[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 427/05 - Three Red Hat Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 427/05 dated 03.06.05  Time: 14:49  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Three Red Hat Security Advisories:

1. RHSA-2005:416-01 - kdbg security update
      
2. RHSA-2005:480-01 - ImageMagick security update
      
3. RHSA-2005:481-01 - openssh security update
       
Detail
====== 

1. Kdbg is a K Desktop Environment (KDE) GUI for gdb, the GNU debugger.
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file.
If a program is located in a world-writable location, it is possible for a
local user to inject malicious commands.  These commands are then executed
with the permission of any user that runs Kdbg.  The Common Vulnerabilities
and Exposures project assigned the name CAN-2003-0644 to this issue.

2. ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
A denial of service bug was found in the way ImageMagick parses XWD files.
A user or program executing ImageMagick to process a malicious XWD file can
cause ImageMagick to enter an infinite loop causing a denial of service
condition. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1739 to this issue.

3. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH
replaces rlogin and rsh, and provides secure encrypted communications
between two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over a secure channel. Public
key authentication can be used for "passwordless" access to servers.




1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: kdbg security update
Advisory ID:       RHSA-2005:416-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-416.html
Issue date:        2005-06-02
Updated on:        2005-06-02
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2003-0644
- - ---------------------------------------------------------------------

1. Summary:

An updated kdbg package that fixes a minor security issue is now available
for Red Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Kdbg is a K Desktop Environment (KDE) GUI for gdb, the GNU debugger.

Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file.
If a program is located in a world-writable location, it is possible for a
local user to inject malicious commands.  These commands are then executed
with the permission of any user that runs Kdbg.  The Common Vulnerabilities
and Exposures project assigned the name CAN-2003-0644 to this issue.

Users of Kdbg should upgrade to this updated package, which contains a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155917 - CAN-2003-0644 kdbg arbitrary command execution


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959  kdbg-1.2.1-7.src.rpm

i386:
42febfeae98126086022d45f5ac91815  kdbg-1.2.1-7.i386.rpm

ia64:
3b96bfde38afa4aa861cfce88288a32f  kdbg-1.2.1-7.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959  kdbg-1.2.1-7.src.rpm

ia64:
3b96bfde38afa4aa861cfce88288a32f  kdbg-1.2.1-7.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959  kdbg-1.2.1-7.src.rpm

i386:
42febfeae98126086022d45f5ac91815  kdbg-1.2.1-7.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959  kdbg-1.2.1-7.src.rpm

i386:
42febfeae98126086022d45f5ac91815  kdbg-1.2.1-7.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0644

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCnxjLXlSAg2UNWIIRAo/JAJsEmyXfo7uFgz6NBkAK4zmO+C4g0gCgiuuq
rHIG69y+YCYxsPVZvEbmBks=
=kgSx
- -----END PGP SIGNATURE-----


- -- 
Enterprise-watch-list mailing list
Enterprise-watch-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/enterprise-watch-list




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ImageMagick security update
Advisory ID:       RHSA-2005:480-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-480.html
Issue date:        2005-06-02
Updated on:        2005-06-02
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1739
- - ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix a denial of service issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

A denial of service bug was found in the way ImageMagick parses XWD files.
A user or program executing ImageMagick to process a malicious XWD file can
cause ImageMagick to enter an infinite loop causing a denial of service
condition. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1739 to this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

158790 - CAN-2005-1739 ImageMagick XWD denial of service


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471  ImageMagick-5.3.8-11.src.rpm

i386:
29d857ce50489007b6bedae13392e927  ImageMagick-5.3.8-11.i386.rpm
9e6f53faf20dd43f7ea4e516a388a7b1  ImageMagick-c++-5.3.8-11.i386.rpm
e8d10978dbe5572e22d95072873d2bb2  ImageMagick-c++-devel-5.3.8-11.i386.rpm
8de1d81248b114305386e8304745b3f4  ImageMagick-devel-5.3.8-11.i386.rpm
256ac3928b8dfd8c9d4468daa25ebac2  ImageMagick-perl-5.3.8-11.i386.rpm

ia64:
8fd2071f961e5875ff3f42757bac699a  ImageMagick-5.3.8-11.ia64.rpm
4185da8445f0e7a957af55f173086c98  ImageMagick-c++-5.3.8-11.ia64.rpm
2e8548851252ed751bb5dfda02d1a50f  ImageMagick-c++-devel-5.3.8-11.ia64.rpm
67b963d92f5e39bd92a6b81d90158e42  ImageMagick-devel-5.3.8-11.ia64.rpm
c61b0475efcfd3b3e3820d8fbb37cff5  ImageMagick-perl-5.3.8-11.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471  ImageMagick-5.3.8-11.src.rpm

