0.0-1.143.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gdb-6.3.0.0-1.143.el4.src.rpm
ed563ce21a2006efbc0692d66be0bc53 gdb-6.3.0.0-1.143.el4.src.rpm
i386:
9b62527f67a18e666b0b067bcdd41c80 gdb-6.3.0.0-1.143.el4.i386.rpm
bbe7e50dad259353505bcd74e7ea94d8 gdb-debuginfo-6.3.0.0-1.143.el4.i386.rpm
ia64:
9b62527f67a18e666b0b067bcdd41c80 gdb-6.3.0.0-1.143.el4.i386.rpm
529d36635ac1f649794a221566f2338f gdb-6.3.0.0-1.143.el4.ia64.rpm
bbe7e50dad259353505bcd74e7ea94d8 gdb-debuginfo-6.3.0.0-1.143.el4.i386.rpm
ce560ff1d05b9de73627f650d561b831 gdb-debuginfo-6.3.0.0-1.143.el4.ia64.rpm
x86_64:
1226da2eef9141ecb6c1a6f8cdd985ab gdb-6.3.0.0-1.143.el4.x86_64.rpm
665fc3e159ab7f043580b89af8900042 gdb-debuginfo-6.3.0.0-1.143.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gdb-6.3.0.0-1.143.el4.src.rpm
ed563ce21a2006efbc0692d66be0bc53 gdb-6.3.0.0-1.143.el4.src.rpm
i386:
9b62527f67a18e666b0b067bcdd41c80 gdb-6.3.0.0-1.143.el4.i386.rpm
bbe7e50dad259353505bcd74e7ea94d8 gdb-debuginfo-6.3.0.0-1.143.el4.i386.rpm
ia64:
9b62527f67a18e666b0b067bcdd41c80 gdb-6.3.0.0-1.143.el4.i386.rpm
529d36635ac1f649794a221566f2338f gdb-6.3.0.0-1.143.el4.ia64.rpm
bbe7e50dad259353505bcd74e7ea94d8 gdb-debuginfo-6.3.0.0-1.143.el4.i386.rpm
ce560ff1d05b9de73627f650d561b831 gdb-debuginfo-6.3.0.0-1.143.el4.ia64.rpm
x86_64:
1226da2eef9141ecb6c1a6f8cdd985ab gdb-6.3.0.0-1.143.el4.x86_64.rpm
665fc3e159ab7f043580b89af8900042 gdb-debuginfo-6.3.0.0-1.143.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN34rXlSAg2UNWIIRAmb/AKDBHa0hjTKFqO+RxhRMzqXGae+xKgCgr9v5
Z8jHlpIxzEvLRaqmbKJeT3k=
=TNz5
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: util-linux security and bug fix update
Advisory ID: RHSA-2007:0235-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0235.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: mount fdisk login
CVE Names: CVE-2006-7108
- - ---------------------------------------------------------------------
1. Summary:
An updated util-linux package that corrects a security issue and fixes
several bugs is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The util-linux package contains a collection of basic system utilities.
A flaw was found in the way the login process handled logins which did not
require authentication. Certain processes which conduct their own
authentication could allow a remote user to bypass intended access policies
which would normally be enforced by the login process. (CVE-2006-7108)
This update also fixes the following bugs:
* The partx, addpart and delpart commands were not documented.
* The "umount -l" command did not work on hung NFS mounts with cached data.
* The mount command did not mount NFS V3 share where sec=none was specified.
* The mount command did not read filesystem LABEL from unpartitioned disks.
* The mount command did not recognize labels on VFAT filesystems.
* The fdisk command did not support 4096 sector size for the "-b" option.
* The mount man page did not list option "mand" or information about
/etc/mtab limitations.
All users of util-linux should upgrade to these updated packages, which
contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
169299 - umount -l should work on hung NFS mounts with cached data
177331 - CVE-2006-7108 login omits pam_acct_mgmt & pam_chauthtok when authentication is skipped.
187370 - Unable to mount NFS V3 share where sec=none is specified
188099 - can't mount iscsi ext3 fs by label.
197768 - man mount' does not list option 'mand'
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/util-linux-2.12a-16.EL4.25.src.rpm
b55ecbe0eac80ed7482e5e31265eb372 util-linux-2.12a-16.EL4.25.src.rpm
i386:
ff7c2ff0b317f3d23d8c86f07d101c55 util-linux-2.12a-16.EL4.25.i386.rpm
5d8435d17fd695098f82bab92b67894f util-linux-debuginfo-2.12a-16.EL4.25.i386.rpm
ia64:
111cedb53d72339a1eb57880a463f669 util-linux-2.12a-16.EL4.25.ia64.rpm
952ccc2d0f0255f9d534b45e3e4d5f56 util-linux-debuginfo-2.12a-16.EL4.25.ia64.rpm
ppc:
900880d8faadebd6216952c6eaa8ee31 util-linux-2.12a-16.EL4.25.ppc.rpm
46ed5fd2cb84f16380a5f538b2cc6d53 util-linux-debuginfo-2.12a-16.EL4.25.ppc.rpm
s390:
85ab4e837ed645340d8d31687c9c2543 util-linux-2.12a-16.EL4.25.s390.rpm
1f839d8cac1ce9eea1f33364f46ae04b util-linux-debuginfo-2.12a-16.EL4.25.s390.rpm
s390x:
051a5321c719ee77c56f218a4f360b7d util-linux-2.12a-16.EL4.25.s390x.rpm
735b7dda37760e12c3ec62eb2ff6f42e util-linux-debuginfo-2.12a-16.EL4.25.s390x.rpm
x86_64:
4566fc204cdc0b6420f71f87959b82e2 util-linux-2.12a-16.EL4.25.x86_64.rpm
4728ab213aa22b059794f61e8800c465 util-linux-debuginfo-2.12a-16.EL4.25.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/util-linux-2.12a-16.EL4.25.src.rpm
b55ecbe0eac80ed7482e5e31265eb372 util-linux-2.12a-16.EL4.25.src.rpm
i386:
ff7c2ff0b317f3d23d8c86f07d101c55 util-linux-2.12a-16.EL4.25.i386.rpm
5d8435d17fd695098f82bab92b67894f util-linux-debuginfo-2.12a-16.EL4.25.i386.rpm
x86_64:
4566fc204cdc0b6420f71f87959b82e2 util-linux-2.12a-16.EL4.25.x86_64.rpm
4728ab213aa22b059794f61e8800c465 util-linux-debuginfo-2.12a-16.EL4.25.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/util-linux-2.12a-16.EL4.25.src.rpm
b55ecbe0eac80ed7482e5e31265eb372 util-linux-2.12a-16.EL4.25.src.rpm
i386:
ff7c2ff0b317f3d23d8c86f07d101c55 util-linux-2.12a-16.EL4.25.i386.rpm
5d8435d17fd695098f82bab92b67894f util-linux-debuginfo-2.12a-16.EL4.25.i386.rpm
ia64:
111cedb53d72339a1eb57880a463f669 util-linux-2.12a-16.EL4.25.ia64.rpm
952ccc2d0f0255f9d534b45e3e4d5f56 util-linux-debuginfo-2.12a-16.EL4.25.ia64.rpm
x86_64:
4566fc204cdc0b6420f71f87959b82e2 util-linux-2.12a-16.EL4.25.x86_64.rpm
4728ab213aa22b059794f61e8800c465 util-linux-debuginfo-2.12a-16.EL4.25.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/util-linux-2.12a-16.EL4.25.src.rpm
b55ecbe0eac80ed7482e5e31265eb372 util-linux-2.12a-16.EL4.25.src.rpm
i386:
ff7c2ff0b317f3d23d8c86f07d101c55 util-linux-2.12a-16.EL4.25.i386.rpm
5d8435d17fd695098f82bab92b67894f util-linux-debuginfo-2.12a-16.EL4.25.i386.rpm
ia64:
111cedb53d72339a1eb57880a463f669 util-linux-2.12a-16.EL4.25.ia64.rpm
952ccc2d0f0255f9d534b45e3e4d5f56 util-linux-debuginfo-2.12a-16.EL4.25.ia64.rpm
x86_64:
4566fc204cdc0b6420f71f87959b82e2 util-linux-2.12a-16.EL4.25.x86_64.rpm
4728ab213aa22b059794f61e8800c465 util-linux-debuginfo-2.12a-16.EL4.25.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7108
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN34/XlSAg2UNWIIRAsRYAKCBZzphgxrf6JIz6YAktAR9h/YwyACgmRWH
NGsEmdj4N88WM8pv0rjV9Tw=
=Khfp
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: busybox security update
Advisory ID: RHSA-2007:0244-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0244.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: passwd password salt
CVE Names: CVE-2006-1058
- - ---------------------------------------------------------------------
1. Summary:
Updated busybox packages that fix a security issue are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Busybox is a single binary which includes versions of a large number of
system commands, including a shell. This package can be useful for
recovering from certain types of system failures.
BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file.
(CVE-2006-1058)
All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
187385 - CVE-2006-1058 BusyBox passwd command fails to generate password with salt
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386:
0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
ia64:
18a46f64c36e642650a9ebb363b54b0e busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581 busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm
ppc:
fc6013011a2d944a442901c8a0de1400 busybox-1.00.rc1-7.el4.ppc.rpm
db566bb18a8f8e94867a72ca6b0fcffe busybox-anaconda-1.00.rc1-7.el4.ppc.rpm
c173d1da417e684ecee543c6705839c8 busybox-debuginfo-1.00.rc1-7.el4.ppc.rpm
s390:
11d4fee314ba2cd27668ac83c3578d60 busybox-1.00.rc1-7.el4.s390.rpm
512b3cebe22667f0302529ab275f385e busybox-anaconda-1.00.rc1-7.el4.s390.rpm
0202d2b541d01c7bccfa37bd631700b5 busybox-debuginfo-1.00.rc1-7.el4.s390.rpm
s390x:
411da7f089bd7137bc8e87e16433873b busybox-1.00.rc1-7.el4.s390x.rpm
955f8e60ee02fbf5006990ed3ce8320c busybox-anaconda-1.00.rc1-7.el4.s390x.rpm
c33265d15a9affb07f42563de1748640 busybox-debuginfo-1.00.rc1-7.el4.s390x.rpm
x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386:
0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386:
0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
ia64:
18a46f64c36e642650a9ebb363b54b0e busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581 busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm
x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386:
0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
ia64:
18a46f64c36e642650a9ebb363b54b0e busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581 busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm
x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN35iXlSAg2UNWIIRAhdDAKCdL9nOOngsJy7tNEAMx3cAS5IB1QCghGjg
KaErDKXCD8/GWKlmtX6HrHk=
=QEVM
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: cpio security and bug fix update
Advisory ID: RHSA-2007:0245-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0245.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: 64bit
CVE Names: CVE-2005-4268
- - ---------------------------------------------------------------------
1. Summary:
An updated cpio package that fixes a security issue and various bugs is now
available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
GNU cpio copies files into or out of a cpio or tar archive.
A buffer overflow was found in cpio on 64-bit platforms. By tricking a
user into adding a specially crafted large file to a cpio archive, a local
attacker may be able to exploit this flaw to execute arbitrary code with
the target user's privileges. (CVE-2005-4268)
This erratum also addresses the following bugs:
* cpio did not set exit codes appropriately.
* cpio did not create a ram disk properly.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
172865 - CVE-2005-4268 cpio large filesize buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cpio-2.5-13.RHEL4.src.rpm
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
ia64:
d2c0c27a343258eba84b3b84536a28bd cpio-2.5-13.RHEL4.ia64.rpm
e305d5dd56b40477660e6b47f6c5e3db cpio-debuginfo-2.5-13.RHEL4.ia64.rpm
ppc:
a693c658d90dbc54c4eb72603cd3680c cpio-2.5-13.RHEL4.ppc.rpm
1152f5d0e1b329a3826f07db7cdf4069 cpio-debuginfo-2.5-13.RHEL4.ppc.rpm
s390:
727190b7208a1a38747d686ead2dd43d cpio-2.5-13.RHEL4.s390.rpm
6dd80d512c82c74cf11334c85a89c9c5 cpio-debuginfo-2.5-13.RHEL4.s390.rpm
s390x:
46dda77012cb216ed1e324e3fcb1025b cpio-2.5-13.RHEL4.s390x.rpm
f93d3fa1b42ddd3f5e94392bbbcdf088 cpio-debuginfo-2.5-13.RHEL4.s390x.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cpio-2.5-13.RHEL4.src.rpm
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cpio-2.5-13.RHEL4.src.rpm
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
ia64:
d2c0c27a343258eba84b3b84536a28bd cpio-2.5-13.RHEL4.ia64.rpm
e305d5dd56b40477660e6b47f6c5e3db cpio-debuginfo-2.5-13.RHEL4.ia64.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cpio-2.5-13.RHEL4.src.rpm
72e927324438473ed3de93d31b1092b8 cpio-2.5-13.RHEL4.src.rpm
i386:
34fcfdfabd7d7272ba82ae717ed681db cpio-2.5-13.RHEL4.i386.rpm
f7e679ed314b0f18dfda8dea57585722 cpio-debuginfo-2.5-13.RHEL4.i386.rpm
ia64:
d2c0c27a343258eba84b3b84536a28bd cpio-2.5-13.RHEL4.ia64.rpm
e305d5dd56b40477660e6b47f6c5e3db cpio-debuginfo-2.5-13.RHEL4.ia64.rpm
x86_64:
5d7496ce80a871ae437c9a0c51e34bdc cpio-2.5-13.RHEL4.x86_64.rpm
75c525eaecdbd397e5deb32c9aca651c cpio-debuginfo-2.5-13.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN351XlSAg2UNWIIRApzpAKCdOiSHKh8mKdOs6u8FICXIjpozqQCgqe1i
VGGPK3eyaCZ5utqGeRotFBk=
=ttkD
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: sendmail security and bug fix update
Advisory ID: RHSA-2007:0252-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0252.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: localhost.localdomain CipherList
CVE Names: CVE-2006-7176
- - ---------------------------------------------------------------------
1. Summary:
Updated sendmail packages that fix a security issue and various bugs are now
available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver
mail from one machine to another. Sendmail is not a client program, but
rather a behind-the-scenes daemon that moves email over networks or the
Internet to its final destination.
