[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 602/04 - Three Red Hat Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 602/04 dated 28.10.04  Time: 12:50  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Three Red Hat Security Advisories:

1. RHSA-2004:611-01 - Updated mysql-server package

2. RHSA-2004:585-01 - Updated xchat package fixes SOCKSv5 proxy security issue

3. RHSA-2004:592-01 - Updated xpdf package fixes security flaws



Detail
====== 

1. MySQL is a multi-user, multi-threaded SQL database server. A number of security 
issues that affect the mysql-server package have been reported.  Although Red Hat 
Enterprise Linux 3 does not ship with the mysql-server package, the affected package 
is available from the Red Hat Network Extras channel. 

2. X-Chat is a graphical IRC chat client for the X Window System. A stack buffer 
overflow has been fixed in the SOCKSv5 proxy code. An attacker could create a 
malicious SOCKSv5 proxy server in such a way that X-Chat would execute arbitrary 
code if a victim configured X-Chat to use the proxy.  The Common Vulnerabilities 
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0409 to this issue.

3. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files.
During a source code audit, Chris Evans and others discovered a number of integer 
overflow bugs that affected all versions of xpdf.  An attacker could construct a carefully 
crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened.  
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name 
CAN-2004-0888 to this issue

1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             
                     ESB-2004.0683 -- RHSA-2004:611-01
                       Updated mysql-server package
                              28 October 2004

===========================================================================

        

Product:                mysql-server
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
                        Inappropriate Access
                        Denial of Service
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0957 CAN-2004-0837 CAN-2004-0836
                        CAN-2004-0835

Ref:                    ESB-2004.0667
Original Bulletin URL:  https://rhn.redhat.com/errata/RHSA-2004-611.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated mysql-server package
Advisory ID:       RHSA-2004:611-01
Issue date:        2004-10-27
Updated on:        2004-10-27
Product:           Red Hat Enterprise Linux LACD
Cross references:  RHSA-2004:569
CVE Names:         CAN-2004-0835 CAN-2004-0836 CAN-2004-0837 CAN-2004-0957
- - - ---------------------------------------------------------------------

1. Summary:

An updated mysql-server package that fixes various security issues is now 
available in the Red Hat Enterprise Linux 3 Extras channel of Red Hat Network.

2. Relevant releases/architectures:

Red Hat Enterprise Linux LACD 3AS - i386, ia64, ppc, s390, s390x, x86_64 Red 
Hat Enterprise Linux LACD 3Desktop - i386, x86_64 Red Hat Enterprise Linux 
LACD 3ES - i386, ia64, x86_64 Red Hat Enterprise Linux LACD 3WS - i386, ia64, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server.

A number of security issues that affect the mysql-server package have been reported.  
Although Red Hat Enterprise Linux 3 does not ship with the mysql-server package, 
the affected package is available from the Red Hat Network Extras channel. 

Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT 
rights of the old table instead of the new one. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0835 to this issue.

Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function. In 
order to exploit this issue an attacker would need to force the use of a malicious 
DNS server (CAN-2004-0836).

Dean Ellis discovered that multiple threads ALTERing the same (or
different) MERGE tables to change the UNION could cause the server to crash or 
stall (CAN-2004-0837).

Sergei Golubchik discovered that if a user is granted privileges to a database 
with a name containing an underscore ("_"), the user also gains the ability to 
grant privileges to other databases with similar names (CAN-2004-0957).

Users of mysql-server should upgrade to these erratum packages, which correct 
these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant 
to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those RPMs 
which are currently installed will be updated.  Those RPMs which are not installed 
but included in the list will not be updated.  Note that you can also use 
wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many people 
find this an easier way to apply updates.  To use Red Hat Network, launch the 
Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs 
being upgraded on your system.m

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

135372 - CAN-2004-0835 MySQL flaws (CAN-2004-0836, CAN-2004-0837, CAN-2004-0957)

6. RPMs required:

Red Hat Enterprise Linux LACD 3AS:

i386:
87d3b9628b48bf11ba4c446f1eee2ea7  mysql-server-3.23.58-2.3.i386.rpm

ia64:
8e8ae3ba7b5ec198f59e5dace66b4bd0  mysql-server-3.23.58-2.3.ia64.rpm

ppc:
22c60b803409385945e43b254f18d066  mysql-server-3.23.58-2.3.ppc.rpm

s390:
24ef90f116cb8f7272c67b3c5ed3704a  mysql-server-3.23.58-2.3.s390.rpm

s390x:
131e3e1b237e15141928385e96ab8aad  mysql-server-3.23.58-2.3.s390x.rpm

x86_64:
b193c8e8d077a3fe10d20d090450d0db  mysql-server-3.23.58-2.3.x86_64.rpm

Red Hat Enterprise Linux LACD 3Desktop:

