[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 592/04 - Three Red Hat Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 592/04 dated 25.10.04  Time: 12:40  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Three Red Hat Security Advisories:

1. RHSA-2004:577-01 - Updated libtiff packages

2. RHSA-2004:543-01 - Updated CUPS packages fix security issues

3. Fraudulent Email and Website Purveying a Trojaned Red Hat fileutils Package



Detail
====== 

1. The libtiff package contains a library of functions for manipulating TIFF 
(Tagged Image File Format) image format files. TIFF is a widely used file 
format for bitmapped images. 
During a source code audit, Chris Evans discovered a number of integer overflow 
bugs that affect libtiff. An attacker who has the ability to trick a user into 
opening a malicious TIFF file could cause the application linked to libtiff to 
crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures 
project (cve.mitre.org) has assigned the names CAN-2004-0886 and CAN-2004-0804 to 
these issues.
Additionally, a number of buffer overflow bugs that affect libtiff have been found.  
An attacker who has the ability to trick a user into opening a malicious TIFF file 
could cause the application linked to libtiff to crash or possibly execute arbitrary 
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned 
the name CAN-2004-0803 to this issue.

2. The Common UNIX Printing System (CUPS) is a print spooler.
During a source code audit, Chris Evans discovered a number of integer overflow bugs 
that affect xpdf.  CUPS contains a copy of the xpdf code used for parsing PDF files 
and is therefore affected by these bugs.  An attacker who has the ability to send a 
malicious PDF file to a printer could cause CUPS to crash or possibly execute arbitrary 
code.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned 
the name CAN-2004-0888 to this issue.

3. The email attempts to entice the user to download a file from www.fedora-redhat.com 
(a site which is not operated by Red Hat) and perform a series of installation steps 
which result in malicious code being executed on the target system. Other reports suggest 
that this malicious code attempts to add a user and to email system information to the attacker.




1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             

                     ESB-2004.0675 -- RHSA-2004:577-01
                         Updated libtiff packages
                              25 October 2004

===========================================================================

        

Product:                libtiff
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
                        Linux variants
                        UNIX variants
Impact:                 Execute Arbitrary Code/Commands
                        Denial of Service
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0886 CAN-2004-0804 CAN-2004-0803

Ref:                    ESB-2004.0656

Original Bulletin URL:  https://rhn.redhat.com/errata/RHSA-2004-577.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated libtiff packages
Advisory ID:       RHSA-2004:577-01
Issue date:        2004-10-22
Updated on:        2004-10-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0803 CAN-2004-0886 CAN-2004-0804
- - - ---------------------------------------------------------------------

1. Summary:

Updated libtiff packages that fix various buffer and integer overflows are now 
available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat 
Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - 
i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS 
version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, 
x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise 
Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The libtiff package contains a library of functions for manipulating TIFF 
(Tagged Image File Format) image format files. TIFF is a widely used file 
format for bitmapped images. 

During a source code audit, Chris Evans discovered a number of integer overflow 
bugs that affect libtiff. An attacker who has the ability to trick a user into 
opening a malicious TIFF file could cause the application linked to libtiff to 
crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures
 project (cve.mitre.org) has assigned the names CAN-2004-0886 and CAN-2004-0804 to 
these issues.

Additionally, a number of buffer overflow bugs that affect libtiff have been found.  
An attacker who has the ability to trick a user into opening a malicious TIFF file 
could cause the application linked to libtiff to crash or possibly execute arbitrary 
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned 
the name CAN-2004-0803 to this issue.

All users are advised to upgrade to these errata packages, which contain fixes for 
these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant 
to your system have been applied.  Use Red Hat Network to download and update your 
packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page 
for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

134847 - CAN-2004-0803 buffer overflows in libtiff
134850 - CAN-2004-0886 multiple integer overflows in libtiff