The configuration of Sendmail on Red Hat Enterprise Linux was found to not
reject the "localhost.localdomain" domain name for e-mail messages that
came from external hosts. This could have allowed remote attackers to
disguise spoofed messages (CVE-2006-7176).
This updated package also fixes the following bugs:
* Infinite loop within tls read.
* Incorrect path to selinuxenabled in initscript.
* Build artifacts from sendmail-cf package.
* Missing socketmap support.
* Add support for CipherList configuration directive.
* Path for aliases file.
* Failure of shutting down sm-client.
* Allows to specify persistent queue runners.
* Missing dnl for SMART_HOST define.
* Fixes connections stay in CLOSE_WAIT.
All users of Sendmail should upgrade to these updated packages, which
contains backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
121850 - [PATCH] infinite loop within tls_read
152282 - Incorrect path to selinuxenabled in /etc/init.d/sendmail
152955 - sendmail-cf contains rpm build artifacts
156191 - Changelog says 'Socketmap Supported' but it's not compiled in.
166744 - aliases man page specifies incorrect location of aliases file
171838 - CVE-2006-7176 sendmail allows external mail with from address xxx@localhost.localdomain
172352 - Sendmail allows SSLv2 during STARTTLS, and the CipherList config option isn't supported so you can't turn it off
200920 - shutting down sm-client fails
200921 - [PATCH] method to specify persistent queue runners?
200923 - sendmail.mc missing dnl on SMART_HOST define
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sendmail-8.13.1-3.2.el4.src.rpm
e07d0205352eb73b1011021a10522b61 sendmail-8.13.1-3.2.el4.src.rpm
i386:
54e4730bcfcb10b6e865af6886e58bf4 sendmail-8.13.1-3.2.el4.i386.rpm
7db401a5ac49f76abc7812c26652c1ea sendmail-cf-8.13.1-3.2.el4.i386.rpm
ec1f31a862f58f97338c3caa30a99fe2 sendmail-debuginfo-8.13.1-3.2.el4.i386.rpm
658721b05ad13272736f28f9e2396460 sendmail-devel-8.13.1-3.2.el4.i386.rpm
eaeba078a91bf80ea81be7ced9f14a60 sendmail-doc-8.13.1-3.2.el4.i386.rpm
ia64:
f5b2c9c308e22965dc1d6864d7b98813 sendmail-8.13.1-3.2.el4.ia64.rpm
931c1f98f30189e8a525e9d4be72c706 sendmail-cf-8.13.1-3.2.el4.ia64.rpm
574838066c532817ad7fb392179ea8ea sendmail-debuginfo-8.13.1-3.2.el4.ia64.rpm
f31db098d7450d6e4121b370d21e583e sendmail-devel-8.13.1-3.2.el4.ia64.rpm
120f9fb49dde5a1b0c9b026470feed41 sendmail-doc-8.13.1-3.2.el4.ia64.rpm
ppc:
b0fb1b772ccc0cccb81819897fb29819 sendmail-8.13.1-3.2.el4.ppc.rpm
e0a1d1a0ffceb5f78e7a7d90a28ad09f sendmail-cf-8.13.1-3.2.el4.ppc.rpm
24f3e3db714698844a47e4bcc85c7b81 sendmail-debuginfo-8.13.1-3.2.el4.ppc.rpm
90ada0195183a7e519c7a42de602587b sendmail-devel-8.13.1-3.2.el4.ppc.rpm
ae87913c88ec26fc316019a4fe060c0b sendmail-doc-8.13.1-3.2.el4.ppc.rpm
s390:
7efcf2a9513d9eb2baf9605a0790519e sendmail-8.13.1-3.2.el4.s390.rpm
38aa827a7e26e368ad029faaa63373ef sendmail-cf-8.13.1-3.2.el4.s390.rpm
b3311fd8dd20229fb163dbe3f654969f sendmail-debuginfo-8.13.1-3.2.el4.s390.rpm
03b6bd2e0a2bdbea93b953b16d988819 sendmail-devel-8.13.1-3.2.el4.s390.rpm
80d93c9d2631655a4bf839d54d1b3e78 sendmail-doc-8.13.1-3.2.el4.s390.rpm
s390x:
0089b24c8077394abc60f2e5fd7fccb1 sendmail-8.13.1-3.2.el4.s390x.rpm
d71011432c7461b8b58d3fe62307c01b sendmail-cf-8.13.1-3.2.el4.s390x.rpm
a64eb5b8d18d3a38c92d9dc71de36b65 sendmail-debuginfo-8.13.1-3.2.el4.s390x.rpm
bbfe650afd7529e1bc25ea79038a309d sendmail-devel-8.13.1-3.2.el4.s390x.rpm
2991cd74266e23d7edbc3818719640dc sendmail-doc-8.13.1-3.2.el4.s390x.rpm
x86_64:
b32d5cc7710c22895c8709a2fdb6ee6d sendmail-8.13.1-3.2.el4.x86_64.rpm
7343b19614880e430016319462dc1399 sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
120a1028613725751b99fd32776b4953 sendmail-debuginfo-8.13.1-3.2.el4.x86_64.rpm
0a1ec7e3864548765077d8c0b85f3ea6 sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
5652fa8847d14232c3e3ed21a3bab160 sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sendmail-8.13.1-3.2.el4.src.rpm
e07d0205352eb73b1011021a10522b61 sendmail-8.13.1-3.2.el4.src.rpm
i386:
54e4730bcfcb10b6e865af6886e58bf4 sendmail-8.13.1-3.2.el4.i386.rpm
7db401a5ac49f76abc7812c26652c1ea sendmail-cf-8.13.1-3.2.el4.i386.rpm
ec1f31a862f58f97338c3caa30a99fe2 sendmail-debuginfo-8.13.1-3.2.el4.i386.rpm
658721b05ad13272736f28f9e2396460 sendmail-devel-8.13.1-3.2.el4.i386.rpm
eaeba078a91bf80ea81be7ced9f14a60 sendmail-doc-8.13.1-3.2.el4.i386.rpm
x86_64:
b32d5cc7710c22895c8709a2fdb6ee6d sendmail-8.13.1-3.2.el4.x86_64.rpm
7343b19614880e430016319462dc1399 sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
120a1028613725751b99fd32776b4953 sendmail-debuginfo-8.13.1-3.2.el4.x86_64.rpm
0a1ec7e3864548765077d8c0b85f3ea6 sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
5652fa8847d14232c3e3ed21a3bab160 sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sendmail-8.13.1-3.2.el4.src.rpm
e07d0205352eb73b1011021a10522b61 sendmail-8.13.1-3.2.el4.src.rpm
i386:
54e4730bcfcb10b6e865af6886e58bf4 sendmail-8.13.1-3.2.el4.i386.rpm
7db401a5ac49f76abc7812c26652c1ea sendmail-cf-8.13.1-3.2.el4.i386.rpm
ec1f31a862f58f97338c3caa30a99fe2 sendmail-debuginfo-8.13.1-3.2.el4.i386.rpm
658721b05ad13272736f28f9e2396460 sendmail-devel-8.13.1-3.2.el4.i386.rpm
eaeba078a91bf80ea81be7ced9f14a60 sendmail-doc-8.13.1-3.2.el4.i386.rpm
ia64:
f5b2c9c308e22965dc1d6864d7b98813 sendmail-8.13.1-3.2.el4.ia64.rpm
931c1f98f30189e8a525e9d4be72c706 sendmail-cf-8.13.1-3.2.el4.ia64.rpm