i386:
87d3b9628b48bf11ba4c446f1eee2ea7  mysql-server-3.23.58-2.3.i386.rpm

x86_64:
b193c8e8d077a3fe10d20d090450d0db  mysql-server-3.23.58-2.3.x86_64.rpm

Red Hat Enterprise Linux LACD 3ES:

i386:
87d3b9628b48bf11ba4c446f1eee2ea7  mysql-server-3.23.58-2.3.i386.rpm

ia64:
8e8ae3ba7b5ec198f59e5dace66b4bd0  mysql-server-3.23.58-2.3.ia64.rpm

x86_64:
b193c8e8d077a3fe10d20d090450d0db  mysql-server-3.23.58-2.3.x86_64.rpm

Red Hat Enterprise Linux LACD 3WS:

i386:
87d3b9628b48bf11ba4c446f1eee2ea7  mysql-server-3.23.58-2.3.i386.rpm

ia64:
8e8ae3ba7b5ec198f59e5dace66b4bd0  mysql-server-3.23.58-2.3.ia64.rpm

x86_64:
b193c8e8d077a3fe10d20d090450d0db  mysql-server-3.23.58-2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from 
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at 
https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBf77lXlSAg2UNWIIRAkNPAJ94S3OUrpLXTne6g1PRzTiR+d7ylACgggzZ
J/draDLDM6pD1l0eXlUQs3U=
=unWk
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQYBJWih9+71yA2DNAQJ25gQAgIY4vknz4SSZcvXK2pycWA2hOxPegL9J
owLwrWdNRs7wEKZrUFD77JewqQTbjvEqRLZoUWS5ldYctKSYka2kcIqdcxAHbkYC
LvYTxR4bfZ5HZLad+XlnEsuPt4KH4qk9e1PhjipLhowDlPomaH1DsOMn40e00OIH
DCa0EbM0TNc=
=3OeI
- -----END PGP SIGNATURE-----


2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             
                     ESB-2004.0684 -- RHSA-2004:585-01
         Updated xchat package fixes SOCKSv5 proxy security issue
                              28 October 2004

===========================================================================

        
        

Product:                xchat
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
Impact:                 Execute Arbitrary Code/Commands
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0409

Ref:                    ESB-2004.0318
Original Bulletin URL:  https://rhn.redhat.com/errata/RHSA-2004-585.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated xchat package fixes SOCKSv5 proxy security issue
Advisory ID:       RHSA-2004:585-01
Issue date:        2004-10-27
Updated on:        2004-10-27
Product:           Red Hat Enterprise Linux
Keywords:          X-Chat
CVE Names:         CAN-2004-0409
- - - ---------------------------------------------------------------------

1. Summary:

An updated xchat package that fixes a stack buffer overflow in the SOCKSv5 proxy code.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux 
Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat 
Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, 
ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat 
Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS 
version 3 - i386, ia64, x86_64

3. Problem description:

X-Chat is a graphical IRC chat client for the X Window System.

A stack buffer overflow has been fixed in the SOCKSv5 proxy code. An attacker could 
create a malicious SOCKSv5 proxy server in such a way that X-Chat would execute arbitrary 
code if a victim configured X-Chat to use the proxy.  The Common 
Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0409 to this issue.

Users of X-Chat should upgrade to this erratum package, which contains a backported 
security patch, and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant 
to your system have been applied.  Use Red Hat Network to download and update your packages.  
To launch the Red Hat Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the following Web page 
for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

135238 - CAN-2004-0409 XChat buffer overflow in socks5 proxy 121333 - CAN-2004-0409 
XChat buffer overflow in socks5 proxy

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm
6d5775b3f8aad029c4d793850ad886d7  xchat-1.8.9-1.21as.2.src.rpm

i386:
903f03b6faffb88f391484b448c3f637  xchat-1.8.9-1.21as.2.i386.rpm

ia64:
39a974df6da586d236283bff42e6bb3e  xchat-1.8.9-1.21as.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm
6d5775b3f8aad029c4d793850ad886d7  xchat-1.8.9-1.21as.2.src.rpm

ia64:
39a974df6da586d236283bff42e6bb3e  xchat-1.8.9-1.21as.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm
6d5775b3f8aad029c4d793850ad886d7  xchat-1.8.9-1.21as.2.src.rpm

i386:
903f03b6faffb88f391484b448c3f637  xchat-1.8.9-1.21as.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm
6d5775b3f8aad029c4d793850ad886d7  xchat-1.8.9-1.21as.2.src.rpm