ia64:
8fd2071f961e5875ff3f42757bac699a  ImageMagick-5.3.8-11.ia64.rpm
4185da8445f0e7a957af55f173086c98  ImageMagick-c++-5.3.8-11.ia64.rpm
2e8548851252ed751bb5dfda02d1a50f  ImageMagick-c++-devel-5.3.8-11.ia64.rpm
67b963d92f5e39bd92a6b81d90158e42  ImageMagick-devel-5.3.8-11.ia64.rpm
c61b0475efcfd3b3e3820d8fbb37cff5  ImageMagick-perl-5.3.8-11.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471  ImageMagick-5.3.8-11.src.rpm

i386:
29d857ce50489007b6bedae13392e927  ImageMagick-5.3.8-11.i386.rpm
9e6f53faf20dd43f7ea4e516a388a7b1  ImageMagick-c++-5.3.8-11.i386.rpm
e8d10978dbe5572e22d95072873d2bb2  ImageMagick-c++-devel-5.3.8-11.i386.rpm
8de1d81248b114305386e8304745b3f4  ImageMagick-devel-5.3.8-11.i386.rpm
256ac3928b8dfd8c9d4468daa25ebac2  ImageMagick-perl-5.3.8-11.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471  ImageMagick-5.3.8-11.src.rpm

i386:
29d857ce50489007b6bedae13392e927  ImageMagick-5.3.8-11.i386.rpm
9e6f53faf20dd43f7ea4e516a388a7b1  ImageMagick-c++-5.3.8-11.i386.rpm
e8d10978dbe5572e22d95072873d2bb2  ImageMagick-c++-devel-5.3.8-11.i386.rpm
8de1d81248b114305386e8304745b3f4  ImageMagick-devel-5.3.8-11.i386.rpm
256ac3928b8dfd8c9d4468daa25ebac2  ImageMagick-perl-5.3.8-11.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a  ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224  ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee  ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae  ImageMagick-perl-5.5.6-15.i386.rpm

ia64:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
9e1fb3492b2f6514ef748e82a085324e  ImageMagick-5.5.6-15.ia64.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
d53274a25d6cd84016290bf43464bbb2  ImageMagick-c++-5.5.6-15.ia64.rpm
33028fce7a907b47cec4a020ecae011a  ImageMagick-c++-devel-5.5.6-15.ia64.rpm
ec13348ceaf8471859db013954fddb31  ImageMagick-devel-5.5.6-15.ia64.rpm
aa715e8d12ef850cb4872d75b1c531b5  ImageMagick-perl-5.5.6-15.ia64.rpm

ppc:
4123cd210c940b4fd2e54efea2c77f08  ImageMagick-5.5.6-15.ppc.rpm
682bea473db9f29edc663f72aa248384  ImageMagick-5.5.6-15.ppc64.rpm
3fcf9b0c4aed0f44f6aba501aaad98dc  ImageMagick-c++-5.5.6-15.ppc.rpm
14927a82fdfc9d871c9394e7e7a7b536  ImageMagick-c++-5.5.6-15.ppc64.rpm
fca2c1b33f09b57215357cb6fea70e54  ImageMagick-c++-devel-5.5.6-15.ppc.rpm
8a77423c8a04f7620901ddd35d331735  ImageMagick-devel-5.5.6-15.ppc.rpm
49fd071ebcd94bfe8574c9b36cf43adf  ImageMagick-perl-5.5.6-15.ppc.rpm

s390:
76b91832f75673b8a497cdac91bd31e9  ImageMagick-5.5.6-15.s390.rpm
5f6dd4a035cc8179b9b012e5a0237626  ImageMagick-c++-5.5.6-15.s390.rpm
97b01bf6e66b318b7d0fa89bebb65778  ImageMagick-c++-devel-5.5.6-15.s390.rpm
0b42f1af88f0eb3b5dc3b839cb1d10f2  ImageMagick-devel-5.5.6-15.s390.rpm
cb9f08a24d35dd047b0f7d8af367db75  ImageMagick-perl-5.5.6-15.s390.rpm

s390x:
76b91832f75673b8a497cdac91bd31e9  ImageMagick-5.5.6-15.s390.rpm
563ee35a0e86ac5a63d47f592f4c799d  ImageMagick-5.5.6-15.s390x.rpm
5f6dd4a035cc8179b9b012e5a0237626  ImageMagick-c++-5.5.6-15.s390.rpm
c19dd2c5ab2a49e2503be784090f836d  ImageMagick-c++-5.5.6-15.s390x.rpm
0bd4e2b14e307a46b605f0fa5983065c  ImageMagick-c++-devel-5.5.6-15.s390x.rpm
853a1b45e0b05e47234f1fb513ddd0aa  ImageMagick-devel-5.5.6-15.s390x.rpm
715542ebf0d949292d7faa276f30268f  ImageMagick-perl-5.5.6-15.s390x.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90  ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d  ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3  ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13  ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209  ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a  ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224  ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee  ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae  ImageMagick-perl-5.5.6-15.i386.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90  ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d  ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3  ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13  ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209  ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a  ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224  ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee  ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae  ImageMagick-perl-5.5.6-15.i386.rpm

