Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0597 -- [Win][Linux][AIX] Critical: java-1.5.0-ibm security update 8 August 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: java-1.5.0-ibm Publisher: Red Hat Operating System: Red Hat Enterprise Linux AIX Linux variants Windows Impact: Execute Arbitrary Code/Commands Inappropriate Access Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2007-3922 CVE-2007-3655 CVE-2007-3503 CVE-2007-3005 CVE-2007-3004 CVE-2007-2789 CVE-2007-2788 CVE-2007-2435 Ref: AL-2007.0071 ESB-2007.0593 ESB-2007.0491 ESB-2007.0286 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0829.html Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running the IBM JDK and JRE check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2007:0829-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0829.html Issue date: 2007-08-07 Updated on: 2007-08-07 Product: Red Hat Enterprise Linux Extras CVE Names: CVE-2007-2435 CVE-2007-2788 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3503 CVE-2007-3655 CVE-2007-3922 - - --------------------------------------------------------------------- 1. Summary: Updated java-1.5.0-ibm packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 3. Problem description: IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A security vulnerability in the Java Web Start component was discovered. An untrusted application could elevate it's privileges, allowing it to read and write local files that are accessible to the user running the Java Web Start application. (CVE-2007-2435) A buffer overflow in the Java Runtime Environment image handling code was found. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005) The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503) The Java Web Start URL parsing component contains a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655) A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922) All users of java-ibm-1.5.0 should upgrade to these updated packages, which contain IBM's 1.5.0 SR5a Java release that resolves these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 239660 - CVE-2007-2435 javaws vulnerabilities 242595 - CVE-2007-3004 Integer overflow in IBM JDK's ICC profile parser 246765 - CVE-2007-3503 HTML files generated with Javadoc are vulnerable to a XSS 248864 - CVE-2007-3655 A buffer overflow vulnerability in Java Web Start URL parsing code 249533 - CVE-2007-3922 Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions 250725 - CVE-2007-2788 Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit 250729 - CVE-2007-2789 BMP image parser vulnerability 250733 - CVE-2007-3005 Unspecified vulnerability in Sun JRE 6. RPMs required: Red Hat Enterprise Linux AS version 4 Extras: i386: f03a0b949023f7af674cb6123d8c0b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.i386.rpm 514ba2cdf984fe905023ef3137f8c694 java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.i386.rpm abf1d7c47b0269002233598509526f4f java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.i386.rpm cc42fb902725004893ef74afb34ad2ed java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.i386.rpm 48e501d6ee684fda5dc086edbf7f39d0 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.2.el4.i386.rpm 7422f1586b4aa396ae356d975c7b4d07 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.2.el4.i386.rpm f103cbcb03961bd51227162d9b43add0 java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.i386.rpm ppc: 80d25e87c9d725749ecc7c6468567f26 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.ppc.rpm eaa0a132e164dc2917eee3fb1de4fde7 java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.ppc.rpm 46df229ed548b1ea96e47ea74096dff0 java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.ppc.rpm b927c7b01a7f274fba7d8ad1947d1734 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.ppc.rpm 84524729176d121a79d61c900df08c6f java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.2.el4.ppc.rpm f89c2e4ca7de93506091a4bfe33d925e java-1.5.0-ibm-plugin-1.5.0.5-1jpp.2.el4.ppc.rpm 052566c7a7b1e5d30a143ba5330d99e2 java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.ppc.rpm s390: e3a7c49d0eef762fe0b51629b58cff5d java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.s390.rpm 0ee5a83ddc19a4b2875050754fed2e7c java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.s390.rpm 90d581f8efd18918b85604424b4e808d java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.s390.rpm 26d463ee95fc4348bf2fc84542249981 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.2.el4.s390.rpm a1f3607d5410dcd740aa7c52e96864f3 java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.s390.rpm s390x: 3825bc7bbadd3e373a7b9976e7f459f2 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.s390x.rpm 36531b05b1bf8535e9670fd2bb21c9e5 java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.s390x.rpm 0838e5b3621892896eddeb409cdf4164 java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.s390x.rpm 8e72d1ce7aecb19e65ed4cd1fd3eb6e7 