574838066c532817ad7fb392179ea8ea sendmail-debuginfo-8.13.1-3.2.el4.ia64.rpm
f31db098d7450d6e4121b370d21e583e sendmail-devel-8.13.1-3.2.el4.ia64.rpm
120f9fb49dde5a1b0c9b026470feed41 sendmail-doc-8.13.1-3.2.el4.ia64.rpm
x86_64:
b32d5cc7710c22895c8709a2fdb6ee6d sendmail-8.13.1-3.2.el4.x86_64.rpm
7343b19614880e430016319462dc1399 sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
120a1028613725751b99fd32776b4953 sendmail-debuginfo-8.13.1-3.2.el4.x86_64.rpm
0a1ec7e3864548765077d8c0b85f3ea6 sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
5652fa8847d14232c3e3ed21a3bab160 sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sendmail-8.13.1-3.2.el4.src.rpm
e07d0205352eb73b1011021a10522b61 sendmail-8.13.1-3.2.el4.src.rpm
i386:
54e4730bcfcb10b6e865af6886e58bf4 sendmail-8.13.1-3.2.el4.i386.rpm
7db401a5ac49f76abc7812c26652c1ea sendmail-cf-8.13.1-3.2.el4.i386.rpm
ec1f31a862f58f97338c3caa30a99fe2 sendmail-debuginfo-8.13.1-3.2.el4.i386.rpm
658721b05ad13272736f28f9e2396460 sendmail-devel-8.13.1-3.2.el4.i386.rpm
eaeba078a91bf80ea81be7ced9f14a60 sendmail-doc-8.13.1-3.2.el4.i386.rpm
ia64:
f5b2c9c308e22965dc1d6864d7b98813 sendmail-8.13.1-3.2.el4.ia64.rpm
931c1f98f30189e8a525e9d4be72c706 sendmail-cf-8.13.1-3.2.el4.ia64.rpm
574838066c532817ad7fb392179ea8ea sendmail-debuginfo-8.13.1-3.2.el4.ia64.rpm
f31db098d7450d6e4121b370d21e583e sendmail-devel-8.13.1-3.2.el4.ia64.rpm
120f9fb49dde5a1b0c9b026470feed41 sendmail-doc-8.13.1-3.2.el4.ia64.rpm
x86_64:
b32d5cc7710c22895c8709a2fdb6ee6d sendmail-8.13.1-3.2.el4.x86_64.rpm
7343b19614880e430016319462dc1399 sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
120a1028613725751b99fd32776b4953 sendmail-debuginfo-8.13.1-3.2.el4.x86_64.rpm
0a1ec7e3864548765077d8c0b85f3ea6 sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
5652fa8847d14232c3e3ed21a3bab160 sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7176
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN36LXlSAg2UNWIIRAjveAKC0ttgu3abJRu/ZICLYyWSzF4vw7wCcC7ny
ffNmqP2G+OjdrmBW0HgeGtA=
=GJbo
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: openssh security and bug fix update
Advisory ID: RHSA-2007:0257-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0257.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: syslog buffer length IPv6 X11 forwarding
CVE Names: CVE-2005-2666
- - ---------------------------------------------------------------------
1. Summary:
Updated openssh packages that fix a security issue and various bugs are now
available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This
package includes the core files necessary for both the OpenSSH client and
server.
OpenSSH stores hostnames, IP addresses, and keys in plaintext in the
known_hosts file. A local attacker that has already compromised a user's
SSH account could use this information to generate a list of additional
targets that are likely to have the same password or key. (CVE-2005-2666)
The following bugs have also been fixed in this update:
* The ssh client could abort the running connection when the server
application generated a large output at once.
* When 'X11UseLocalhost' option was set to 'no' on systems with IPv6
networking enabled, the X11 forwarding socket listened only for IPv6
connections.
* When the privilege separation was enabled in /etc/ssh/sshd_config, some
log messages in the system log were duplicated and also had timestamps from
an incorrect timezone.
All users of openssh should upgrade to these updated packages, which
contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
162681 - CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
184357 - buffer_append_space: alloc not supported Error
193710 - [PATCH] audit patch for openssh missing #include "loginrec.h" in auth.c
201594 - sshd does not create ipv4 listen socket for X11 forwarding
203671 - additional (time skewed) log entries in /var/log/secure since U4
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssh-3.9p1-8.RHEL4.20.src.rpm
73cd43ad99e6b5eb626914bb65f11d70 openssh-3.9p1-8.RHEL4.20.src.rpm
i386:
355fb0d34d1207f6629f886f8cf3e6c4 openssh-3.9p1-8.RHEL4.20.i386.rpm
5b062f94d91ed8418c45745d8b285bd4 openssh-askpass-3.9p1-8.RHEL4.20.i386.rpm
4c13962301e5f93492fcb02b7f01a7b1 openssh-askpass-gnome-3.9p1-8.RHEL4.20.i386.rpm
029fa6c52dec14626a1e443caecc2300 openssh-clients-3.9p1-8.RHEL4.20.i386.rpm
f022d0b8cf19f1118fc7521142e7e71c openssh-debuginfo-3.9p1-8.RHEL4.20.i386.rpm
74c1c9b1293e8e46ecaf46db181d3a1b openssh-server-3.9p1-8.RHEL4.20.i386.rpm
ia64:
063a012cb911cad11e1c6e1f700e46ab openssh-3.9p1-8.RHEL4.20.ia64.rpm
67a3c8ab28bdcefe7b2fb957c933b996 openssh-askpass-3.9p1-8.RHEL4.20.ia64.rpm
ce81cfbef39e88997fd9084f04f46f26 openssh-askpass-gnome-3.9p1-8.RHEL4.20.ia64.rpm
c7bd82bac6e899e197ce59d4dc061d07 openssh-clients-3.9p1-8.RHEL4.20.ia64.rpm
8bca6d06228a0250582fbb224e14f46b openssh-debuginfo-3.9p1-8.RHEL4.20.ia64.rpm
9110321bf599bf3f29eaccaa32b7ce1d openssh-server-3.9p1-8.RHEL4.20.ia64.rpm
ppc:
cac15ade9405e8ef47939842656b6f70 openssh-3.9p1-8.RHEL4.20.ppc.rpm
783a2f6121f3a7373e5f7d7048f95ecd openssh-askpass-3.9p1-8.RHEL4.20.ppc.rpm
2571d5eb1f66180cf8eebc281d7a41bd openssh-askpass-gnome-3.9p1-8.RHEL4.20.ppc.rpm
195d880c6af6314c807fd74249bc494c openssh-clients-3.9p1-8.RHEL4.20.ppc.rpm
b8dfde972ad2d579e8ded57589cdf4f7 openssh-debuginfo-3.9p1-8.RHEL4.20.ppc.rpm
5bac6e49005be5b599254ab40e6582f1 openssh-server-3.9p1-8.RHEL4.20.ppc.rpm
s390:
7f2a4d71dde9957902770b5a8cbebb98 openssh-3.9p1-8.RHEL4.20.s390.rpm
6a768d4d2fb313e8e9536854f8980cff openssh-askpass-3.9p1-8.RHEL4.20.s390.rpm
e0eed1c1b158d2b9f4265931ddfec2df openssh-askpass-gnome-3.9p1-8.RHEL4.20.s390.rpm
d776bccdb065c52fee0820c2452e7909 openssh-clients-3.9p1-8.RHEL4.20.s390.rpm
1fcd5df3d202ceb6ddbf2decade7bd18 openssh-debuginfo-3.9p1-8.RHEL4.20.s390.rpm
05f4d043e3fd7993e041ac8af1954ffd openssh-server-3.9p1-8.RHEL4.20.s390.rpm
s390x:
ee4dd7366a973d0cc074397ab44b3d36 openssh-3.9p1-8.RHEL4.20.s390x.rpm
e521ced488fc72105e1591653855cfa0 openssh-askpass-3.9p1-8.RHEL4.20.s390x.rpm
b3099fded8c796a4b7a26fc9918f8694 openssh-askpass-gnome-3.9p1-8.RHEL4.20.s390x.rpm
7b3894c6220efb08cd42e2ba41b97c24 openssh-clients-3.9p1-8.RHEL4.20.s390x.rpm
71b619d3ae4411c7ca6f557b342165e1 openssh-debuginfo-3.9p1-8.RHEL4.20.s390x.rpm
612e6fa71dd9d0b4a0abb84af6ad0e0d openssh-server-3.9p1-8.RHEL4.20.s390x.rpm
x86_64:
61cd0299d5413094af7970856f7fffc8 openssh-3.9p1-8.RHEL4.20.x86_64.rpm
88464fef4b7393f7f081dc0c734bcd53 openssh-askpass-3.9p1-8.RHEL4.20.x86_64.rpm
198d98b530ce9fbfe6dd6b3d3b38712c openssh-askpass-gnome-3.9p1-8.RHEL4.20.x86_64.rpm
1c3c86136815400a0713187d9f55315b openssh-clients-3.9p1-8.RHEL4.20.x86_64.rpm
b242035b20927623270bb32fe531b5bd openssh-debuginfo-3.9p1-8.RHEL4.20.x86_64.rpm
e6b172814bfc7402996bf498a8f37634 openssh-server-3.9p1-8.RHEL4.20.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssh-3.9p1-8.RHEL4.20.src.rpm
73cd43ad99e6b5eb626914bb65f11d70 openssh-3.9p1-8.RHEL4.20.src.rpm
i386:
355fb0d34d1207f6629f886f8cf3e6c4 openssh-3.9p1-8.RHEL4.20.i386.rpm
5b062f94d91ed8418c45745d8b285bd4 openssh-askpass-3.9p1-8.RHEL4.20.i386.rpm
4c13962301e5f93492fcb02b7f01a7b1 openssh-askpass-gnome-3.9p1-8.RHEL4.20.i386.rpm
029fa6c52dec14626a1e443caecc2300 openssh-clients-3.9p1-8.RHEL4.20.i386.rpm
f022d0b8cf19f1118fc7521142e7e71c openssh-debuginfo-3.9p1-8.RHEL4.20.i386.rpm
74c1c9b1293e8e46ecaf46db181d3a1b openssh-server-3.9p1-8.RHEL4.20.i386.rpm
x86_64:
61cd0299d5413094af7970856f7fffc8 openssh-3.9p1-8.RHEL4.20.x86_64.rpm
88464fef4b7393f7f081dc0c734bcd53 openssh-askpass-3.9p1-8.RHEL4.20.x86_64.rpm
198d98b530ce9fbfe6dd6b3d3b38712c openssh-askpass-gnome-3.9p1-8.RHEL4.20.x86_64.rpm
1c3c86136815400a0713187d9f55315b openssh-clients-3.9p1-8.RHEL4.20.x86_64.rpm
b242035b20927623270bb32fe531b5bd openssh-debuginfo-3.9p1-8.RHEL4.20.x86_64.rpm
e6b172814bfc7402996bf498a8f37634 openssh-server-3.9p1-8.RHEL4.20.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssh-3.9p1-8.RHEL4.20.src.rpm
73cd43ad99e6b5eb626914bb65f11d70 openssh-3.9p1-8.RHEL4.20.src.rpm
i386:
355fb0d34d1207f6629f886f8cf3e6c4 openssh-3.9p1-8.RHEL4.20.i386.rpm
5b062f94d91ed8418c45745d8b285bd4 openssh-askpass-3.9p1-8.RHEL4.20.i386.rpm
4c13962301e5f93492fcb02b7f01a7b1 openssh-askpass-gnome-3.9p1-8.RHEL4.20.i386.rpm
029fa6c52dec14626a1e443caecc2300 openssh-clients-3.9p1-8.RHEL4.20.i386.rpm
f022d0b8cf19f1118fc7521142e7e71c openssh-debuginfo-3.9p1-8.RHEL4.20.i386.rpm
74c1c9b1293e8e46ecaf46db181d3a1b openssh-server-3.9p1-8.RHEL4.20.i386.rpm
ia64:
063a012cb911cad11e1c6e1f700e46ab openssh-3.9p1-8.RHEL4.20.ia64.rpm
67a3c8ab28bdcefe7b2fb957c933b996 openssh-askpass-3.9p1-8.RHEL4.20.ia64.rpm
ce81cfbef39e88997fd9084f04f46f26 openssh-askpass-gnome-3.9p1-8.RHEL4.20.ia64.rpm
c7bd82bac6e899e197ce59d4dc061d07 openssh-clients-3.9p1-8.RHEL4.20.ia64.rpm
8bca6d06228a0250582fbb224e14f46b openssh-debuginfo-3.9p1-8.RHEL4.20.ia64.rpm
9110321bf599bf3f29eaccaa32b7ce1d openssh-server-3.9p1-8.RHEL4.20.ia64.rpm
x86_64:
61cd0299d5413094af7970856f7fffc8 openssh-3.9p1-8.RHEL4.20.x86_64.rpm
88464fef4b7393f7f081dc0c734bcd53 openssh-askpass-3.9p1-8.RHEL4.20.x86_64.rpm
198d98b530ce9fbfe6dd6b3d3b38712c openssh-askpass-gnome-3.9p1-8.RHEL4.20.x86_64.rpm
1c3c86136815400a0713187d9f55315b openssh-clients-3.9p1-8.RHEL4.20.x86_64.rpm
b242035b20927623270bb32fe531b5bd openssh-debuginfo-3.9p1-8.RHEL4.20.x86_64.rpm
e6b172814bfc7402996bf498a8f37634 openssh-server-3.9p1-8.RHEL4.20.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssh-3.9p1-8.RHEL4.20.src.rpm
73cd43ad99e6b5eb626914bb65f11d70 openssh-3.9p1-8.RHEL4.20.src.rpm
i386:
355fb0d34d1207f6629f886f8cf3e6c4 openssh-3.9p1-8.RHEL4.20.i386.rpm
5b062f94d91ed8418c45745d8b285bd4 openssh-askpass-3.9p1-8.RHEL4.20.i386.rpm
4c13962301e5f93492fcb02b7f01a7b1 openssh-askpass-gnome-3.9p1-8.RHEL4.20.i386.rpm
029fa6c52dec14626a1e443caecc2300 openssh-clients-3.9p1-8.RHEL4.20.i386.rpm
f022d0b8cf19f1118fc7521142e7e71c openssh-debuginfo-3.9p1-8.RHEL4.20.i386.rpm
74c1c9b1293e8e46ecaf46db181d3a1b openssh-server-3.9p1-8.RHEL4.20.i386.rpm
ia64:
063a012cb911cad11e1c6e1f700e46ab openssh-3.9p1-8.RHEL4.20.ia64.rpm
67a3c8ab28bdcefe7b2fb957c933b996 openssh-askpass-3.9p1-8.RHEL4.20.ia64.rpm
ce81cfbef39e88997fd9084f04f46f26 openssh-askpass-gnome-3.9p1-8.RHEL4.20.ia64.rpm
c7bd82bac6e899e197ce59d4dc061d07 openssh-clients-3.9p1-8.RHEL4.20.ia64.rpm
8bca6d06228a0250582fbb224e14f46b openssh-debuginfo-3.9p1-8.RHEL4.20.ia64.rpm
9110321bf599bf3f29eaccaa32b7ce1d openssh-server-3.9p1-8.RHEL4.20.ia64.rpm
x86_64:
61cd0299d5413094af7970856f7fffc8 openssh-3.9p1-8.RHEL4.20.x86_64.rpm
88464fef4b7393f7f081dc0c734bcd53 openssh-askpass-3.9p1-8.RHEL4.20.x86_64.rpm
198d98b530ce9fbfe6dd6b3d3b38712c openssh-askpass-gnome-3.9p1-8.RHEL4.20.x86_64.rpm
1c3c86136815400a0713187d9f55315b openssh-clients-3.9p1-8.RHEL4.20.x86_64.rpm
b242035b20927623270bb32fe531b5bd openssh-debuginfo-3.9p1-8.RHEL4.20.x86_64.rpm