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libtiff-3.5.5-17.src.rpm
81fdc07747655ddf15df50f3e091bd88  libtiff-3.5.5-17.src.rpm

i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa  libtiff-3.5.5-17.i386.rpm bed65897ba0f56dd646cfe108d16ec53  
libtiff-devel-3.5.5-17.i386.rpm

ia64:
2dd106332e7f94e7c1b68a259b697527  libtiff-3.5.5-17.ia64.rpm f55c05ad31942a5c55e05afc3f1cffac  
libtiff-devel-3.5.5-17.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libtiff-3.5.5-17.src.rpm
81fdc07747655ddf15df50f3e091bd88  libtiff-3.5.5-17.src.rpm

ia64:
2dd106332e7f94e7c1b68a259b697527  libtiff-3.5.5-17.ia64.rpm f55c05ad31942a5c55e05afc3f1cffac  
libtiff-devel-3.5.5-17.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libtiff-3.5.5-17.src.rpm
81fdc07747655ddf15df50f3e091bd88  libtiff-3.5.5-17.src.rpm

i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa  libtiff-3.5.5-17.i386.rpm bed65897ba0f56dd646cfe108d16ec53  
libtiff-devel-3.5.5-17.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libtiff-3.5.5-17.src.rpm
81fdc07747655ddf15df50f3e091bd88  libtiff-3.5.5-17.src.rpm

i386:
3c3cfb6ea1d426f7dfaf3eba049b01fa  libtiff-3.5.5-17.i386.rpm bed65897ba0f56dd646cfe108d16ec53  
libtiff-devel-3.5.5-17.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm
63d28c10b3bd0c697395b236c675fc79  libtiff-3.5.7-20.1.src.rpm

i386:
818848dcbf461a6f37790579d8c80f0f  libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051  
libtiff-devel-3.5.7-20.1.i386.rpm

ia64:
223bd77614b274ea88e82cc2b7179fc5  libtiff-3.5.7-20.1.ia64.rpm 818848dcbf461a6f37790579d8c80f0f  
libtiff-3.5.7-20.1.i386.rpm f28363290fa144bdc459ff3804cdf5aa  libtiff-devel-3.5.7-20.1.ia64.rpm

ppc:
10659dd13f97307f8066a4807f941264  libtiff-3.5.7-20.1.ppc.rpm b439935cb94f59e804e51ec43bf1f990  
libtiff-3.5.7-20.1.ppc64.rpm baf93839e20c42f0a60690a19eabd883  libtiff-devel-3.5.7-20.1.ppc.rpm

s390:
1455a42e3976cae523bf87e3708ff35e  libtiff-3.5.7-20.1.s390.rpm 8a4ba4c7c08f3c7774b1596ff10ba15a  
libtiff-devel-3.5.7-20.1.s390.rpm

s390x:
a3be3779774c347e96d761cbd97ff898  libtiff-3.5.7-20.1.s390x.rpm 1455a42e3976cae523bf87e3708ff35e  
libtiff-3.5.7-20.1.s390.rpm bc686fba5bea3978cdfaa99134615e77  libtiff-devel-3.5.7-20.1.s390x.rpm

x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c  libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f  
libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68  libtiff-devel-3.5.7-20.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm
63d28c10b3bd0c697395b236c675fc79  libtiff-3.5.7-20.1.src.rpm

i386:
818848dcbf461a6f37790579d8c80f0f  libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051  
libtiff-devel-3.5.7-20.1.i386.rpm

x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c  libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f  
libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68  libtiff-devel-3.5.7-20.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm
63d28c10b3bd0c697395b236c675fc79  libtiff-3.5.7-20.1.src.rpm

i386:
818848dcbf461a6f37790579d8c80f0f  libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051  
libtiff-devel-3.5.7-20.1.i386.rpm

ia64:
223bd77614b274ea88e82cc2b7179fc5  libtiff-3.5.7-20.1.ia64.rpm 818848dcbf461a6f37790579d8c80f0f  
libtiff-3.5.7-20.1.i386.rpm f28363290fa144bdc459ff3804cdf5aa  libtiff-devel-3.5.7-20.1.ia64.rpm

x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c  libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f  
libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68  libtiff-devel-3.5.7-20.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm
63d28c10b3bd0c697395b236c675fc79  libtiff-3.5.7-20.1.src.rpm

i386:
818848dcbf461a6f37790579d8c80f0f  libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051  
libtiff-devel-3.5.7-20.1.i386.rpm

ia64:
223bd77614b274ea88e82cc2b7179fc5  libtiff-3.5.7-20.1.ia64.rpm 818848dcbf461a6f37790579d8c80f0f  
libtiff-3.5.7-20.1.i386.rpm f28363290fa144bdc459ff3804cdf5aa  libtiff-devel-3.5.7-20.1.ia64.rpm