java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.s390x.rpm x86_64: ad554406f3343e89a702612300fe3b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.x86_64.rpm ea0d3cce9cb1b4e58e61f8838bef44af java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.x86_64.rpm 571af0ab215861528cd04c43f2277a80 java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.x86_64.rpm c27c5adbbbcf66b718868bae7dfa71c2 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.x86_64.rpm f41a2d5ce9916b8d9c34eb13b6ed799e java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: f03a0b949023f7af674cb6123d8c0b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.i386.rpm 514ba2cdf984fe905023ef3137f8c694 java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.i386.rpm abf1d7c47b0269002233598509526f4f java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.i386.rpm cc42fb902725004893ef74afb34ad2ed java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.i386.rpm 48e501d6ee684fda5dc086edbf7f39d0 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.2.el4.i386.rpm 7422f1586b4aa396ae356d975c7b4d07 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.2.el4.i386.rpm f103cbcb03961bd51227162d9b43add0 java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.i386.rpm x86_64: ad554406f3343e89a702612300fe3b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.x86_64.rpm ea0d3cce9cb1b4e58e61f8838bef44af java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.x86_64.rpm 571af0ab215861528cd04c43f2277a80 java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.x86_64.rpm c27c5adbbbcf66b718868bae7dfa71c2 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.x86_64.rpm f41a2d5ce9916b8d9c34eb13b6ed799e java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: f03a0b949023f7af674cb6123d8c0b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.i386.rpm 514ba2cdf984fe905023ef3137f8c694 java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.i386.rpm abf1d7c47b0269002233598509526f4f java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.i386.rpm cc42fb902725004893ef74afb34ad2ed java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.i386.rpm 48e501d6ee684fda5dc086edbf7f39d0 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.2.el4.i386.rpm 7422f1586b4aa396ae356d975c7b4d07 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.2.el4.i386.rpm f103cbcb03961bd51227162d9b43add0 java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.i386.rpm x86_64: ad554406f3343e89a702612300fe3b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.x86_64.rpm ea0d3cce9cb1b4e58e61f8838bef44af java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.x86_64.rpm 571af0ab215861528cd04c43f2277a80 java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.x86_64.rpm c27c5adbbbcf66b718868bae7dfa71c2 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.x86_64.rpm f41a2d5ce9916b8d9c34eb13b6ed799e java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: f03a0b949023f7af674cb6123d8c0b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.i386.rpm 514ba2cdf984fe905023ef3137f8c694 java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.i386.rpm abf1d7c47b0269002233598509526f4f java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.i386.rpm cc42fb902725004893ef74afb34ad2ed java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.i386.rpm 48e501d6ee684fda5dc086edbf7f39d0 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.2.el4.i386.rpm 7422f1586b4aa396ae356d975c7b4d07 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.2.el4.i386.rpm f103cbcb03961bd51227162d9b43add0 java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.i386.rpm x86_64: ad554406f3343e89a702612300fe3b91 java-1.5.0-ibm-1.5.0.5-1jpp.2.el4.x86_64.rpm ea0d3cce9cb1b4e58e61f8838bef44af java-1.5.0-ibm-demo-1.5.0.5-1jpp.2.el4.x86_64.rpm 571af0ab215861528cd04c43f2277a80 java-1.5.0-ibm-devel-1.5.0.5-1jpp.2.el4.x86_64.rpm c27c5adbbbcf66b718868bae7dfa71c2 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.2.el4.x86_64.rpm f41a2d5ce9916b8d9c34eb13b6ed799e java-1.5.0-ibm-src-1.5.0.5-1jpp.2.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: cdd0cbabd95ecc48e24240ddb991d286 java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.i386.rpm 5752527094c77e5d5e9bdedc6827ff8c java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.i386.rpm 9106590bd9595ef15f7f0a64ceaf8e7d java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.i386.rpm cd23a583b39f53bd2a3450ae3adae1c1 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.0.1.el5.i386.rpm 8f85f3c0f2752a686f297ca4f7da61d8 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.0.1.el5.i386.rpm 0f4d9d82d394b0dc00655879c51f8732 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.0.1.el5.i386.rpm bac96ce8cbf810f93e2af0bcc2cc4bad java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.i386.rpm x86_64: cdd0cbabd95ecc48e24240ddb991d286 java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.i386.rpm 0a4968e760ba7272597a0bf0c42b095f