e6b172814bfc7402996bf498a8f37634 openssh-server-3.9p1-8.RHEL4.20.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2666
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN369XlSAg2UNWIIRAhbsAJ9LBYD/KePZGPmhqMABL+TiNcNM1wCeOsQ+
k93E2M32aMPbUmLEi3bQVSE=
=xO6S
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: shadow-utils security and bug fix update
Advisory ID: RHSA-2007:0276-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0276.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: mailbox race condition
CVE Names: CVE-2006-1174
- - ---------------------------------------------------------------------
1. Summary:
Updated shadow-utils packages that fix a security issue and various bugs
are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The shadow-utils package includes the necessary programs for converting
UNIX password files to the shadow password format, as well as programs for
managing user and group accounts.
A flaw was found in the useradd tool in shadow-utils. A new user's
mailbox, when created, could have random permissions for a short period.
This could allow a local attacker to read or modify the mailbox.
(CVE-2006-1174)
This update also fixes the following bugs:
* shadow-utils debuginfo package was empty.
* faillog was unusable on 64-bit systems. It checked every UID from 0 to
the max UID, which was an excessively large number on 64-bit systems.
* typo bug in login.defs file
All users of shadow-utils are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
176951 - shadow-utils-debuginfo is empty
177017 - faillog doesn't handle large UIDs well
188263 - typo in /etc/login.defs
193053 - CVE-2006-1174 shadow-utils mailbox creation race condition
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/shadow-utils-4.0.3-61.RHEL4.src.rpm
27a806cdce6ee1e07c7178b0f97e61f8 shadow-utils-4.0.3-61.RHEL4.src.rpm
i386:
97eb50ec2a451168eebbbfa7e2278bad shadow-utils-4.0.3-61.RHEL4.i386.rpm
7af873fec83429452328a0d99a7e9570 shadow-utils-debuginfo-4.0.3-61.RHEL4.i386.rpm
ia64:
50e10226650a72262916f9af8a0809a1 shadow-utils-4.0.3-61.RHEL4.ia64.rpm
15525b069cb021c537d4ed39489909d9 shadow-utils-debuginfo-4.0.3-61.RHEL4.ia64.rpm
ppc:
9db2a7e51c1d50c7afa7143769267127 shadow-utils-4.0.3-61.RHEL4.ppc.rpm
70005f73019bd015f9dd75fcbf3bcb0c shadow-utils-debuginfo-4.0.3-61.RHEL4.ppc.rpm
s390:
581e4671e28971d933f86b22f00b3d81 shadow-utils-4.0.3-61.RHEL4.s390.rpm
1c7e1b2fd507b0be4e46d9810d48f0a4 shadow-utils-debuginfo-4.0.3-61.RHEL4.s390.rpm
s390x:
20a2d814d215e9baf4157508cb4f2d23 shadow-utils-4.0.3-61.RHEL4.s390x.rpm
d3ae98b5923ed05ce9ef13cd26b4891a shadow-utils-debuginfo-4.0.3-61.RHEL4.s390x.rpm
x86_64:
8aaf79b408d0fd299809882843b7f3a1 shadow-utils-4.0.3-61.RHEL4.x86_64.rpm
ac20c2785b17571d3a633996e0c427fa shadow-utils-debuginfo-4.0.3-61.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/shadow-utils-4.0.3-61.RHEL4.src.rpm
27a806cdce6ee1e07c7178b0f97e61f8 shadow-utils-4.0.3-61.RHEL4.src.rpm
i386:
97eb50ec2a451168eebbbfa7e2278bad shadow-utils-4.0.3-61.RHEL4.i386.rpm
7af873fec83429452328a0d99a7e9570 shadow-utils-debuginfo-4.0.3-61.RHEL4.i386.rpm
x86_64:
8aaf79b408d0fd299809882843b7f3a1 shadow-utils-4.0.3-61.RHEL4.x86_64.rpm
ac20c2785b17571d3a633996e0c427fa shadow-utils-debuginfo-4.0.3-61.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/shadow-utils-4.0.3-61.RHEL4.src.rpm
27a806cdce6ee1e07c7178b0f97e61f8 shadow-utils-4.0.3-61.RHEL4.src.rpm
i386:
97eb50ec2a451168eebbbfa7e2278bad shadow-utils-4.0.3-61.RHEL4.i386.rpm
7af873fec83429452328a0d99a7e9570 shadow-utils-debuginfo-4.0.3-61.RHEL4.i386.rpm
ia64:
50e10226650a72262916f9af8a0809a1 shadow-utils-4.0.3-61.RHEL4.ia64.rpm
15525b069cb021c537d4ed39489909d9 shadow-utils-debuginfo-4.0.3-61.RHEL4.ia64.rpm
x86_64:
8aaf79b408d0fd299809882843b7f3a1 shadow-utils-4.0.3-61.RHEL4.x86_64.rpm
ac20c2785b17571d3a633996e0c427fa shadow-utils-debuginfo-4.0.3-61.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/shadow-utils-4.0.3-61.RHEL4.src.rpm
27a806cdce6ee1e07c7178b0f97e61f8 shadow-utils-4.0.3-61.RHEL4.src.rpm
i386:
97eb50ec2a451168eebbbfa7e2278bad shadow-utils-4.0.3-61.RHEL4.i386.rpm
7af873fec83429452328a0d99a7e9570 shadow-utils-debuginfo-4.0.3-61.RHEL4.i386.rpm
ia64:
50e10226650a72262916f9af8a0809a1 shadow-utils-4.0.3-61.RHEL4.ia64.rpm
15525b069cb021c537d4ed39489909d9 shadow-utils-debuginfo-4.0.3-61.RHEL4.ia64.rpm
x86_64:
8aaf79b408d0fd299809882843b7f3a1 shadow-utils-4.0.3-61.RHEL4.x86_64.rpm
ac20c2785b17571d3a633996e0c427fa shadow-utils-debuginfo-4.0.3-61.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN37VXlSAg2UNWIIRAjGHAKC9Z6nVK/cc76iI5l5CDOwyqgfq5QCfa324
G95Wwbh5e38pD+0nAjtuPAE=
=SWEM
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: gdm security and bug fix update
Advisory ID: RHSA-2007:0286-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0286.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: .Xauthority race condition
CVE Names: CVE-2006-1057
- - ---------------------------------------------------------------------
1. Summary:
An updated gdm package that fixes a security issue and a bug is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Gdm (the GNOME Display Manager) is a highly configurable reimplementation
of xdm, the X Display Manager. Gdm allows you to log into your system with
the X Window System running and supports running several different X
sessions on your local machine at the same time.