x86_64:
47246fe4da56c5bd5c75c35a50d7ad7c  libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f  
libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68  libtiff-devel-3.5.7-20.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBeSOyXlSAg2UNWIIRAmEZAJ9zoy5yAHcQaN702g07b68BnKTVKQCfXtU/
XAstdvkT337/IlEh6vd4RGA=
=P/Az
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQXxluyh9+71yA2DNAQK1YQP/a4Pmi5AKclzZJOwq+DcV46Ob52AZePCL
eTk11kc2ncj79hQda7qGLp8IPhYvZ4zL1abniBZ/xOYgBra0OkW7IX3qFIctc+En
wR7Q2vfKuyOTQOfX0WH5aY/6UAEznkn720aYqUtMjR3Tpk0oE6HhBDE3JAN1nW8e
3NwEhOE+gvE=
=Ba2S
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
            
                     ESB-2004.0674 -- RHSA-2004:543-01
                 Updated CUPS packages fix security issues
                              25 October 2004

===========================================================================

        

Product:                CUPS
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
                        Access Confidential Data
                        Denial of Service
Access:                 Remote/Unauthenticated
                        Existing Account
CVE Names:              CAN-2004-0923 CAN-2004-0888

Ref:                    ESB-2004.0670
                        ESB-2004.0655

Original Bulletin URL:  https://rhn.redhat.com/errata/RHSA-2004-543.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated CUPS packages fix security issues
Advisory ID:       RHSA-2004:543-01
Issue date:        2004-10-22
Updated on:        2004-10-22
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2004:449
CVE Names:         CAN-2004-0888 CAN-2004-0923
- - - ---------------------------------------------------------------------

1. Summary:

Updated cups packages that fix denial of service issues, a security information 
leak, as well as other various bugs are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 
Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, 
ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) is a print spooler.

During a source code audit, Chris Evans discovered a number of integer overflow 
bugs that affect xpdf.  CUPS contains a copy of the xpdf code used for parsing 
PDF files and is therefore affected by these bugs.  An attacker who has the 
ability to send a malicious PDF file to a printer could cause CUPS to crash 
or possibly execute arbitrary code.  The Common Vulnerabilities and Exposures 
project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.

When set up to print to a shared printer via Samba, CUPS would authenticate 
with that shared printer using a username and password.  By default, the username 
and password used to connect to the Samba share is written into the error log file.  
A local user who is able to read the error log file could collect these usernames 
and passwords.  The Common Vulnerabilities and Exposures project (cve.mitre.org) 
has assigned the name CAN-2004-0923 to this issue.

These updated packages also include a fix that prevents some CUPS configuration 
files from being accidentally replaced.

All users of CUPS should upgrade to these updated packages, which resolve these 
issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant 
to your system have been applied.  Use Red Hat Network to download and update 
your packages.  To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web 
page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

99461 - cups configuration
132034 - mime.types was updated - not copied to mime.types.rpmnew 134599 - CAN-2004-0923 
Log file information disclosure 135378 - CAN-2004-0888 xpdf issues affect cups

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm
5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade  
cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

ia64:
c8b90a470b68b58fed2e82e570f5ee92  cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225  
cups-devel-1.1.17-13.3.16.ia64.rpm
ca472cbe2195dbc118ccfbc05644da0f  cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3  
cups-libs-1.1.17-13.3.16.i386.rpm

ppc:
e6c4b39d457d9b9877fe95b6fe1dbec4  cups-1.1.17-13.3.16.ppc.rpm d7a9f13c7cc6c53322c66548ad8c76de  
cups-devel-1.1.17-13.3.16.ppc.rpm 1c0013991559da5dcdff753e0fa29fed  cups-libs-1.1.17-13.3.16.ppc.rpm

ppc64:
2d58c7b4af3581b720c315d4acc88caa  cups-libs-1.1.17-13.3.16.ppc64.rpm

s390:
3f8e4d1f0acb1e63cacb04a31d33be7e  cups-1.1.17-13.3.16.s390.rpm 9f65609293cab71c27bab23b4766e376  
cups-devel-1.1.17-13.3.16.s390.rpm
9b3323c103753b3c97ac6543f73113f1  cups-libs-1.1.17-13.3.16.s390.rpm

s390x:
9276fbed4537149de825126e43165244  cups-1.1.17-13.3.16.s390x.rpm 276335bb8d2b6b204ce69c478d708f85  
cups-devel-1.1.17-13.3.16.s390x.rpm
56bedea0c9cbabdc50d2f4a1fdf63389  cups-libs-1.1.17-13.3.16.s390x.rpm
9b3323c103753b3c97ac6543f73113f1  cups-libs-1.1.17-13.3.16.s390.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8  
cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm
5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade  
cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8  
cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm
5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade  
cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