i386:
903f03b6faffb88f391484b448c3f637  xchat-1.8.9-1.21as.2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm
24dcd2f613f5d14c1f091cdfc1fdd6ca  xchat-2.0.4-4.EL.src.rpm

i386:
431bffb1410d138f3fc7ddf98668654a  xchat-2.0.4-4.EL.i386.rpm

ia64:
ad3c4335eacf54f0d1841e07d0168a49  xchat-2.0.4-4.EL.ia64.rpm

ppc:
fd3713f4b7d731c451b7d787857c1a74  xchat-2.0.4-4.EL.ppc.rpm

s390:
696feca825d882bd23a594c6016e3fd6  xchat-2.0.4-4.EL.s390.rpm

s390x:
a6f0191edb52adea9f3ae8dfd9de217c  xchat-2.0.4-4.EL.s390x.rpm

x86_64:
7398eacb0210d9b66f16c07b389dd173  xchat-2.0.4-4.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm
24dcd2f613f5d14c1f091cdfc1fdd6ca  xchat-2.0.4-4.EL.src.rpm

i386:
431bffb1410d138f3fc7ddf98668654a  xchat-2.0.4-4.EL.i386.rpm

x86_64:
7398eacb0210d9b66f16c07b389dd173  xchat-2.0.4-4.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm
24dcd2f613f5d14c1f091cdfc1fdd6ca  xchat-2.0.4-4.EL.src.rpm

i386:
431bffb1410d138f3fc7ddf98668654a  xchat-2.0.4-4.EL.i386.rpm

ia64:
ad3c4335eacf54f0d1841e07d0168a49  xchat-2.0.4-4.EL.ia64.rpm

x86_64:
7398eacb0210d9b66f16c07b389dd173  xchat-2.0.4-4.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm
24dcd2f613f5d14c1f091cdfc1fdd6ca  xchat-2.0.4-4.EL.src.rpm

i386:
431bffb1410d138f3fc7ddf98668654a  xchat-2.0.4-4.EL.i386.rpm

ia64:
ad3c4335eacf54f0d1841e07d0168a49  xchat-2.0.4-4.EL.ia64.rpm

x86_64:
7398eacb0210d9b66f16c07b389dd173  xchat-2.0.4-4.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from 
https://www.redhat.com/security/team/key.html#package

7. References:

http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0409

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at 
https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBf8BqXlSAg2UNWIIRAh9xAKC2qncgIfUgqgBXgoqrkuahLtdmpQCfcv6t
txB9W4VYt3wzwQbxgQsHQH0=
=ODms
- - -----END PGP SIGNATURE-----


3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             
                     ESB-2004.0685 -- RHSA-2004:592-01
                 Updated xpdf package fixes security flaws
                              28 October 2004

===========================================================================

        

Product:                xpdf
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 3
                        Red Hat Desktop version 3
                        Red Hat Enterprise Linux AS/ES/WS 2.1
                        Red Hat Linux Advanced Workstation 2.1
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
                        Denial of Service
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0888

Ref:                    ESB-2004.0674
                        ESB-2004.0670

Original Bulletin URL:  https://rhn.redhat.com/errata/RHSA-2004-592.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated xpdf package fixes security flaws
Advisory ID:       RHSA-2004:592-01
Issue date:        2004-10-27
Updated on:        2004-10-27
Product:           Red Hat Enterprise Linux
Obsoletes:         RHSA-2004:197
CVE Names:         CAN-2004-0888
- - - ---------------------------------------------------------------------

1. Summary:

An updated xpdf package that fixes a number of integer overflow security flaws 
is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat 
Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 
Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS 
version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, 
x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise 
Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.

During a source code audit, Chris Evans and others discovered a number of integer 
overflow bugs that affected all versions of xpdf.  An attacker could construct a 
carefully crafted PDF file that could cause xpdf to crash or possibly execute 
arbitrary code when opened.  The Common Vulnerabilities and Exposures project 
(cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.