java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.x86_64.rpm 5752527094c77e5d5e9bdedc6827ff8c java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.i386.rpm 698b1eb5c9cc70be15f4ee9ccd072b21 java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.x86_64.rpm 9106590bd9595ef15f7f0a64ceaf8e7d java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.i386.rpm 3a1b3589e3bf480bb3930df6202d771a java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.x86_64.rpm cd23a583b39f53bd2a3450ae3adae1c1 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.0.1.el5.i386.rpm cf3eff9be6cade6bf7a388f060540e83 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.0.1.el5.x86_64.rpm 8f85f3c0f2752a686f297ca4f7da61d8 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.0.1.el5.i386.rpm 0f4d9d82d394b0dc00655879c51f8732 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.0.1.el5.i386.rpm bac96ce8cbf810f93e2af0bcc2cc4bad java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.i386.rpm c3d7f811eb870d2ebe2b46148956a944 java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: cdd0cbabd95ecc48e24240ddb991d286 java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.i386.rpm 5752527094c77e5d5e9bdedc6827ff8c java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.i386.rpm 9106590bd9595ef15f7f0a64ceaf8e7d java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.i386.rpm cd23a583b39f53bd2a3450ae3adae1c1 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.0.1.el5.i386.rpm 8f85f3c0f2752a686f297ca4f7da61d8 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.0.1.el5.i386.rpm 0f4d9d82d394b0dc00655879c51f8732 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.0.1.el5.i386.rpm bac96ce8cbf810f93e2af0bcc2cc4bad java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.i386.rpm ppc: c6cc6cf4f57c44d121ad93272de6dc5a java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.ppc.rpm 30e5e1278aca42c926bc3e50bfb21368 java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.ppc.rpm b37db5b339256fcc55a1205beb2b5db7 java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.ppc.rpm ce4abb9ab6a81d4d42a5a5b7e36c3165 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.0.1.el5.ppc.rpm 420bad7eaeaa10e7889732694995e221 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.0.1.el5.ppc.rpm 51386ab2985df10400a16802216aa059 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.0.1.el5.ppc.rpm 2aff0d96d2f6133efba5139ac0ecbc4c java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.ppc.rpm s390x: 4013abecb9cd69ce9c93cab4dafb60f5 java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.s390.rpm 2508d126568c77b569ce85685ddb28de java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.s390x.rpm 974fa192b305764ddd4ea0bd0c343a35 java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.s390.rpm 606b47fa3eb5a0ad82ab4d95997b0884 java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.s390x.rpm 2b6dab693b4b38348de47abbd971e595 java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.s390.rpm 8922fc932b1a8bd2c0cbc5886bec1427 java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.s390x.rpm ab68a26dd60e2e6756319230f59e8b66 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.0.1.el5.s390.rpm 0741e98e9500e66113503bc5229bb139 java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.s390.rpm a069f10f50098a6de2251ac99006f030 java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.s390x.rpm x86_64: cdd0cbabd95ecc48e24240ddb991d286 java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.i386.rpm 0a4968e760ba7272597a0bf0c42b095f java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5.x86_64.rpm 5752527094c77e5d5e9bdedc6827ff8c java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.i386.rpm 698b1eb5c9cc70be15f4ee9ccd072b21 java-1.5.0-ibm-demo-1.5.0.5-1jpp.0.1.el5.x86_64.rpm 9106590bd9595ef15f7f0a64ceaf8e7d java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.i386.rpm 3a1b3589e3bf480bb3930df6202d771a java-1.5.0-ibm-devel-1.5.0.5-1jpp.0.1.el5.x86_64.rpm cd23a583b39f53bd2a3450ae3adae1c1 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.0.1.el5.i386.rpm cf3eff9be6cade6bf7a388f060540e83 java-1.5.0-ibm-javacomm-1.5.0.5-1jpp.0.1.el5.x86_64.rpm 8f85f3c0f2752a686f297ca4f7da61d8 java-1.5.0-ibm-jdbc-1.5.0.5-1jpp.0.1.el5.i386.rpm 0f4d9d82d394b0dc00655879c51f8732 java-1.5.0-ibm-plugin-1.5.0.5-1jpp.0.1.el5.i386.rpm bac96ce8cbf810f93e2af0bcc2cc4bad java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.i386.rpm c3d7f811eb870d2ebe2b46148956a944 java-1.5.0-ibm-src-1.5.0.5-1jpp.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3922 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGuMtTXlSAg2UNWIIRApaWAJ4xCq4sifHenfk0jKOs2lcnwXb09QCfbnem YAyiXJsUbPooit0vp8JK7G4= =MJUt - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRrlJMyh9+71yA2DNAQKoGAP+Ogop9DF50EuIs6Ns+TtzXwwxbIH4lw50 43/5M+mgF9q9YJ+RSh9IxEhfhQQ3Y18fTfuRZSln+8PLkWfJycuewGpyO3wVw0yt +mcnpakkWenFKZJU/nDKNXcYLAikoZOxHntvOv4c31gwgPhp3+kXpGmPfEiJBPpG oA9Ly4AeJIU= =Jig7 -----END PGP SIGNATURE-----