Marcus Meissner discovered a race condition issue in the way Gdm modifies
the permissions on the .ICEauthority file. A local attacker could exploit
this flaw to gain privileges. Due to the nature of the flaw, however, a
successful exploitation was unlikely. (CVE-2006-1057)
This erratum also includes a bug fix to correct the pam configuration for
the audit system.
All users of gdm should upgrade to this updated package, which contains
backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
159338 - gdm update for new audit system
188302 - CVE-2006-1057 GDM file permissions race condition
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gdm-2.6.0.5-7.rhel4.15.src.rpm
7c6a9e6faabcc3ee235e39ffbc302c1d gdm-2.6.0.5-7.rhel4.15.src.rpm
i386:
298d605e4ba10fb68a49aba0699d84a7 gdm-2.6.0.5-7.rhel4.15.i386.rpm
e346d2491ec0a37c6644f69b9af60711 gdm-debuginfo-2.6.0.5-7.rhel4.15.i386.rpm
ia64:
5bc9d3a15228d06ce0e2e746672af19a gdm-2.6.0.5-7.rhel4.15.ia64.rpm
daeea7f1287b3563c01f31e5a26c4853 gdm-debuginfo-2.6.0.5-7.rhel4.15.ia64.rpm
ppc:
118eba1dd505514b44ee2864d6ef53b2 gdm-2.6.0.5-7.rhel4.15.ppc.rpm
7f457dc913f59edffa1d67410dbb9664 gdm-debuginfo-2.6.0.5-7.rhel4.15.ppc.rpm
s390:
1bbe16709e32eaf9a5cdadb4aa3cd0df gdm-2.6.0.5-7.rhel4.15.s390.rpm
48aa9fc93f744458e0cb7ee92b67fd91 gdm-debuginfo-2.6.0.5-7.rhel4.15.s390.rpm
s390x:
7707a11959a00214932cf41e6c31e1d9 gdm-2.6.0.5-7.rhel4.15.s390x.rpm
27bcb099c402711332b6a2ad9932276e gdm-debuginfo-2.6.0.5-7.rhel4.15.s390x.rpm
x86_64:
56b3f1b0741daa26cca66326086765b3 gdm-2.6.0.5-7.rhel4.15.x86_64.rpm
ec14fee9396e0c36fc62a23a7a1e4db5 gdm-debuginfo-2.6.0.5-7.rhel4.15.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gdm-2.6.0.5-7.rhel4.15.src.rpm
7c6a9e6faabcc3ee235e39ffbc302c1d gdm-2.6.0.5-7.rhel4.15.src.rpm
i386:
298d605e4ba10fb68a49aba0699d84a7 gdm-2.6.0.5-7.rhel4.15.i386.rpm
e346d2491ec0a37c6644f69b9af60711 gdm-debuginfo-2.6.0.5-7.rhel4.15.i386.rpm
x86_64:
56b3f1b0741daa26cca66326086765b3 gdm-2.6.0.5-7.rhel4.15.x86_64.rpm
ec14fee9396e0c36fc62a23a7a1e4db5 gdm-debuginfo-2.6.0.5-7.rhel4.15.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gdm-2.6.0.5-7.rhel4.15.src.rpm
7c6a9e6faabcc3ee235e39ffbc302c1d gdm-2.6.0.5-7.rhel4.15.src.rpm
i386:
298d605e4ba10fb68a49aba0699d84a7 gdm-2.6.0.5-7.rhel4.15.i386.rpm
e346d2491ec0a37c6644f69b9af60711 gdm-debuginfo-2.6.0.5-7.rhel4.15.i386.rpm
ia64:
5bc9d3a15228d06ce0e2e746672af19a gdm-2.6.0.5-7.rhel4.15.ia64.rpm
daeea7f1287b3563c01f31e5a26c4853 gdm-debuginfo-2.6.0.5-7.rhel4.15.ia64.rpm
x86_64:
56b3f1b0741daa26cca66326086765b3 gdm-2.6.0.5-7.rhel4.15.x86_64.rpm
ec14fee9396e0c36fc62a23a7a1e4db5 gdm-debuginfo-2.6.0.5-7.rhel4.15.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gdm-2.6.0.5-7.rhel4.15.src.rpm
7c6a9e6faabcc3ee235e39ffbc302c1d gdm-2.6.0.5-7.rhel4.15.src.rpm
i386:
298d605e4ba10fb68a49aba0699d84a7 gdm-2.6.0.5-7.rhel4.15.i386.rpm
e346d2491ec0a37c6644f69b9af60711 gdm-debuginfo-2.6.0.5-7.rhel4.15.i386.rpm
ia64:
5bc9d3a15228d06ce0e2e746672af19a gdm-2.6.0.5-7.rhel4.15.ia64.rpm
daeea7f1287b3563c01f31e5a26c4853 gdm-debuginfo-2.6.0.5-7.rhel4.15.ia64.rpm
x86_64:
56b3f1b0741daa26cca66326086765b3 gdm-2.6.0.5-7.rhel4.15.x86_64.rpm
ec14fee9396e0c36fc62a23a7a1e4db5 gdm-debuginfo-2.6.0.5-7.rhel4.15.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1057
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN37hXlSAg2UNWIIRAjE1AKCfJbI/PJoK4BwfV+ev9bPBcJOW4QCbB4UO
RrDkHK4KcrQdxwKeE+ZidjM=
=kymu
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: openldap security update
Advisory ID: RHSA-2007:0310-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0310.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4600
- - ---------------------------------------------------------------------
1. Summary:
A updated openldap packages that fix a security flaw is now available for
Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.