Users of xpdf are advised to upgrade to this errata package, which contains a 
backported patch correcting these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata 
relevant to your system have been applied.  Use Red Hat Network to download 
and update your packages.  To launch the Red Hat Update Agent, use the following 
command:

    up2date

For information on how to install packages manually, refer to the following 
Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

135393 - CAN-2004-0888 xpdf integer overflows

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpdf-0.92-13.src.rpm
eb893292a8acc37274ca39ed1c5167b7  xpdf-0.92-13.src.rpm

i386:
e7fc401fa264c14f291722cc6882bace  xpdf-0.92-13.i386.rpm

ia64:
59ff577e0a5f8690fd2f866698c18a24  xpdf-0.92-13.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xpdf-0.92-13.src.rpm
eb893292a8acc37274ca39ed1c5167b7  xpdf-0.92-13.src.rpm

ia64:
59ff577e0a5f8690fd2f866698c18a24  xpdf-0.92-13.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xpdf-0.92-13.src.rpm
eb893292a8acc37274ca39ed1c5167b7  xpdf-0.92-13.src.rpm

i386:
e7fc401fa264c14f291722cc6882bace  xpdf-0.92-13.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xpdf-0.92-13.src.rpm
eb893292a8acc37274ca39ed1c5167b7  xpdf-0.92-13.src.rpm

i386:
e7fc401fa264c14f291722cc6882bace  xpdf-0.92-13.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-9.3.src.rpm
d5e0ad682a7e83311d5588ef25984329  xpdf-2.02-9.3.src.rpm

i386:
c62ccce8752958320f429b2f0275b583  xpdf-2.02-9.3.i386.rpm

ia64:
5e54249c54111231f3e75f82dd7b7382  xpdf-2.02-9.3.ia64.rpm

ppc:
5d9553b6885a16fdf76e4e5d6124ca3d  xpdf-2.02-9.3.ppc.rpm

s390:
933965cf519099e14f691957821ed33e  xpdf-2.02-9.3.s390.rpm

s390x:
bc33104553fa2bc65484df8b0cdfc214  xpdf-2.02-9.3.s390x.rpm

x86_64:
a5a3d7385ddd6a097a28bbf61e0191c6  xpdf-2.02-9.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-9.3.src.rpm
d5e0ad682a7e83311d5588ef25984329  xpdf-2.02-9.3.src.rpm

i386:
c62ccce8752958320f429b2f0275b583  xpdf-2.02-9.3.i386.rpm

x86_64:
a5a3d7385ddd6a097a28bbf61e0191c6  xpdf-2.02-9.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-9.3.src.rpm
d5e0ad682a7e83311d5588ef25984329  xpdf-2.02-9.3.src.rpm

i386:
c62ccce8752958320f429b2f0275b583  xpdf-2.02-9.3.i386.rpm

ia64:
5e54249c54111231f3e75f82dd7b7382  xpdf-2.02-9.3.ia64.rpm

x86_64:
a5a3d7385ddd6a097a28bbf61e0191c6  xpdf-2.02-9.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-9.3.src.rpm
d5e0ad682a7e83311d5588ef25984329  xpdf-2.02-9.3.src.rpm

i386:
c62ccce8752958320f429b2f0275b583  xpdf-2.02-9.3.i386.rpm

ia64:
5e54249c54111231f3e75f82dd7b7382  xpdf-2.02-9.3.ia64.rpm

x86_64:
a5a3d7385ddd6a097a28bbf61e0191c6  xpdf-2.02-9.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from 
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact details at 
https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBf8DIXlSAg2UNWIIRAncGAJ0biFHxokhUBmgL9dOnbv6YeZ+8nQCfUHl3
cCBJdKfmyuhZwjnW71uK3Hg=
=ZONG
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQYBMZCh9+71yA2DNAQL4DAP/c8ZexjPPToM91uKuz9AmYIgv1kh8RpFz
tfV1NPuaYMQva39csXR/QU16L5gxjW0Ri8TPssivciU8AfRfCCvZlBNR9l6yFHbM
4c2HyBXSBFrZ9N/OKRbwE146b7rS4pB0G3ni3wErMcmx3Auwh7ZafqB0tJ5GD2Wy
8EL18rCNRWU=
=VLc4
- -----END PGP SIGNATURE-----


- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQYBJoCh9+71yA2DNAQKM4QP/Yx4s/jvwrk+HaLLlBasYF9X1rZYjhZyC
cBIjEebfdkP2TRnzJtxMOAtyUWB27aehXliL34iZSZSjFVxd4wTIXWurSm+9MCFN
25MubA/ngvKmwBZvm0F8YVnTRNRtQbgdL5VFHA8+qQrwGOehF5gw1GYZOuc2FjIO
bD5EIbk9+cI=
=2rB0
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQYDc14pao72zK539AQG+IAQAq1vg8UDmFTdGyR+SAXWrB0wcZjWkf9i6
8S0p7uMQ0W/IxxrtA+h/J25gxmrO0fVVTKxPP2oRurX/a5CkrnBJtmFVsandCV9I
OsnloDjcf1V5I1qBNJwPfoXbkKa2j4EbgqFdonn2CqnRta3dOVm/5Tjsq1UTHqdP
KYc4L/nSuJk=
=p/Qz
-----END PGP SIGNATURE-----