ia64:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
9e1fb3492b2f6514ef748e82a085324e  ImageMagick-5.5.6-15.ia64.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
d53274a25d6cd84016290bf43464bbb2  ImageMagick-c++-5.5.6-15.ia64.rpm
33028fce7a907b47cec4a020ecae011a  ImageMagick-c++-devel-5.5.6-15.ia64.rpm
ec13348ceaf8471859db013954fddb31  ImageMagick-devel-5.5.6-15.ia64.rpm
aa715e8d12ef850cb4872d75b1c531b5  ImageMagick-perl-5.5.6-15.ia64.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90  ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d  ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3  ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13  ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209  ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a  ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224  ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee  ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae  ImageMagick-perl-5.5.6-15.i386.rpm

ia64:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
9e1fb3492b2f6514ef748e82a085324e  ImageMagick-5.5.6-15.ia64.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
d53274a25d6cd84016290bf43464bbb2  ImageMagick-c++-5.5.6-15.ia64.rpm
33028fce7a907b47cec4a020ecae011a  ImageMagick-c++-devel-5.5.6-15.ia64.rpm
ec13348ceaf8471859db013954fddb31  ImageMagick-devel-5.5.6-15.ia64.rpm
aa715e8d12ef850cb4872d75b1c531b5  ImageMagick-perl-5.5.6-15.ia64.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849  ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90  ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72  ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d  ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3  ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13  ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209  ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb  ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1  ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1  ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0  ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171  ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d  ImageMagick-perl-6.0.7.1-12.i386.rpm

ia64:
83a28bb6abd133f44e38dc8d4ea4b7fe  ImageMagick-6.0.7.1-12.ia64.rpm
fde375f425caf2ec5af75dfe2f5bb9b1  ImageMagick-c++-6.0.7.1-12.ia64.rpm
b35fefe5b3a71078d50b6ffe9ea5c539  ImageMagick-c++-devel-6.0.7.1-12.ia64.rpm
6c6445c9e53aa34fa80805635e04b0e1  ImageMagick-devel-6.0.7.1-12.ia64.rpm
1110d8e9a6132231e0ae2507869f5304  ImageMagick-perl-6.0.7.1-12.ia64.rpm

ppc:
d189a4469dd2f90b9d35bbe60f3d083f  ImageMagick-6.0.7.1-12.ppc.rpm
715a5a06ab9af792a05c532a1f553b87  ImageMagick-c++-6.0.7.1-12.ppc.rpm
5ea378a0e882a45ef8002de48267e679  ImageMagick-c++-devel-6.0.7.1-12.ppc.rpm
6ec0e5ec15dcf1fe47039df0b82d077e  ImageMagick-devel-6.0.7.1-12.ppc.rpm
f37bef0ed88111d62b8b4d2d4af7d860  ImageMagick-perl-6.0.7.1-12.ppc.rpm

s390:
c7d2e6f1fcffacb6d96e7b57341297e5  ImageMagick-6.0.7.1-12.s390.rpm
2a1766ff8c2bccf8b5937880c5db2670  ImageMagick-c++-6.0.7.1-12.s390.rpm
e6cbe9c671906490cbeaf13d8f393deb  ImageMagick-c++-devel-6.0.7.1-12.s390.rpm
f7002ffc41bbb99132e0c86d13542988  ImageMagick-devel-6.0.7.1-12.s390.rpm
943ab37d8e1a3663499680239d55ee2b  ImageMagick-perl-6.0.7.1-12.s390.rpm

s390x:
f0edbdfc756f3a2ecbe36832e620060e  ImageMagick-6.0.7.1-12.s390x.rpm
e42f66e8f8e8d91b502f9add05e8a8b5  ImageMagick-c++-6.0.7.1-12.s390x.rpm
0a6786a71220438aecc74852f5408ab7  ImageMagick-c++-devel-6.0.7.1-12.s390x.rpm
cebe4e002919267a25893ad73f0c6c9d  ImageMagick-devel-6.0.7.1-12.s390x.rpm
fe56e7517a0ec368aa767da61b2feacc  ImageMagick-perl-6.0.7.1-12.s390x.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f  ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7  ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3  ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467  ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143  ImageMagick-perl-6.0.7.1-12.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb  ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1  ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1  ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0  ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171  ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d  ImageMagick-perl-6.0.7.1-12.i386.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f  ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7  ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3  ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467  ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143  ImageMagick-perl-6.0.7.1-12.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb  ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1  ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1  ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0  ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171  ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d  ImageMagick-perl-6.0.7.1-12.i386.rpm