ia64:
c8b90a470b68b58fed2e82e570f5ee92  cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225  
cups-devel-1.1.17-13.3.16.ia64.rpm
ca472cbe2195dbc118ccfbc05644da0f  cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3  
cups-libs-1.1.17-13.3.16.i386.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8  
cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm
5115ddbfb412786152b559c645008d04  cups-1.1.17-13.3.16.src.rpm

i386:
ba0ce8b3a0e6f96f65e805b18abb9710  cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade  
cups-devel-1.1.17-13.3.16.i386.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

ia64:
c8b90a470b68b58fed2e82e570f5ee92  cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225  
cups-devel-1.1.17-13.3.16.ia64.rpm
ca472cbe2195dbc118ccfbc05644da0f  cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3  
cups-libs-1.1.17-13.3.16.i386.rpm

x86_64:
2909c8b13ebabafe4f9832e571452226  cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8  
cups-devel-1.1.17-13.3.16.x86_64.rpm
d3dddda473fe262daea7770ad1c6b6b2  cups-libs-1.1.17-13.3.16.x86_64.rpm
f9c322a11ba0b571dd986dac596fe9e3  cups-libs-1.1.17-13.3.16.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBeSOnXlSAg2UNWIIRAlxAAJ9WyDOPr6em8vXIk0SXsIA9NC2MNwCgv7ws
SFXFonpckLShZW9rZb3zjaA=
=QEhf
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQXxi3Ch9+71yA2DNAQIThAP7Bba05lTgPWDLqBHyf/Xb4iTXFrrvW1H6
fICfSxHgTbYtDPtGsNo7wTVPAdSafBI1LL3AhOL0o7AtTCcfeTl1bjH+S+cg2jCb
XMx6uX2cxlzdacorx3VBfCTKy4OHWOtvYcTbK/Xg11JidQZashoVhOG9Sn+kFoCs
/Npz8tkQ03Q=
=2Uuh
- -----END PGP SIGNATURE-----


3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                                         

                       
Fraudulent Email and Website Purveying a Trojaned Red Hat fileutils Package
                              25 October 2004

===========================================================================

        

Product:                fileutils
Operating System:       Red Hat and Fedora
Impact:                 Inappropriate Access
Access:                 Remote/Unauthenticated
Original Bulletin URL:  http://www.redhat.com/security/

- - --------------------------BEGIN INCLUDED TEXT--------------------

  AusCERT has become aware of a fraudulent e-mail, purporting to be a 
  security bulletin from Red Hat. The email has the following attributes:

    From: RedHat Security Team <security@xxxxxxxxxx>
    Subject: RedHat: Buffer Overflow in "ls" and "mkdir"

  The email attempts to entice the user to download a file from 
  www.fedora-redhat.com (a site which is not operated by Red Hat) and 
  perform a series of installation steps which result in malicious code 
  being executed on the target system. Other reports suggest that this 
  malicious code attempts to add a user and to email system information 
  to the attacker.

  Red Hat have published the following update with instructions on how to 
  identify legitimate Red Hat advisories:

  http://www.redhat.com/security/

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQXyEkCh9+71yA2DNAQI9DwP+OnAvnUfrYijh625iwlfJT3tPBRvjWin6
CAE+VWCXhmu5jtJMb1cvHjk2dh2DFdWKxUVYVUntUU4xONRGwIsc71Bl5wq70AHM
J1NZOLnO9p1wDlPQPuew6y/Lc+Aq61aPmpF2um2Z34VMI8UgPOtQr7q2Cbr8OmlF
VXSxT5p7RcI=
=v8dj
- -----END PGP SIGNATURE-----





- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQXzmTIpao72zK539AQEB0gP+LsexSwPnVQZVV9nuxm8736fgE1Koz85V
NZmaBlNmd4g3aaWcGJxyi5JwbwykXam2GQ0/eDYc/ahS+uuGl8ITsGjiooc3BsBs
Gjp7W46acqox3VCxqO47nM+LC8R6hv/ezW7VZBuv/bm7PH5Z+MHuzzx/EfnCKBjS
3pSjWt/+myE=
=RP9X
-----END PGP SIGNATURE-----