A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
(CVE-2006-4600)
All users are advised to upgrade to these updated openldap packages, which
contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
205826 - CVE-2006-4600 openldap improper selfwrite access
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm
i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm
ia64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4 compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242 openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4 openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6 openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b openldap-servers-sql-2.2.13-7.4E.ia64.rpm
ppc:
d437ed52cb1c0d3861defe3dce935edb compat-openldap-2.1.30-7.4E.ppc.rpm
7b48354b2a8d879adc2ce085797a2218 compat-openldap-2.1.30-7.4E.ppc64.rpm
98821d96824cc4c4354e4aae625b0a60 openldap-2.2.13-7.4E.ppc.rpm
922e9b90bc704cc0dc579d72a2d478be openldap-2.2.13-7.4E.ppc64.rpm
e7d9d75e050437294e14c9e42d8d5f55 openldap-clients-2.2.13-7.4E.ppc.rpm
0ec5d83989b01e933099dd05d08c9d80 openldap-debuginfo-2.2.13-7.4E.ppc.rpm
117a66cc0e60ac4fae355ad3e0532635 openldap-debuginfo-2.2.13-7.4E.ppc64.rpm
295354e11427e192a92e49746c2b8800 openldap-devel-2.2.13-7.4E.ppc.rpm
14c8cc18be701894afc82b6880ace4af openldap-servers-2.2.13-7.4E.ppc.rpm
53a9c2088328b47c14319aa80d24e38a openldap-servers-sql-2.2.13-7.4E.ppc.rpm
s390:
bf383f13cf7864a820f8a926c3e98a18 compat-openldap-2.1.30-7.4E.s390.rpm
8a4788f71401843555b552a2e4633184 openldap-2.2.13-7.4E.s390.rpm
523f83037bbafc8a5738adc56e797c11 openldap-clients-2.2.13-7.4E.s390.rpm
0009f97a89c9e9645b811f881ff3855a openldap-debuginfo-2.2.13-7.4E.s390.rpm
07e54e63f580aa63a9434eeb23f5177d openldap-devel-2.2.13-7.4E.s390.rpm
3f30a3153ae36d729d2400865e0e4535 openldap-servers-2.2.13-7.4E.s390.rpm
78c1c932920f29f1d4850c291e9174a5 openldap-servers-sql-2.2.13-7.4E.s390.rpm
s390x:
bf383f13cf7864a820f8a926c3e98a18 compat-openldap-2.1.30-7.4E.s390.rpm
d50525d3e4a082c1b42d694850d85309 compat-openldap-2.1.30-7.4E.s390x.rpm
8a4788f71401843555b552a2e4633184 openldap-2.2.13-7.4E.s390.rpm
c97e87d1230100bdef87955bdbe844b2 openldap-2.2.13-7.4E.s390x.rpm
61bc7a53da94a42c3ce1b5c71abf50e1 openldap-clients-2.2.13-7.4E.s390x.rpm
0009f97a89c9e9645b811f881ff3855a openldap-debuginfo-2.2.13-7.4E.s390.rpm
4c9e64292dea0c474bf18ed213d2a704 openldap-debuginfo-2.2.13-7.4E.s390x.rpm
21dc01c8fbc94cb6952c75fbde1c07db openldap-devel-2.2.13-7.4E.s390x.rpm
4f4175522ab7e72bfb1f2998bae5ec76 openldap-servers-2.2.13-7.4E.s390x.rpm
3a45d711f7630f9e95b881ad53727eb4 openldap-servers-sql-2.2.13-7.4E.s390x.rpm
x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm
i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm
x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm
i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm
ia64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4 compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242 openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4 openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6 openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b openldap-servers-sql-2.2.13-7.4E.ia64.rpm
x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openldap-2.2.13-7.4E.src.rpm
6361da4ab6394b05ddeadc0f098a2920 openldap-2.2.13-7.4E.src.rpm
i386:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
90de80e2d54e308fab31def982778336 openldap-clients-2.2.13-7.4E.i386.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
e7b2ebb7053cd2de3b6580e60a776030 openldap-devel-2.2.13-7.4E.i386.rpm
3c5405ebd50dba9c33eab8827c7b86d7 openldap-servers-2.2.13-7.4E.i386.rpm
9f09549a4bac7a15985e5c68d0e64f93 openldap-servers-sql-2.2.13-7.4E.i386.rpm
ia64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
67c1abbff376926a8ce8a349dcadc4c4 compat-openldap-2.1.30-7.4E.ia64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
91ae8d90eadd2f44f94eea1e7f4de242 openldap-2.2.13-7.4E.ia64.rpm
8b2b1f0763d68f0ba99ae7024a1007cc openldap-clients-2.2.13-7.4E.ia64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
b764f9481a14c3b3a04c6705baa247f4 openldap-debuginfo-2.2.13-7.4E.ia64.rpm
c31c0bc8b3fb33ff5c2586e8d532a1c6 openldap-devel-2.2.13-7.4E.ia64.rpm
deef986e4e80960f184abcdfcb8b916d openldap-servers-2.2.13-7.4E.ia64.rpm
f7d8e7436f307fe825921f6e44914d5b openldap-servers-sql-2.2.13-7.4E.ia64.rpm
x86_64:
734452591616549fbf73e17b2271bd3e compat-openldap-2.1.30-7.4E.i386.rpm
0857e9c56f0e0b1a79d030095c8bacfc compat-openldap-2.1.30-7.4E.x86_64.rpm
ba9170df21f098d47d0b20f2398a0d75 openldap-2.2.13-7.4E.i386.rpm
de900974e30e11b6c377d40e4f8e39e8 openldap-2.2.13-7.4E.x86_64.rpm
959a8a1685419b90724959c823c068e1 openldap-clients-2.2.13-7.4E.x86_64.rpm
884c17ce1c3288dbcd46db1c41307bab openldap-debuginfo-2.2.13-7.4E.i386.rpm
5fc9f3152530ee8c217ef0a0daef4b93 openldap-debuginfo-2.2.13-7.4E.x86_64.rpm
8f9f3f89468bd592c97fe1287905ecda openldap-devel-2.2.13-7.4E.x86_64.rpm
112dbb50c82fcd6545b03568b62b2159 openldap-servers-2.2.13-7.4E.x86_64.rpm
469c3b1f539bca8b76b7a97856ca6ec9 openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGN37xXlSAg2UNWIIRAndJAJ93Ba3gS8cjY9+KXMJyjXSakuIBgQCeNN+i
EBikfoyOw6IDIWz4Gz/rCko=
=deuZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRjfVxCh9+71yA2DNAQKKlQQAmOKdtoTHlB/lbj0omIjQxSNkUN4OUBWv
FBhLV/EfP66d+qvEMQ4yW+Q5Y5H8A3Y8KFbNgOSnz+nnReoVcVqatrBjMCPH+IHl
R3W5j4z1VJoSTVDUtnHTumSxsuhY15wYyuGRTOOHwoWIgOxV38cDhn1eUU/u5RO5
9kNInJWq68g=
=80ZV
-----END PGP SIGNATURE-----