ia64:
83a28bb6abd133f44e38dc8d4ea4b7fe  ImageMagick-6.0.7.1-12.ia64.rpm
fde375f425caf2ec5af75dfe2f5bb9b1  ImageMagick-c++-6.0.7.1-12.ia64.rpm
b35fefe5b3a71078d50b6ffe9ea5c539  ImageMagick-c++-devel-6.0.7.1-12.ia64.rpm
6c6445c9e53aa34fa80805635e04b0e1  ImageMagick-devel-6.0.7.1-12.ia64.rpm
1110d8e9a6132231e0ae2507869f5304  ImageMagick-perl-6.0.7.1-12.ia64.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f  ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7  ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3  ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467  ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143  ImageMagick-perl-6.0.7.1-12.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb  ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1  ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1  ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0  ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171  ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d  ImageMagick-perl-6.0.7.1-12.i386.rpm

ia64:
83a28bb6abd133f44e38dc8d4ea4b7fe  ImageMagick-6.0.7.1-12.ia64.rpm
fde375f425caf2ec5af75dfe2f5bb9b1  ImageMagick-c++-6.0.7.1-12.ia64.rpm
b35fefe5b3a71078d50b6ffe9ea5c539  ImageMagick-c++-devel-6.0.7.1-12.ia64.rpm
6c6445c9e53aa34fa80805635e04b0e1  ImageMagick-devel-6.0.7.1-12.ia64.rpm
1110d8e9a6132231e0ae2507869f5304  ImageMagick-perl-6.0.7.1-12.ia64.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f  ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7  ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3  ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467  ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143  ImageMagick-perl-6.0.7.1-12.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1739

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCnxjyXlSAg2UNWIIRAoyJAJ4xqKovVH4mkP7Hd7QH2s+1BMN9EwCgmqbP
mNb/Mso6m8hPLhjXb24uPlk=
=4YbZ
- -----END PGP SIGNATURE-----


- -- 
Enterprise-watch-list mailing list
Enterprise-watch-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/enterprise-watch-list



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: openssh security update
Advisory ID:       RHSA-2005:481-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-481.html
Issue date:        2005-06-02
Updated on:        2005-06-02
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0175
- - ---------------------------------------------------------------------

1. Summary:

Updated openssh packages that fix a potential security vulnerability and
various other bugs are now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH
replaces rlogin and rsh, and provides secure encrypted communications
between two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over a secure channel. Public
key authentication can be used for "passwordless" access to servers.

The scp protocol allows a server to instruct a client to write to arbitrary
files outside of the current directory. This could potentially cause a
security issue if a user uses scp to copy files from a malicious server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0175 to this issue.

These updated packages also correct the following bug:

On systems in which direct ssh access for the root user was disabled by
configuration (setting "PermitRootLogin no"), attempts to guess the root
password could be judged as sucessful or unsucessful by observing a delay.

Users of openssh should upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146881 - CAN-2004-0175 malicious ssh server can cause scp to write to arbitrary files
146882 - SSH allows attacker to divine root password


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0  openssh-3.1p1-18.src.rpm

i386:
f9a4ad5d4502a22246188c193300b05e  openssh-3.1p1-18.i386.rpm
f55b10b912864dd554ed4907e62da0a5  openssh-askpass-3.1p1-18.i386.rpm
eadfcea8a8dec401a5df795bec13c6cd  openssh-askpass-gnome-3.1p1-18.i386.rpm
afe0e8f5dceaa347cbde08277f17c3d2  openssh-clients-3.1p1-18.i386.rpm
b11eb4ff417d5c52e07b6dcc911cffab  openssh-server-3.1p1-18.i386.rpm

ia64:
41edd025b8c1085e0bfe7c0a3a922151  openssh-3.1p1-18.ia64.rpm
f07ea6b9c163aa0a10d9f192d60e5432  openssh-askpass-3.1p1-18.ia64.rpm
84e4947066a71f613b29320c82d2a862  openssh-askpass-gnome-3.1p1-18.ia64.rpm
09351afec720211c67a4694c848dde3d  openssh-clients-3.1p1-18.ia64.rpm
0e0035471647317e577c92c7a8445123  openssh-server-3.1p1-18.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0  openssh-3.1p1-18.src.rpm

ia64:
41edd025b8c1085e0bfe7c0a3a922151  openssh-3.1p1-18.ia64.rpm
f07ea6b9c163aa0a10d9f192d60e5432  openssh-askpass-3.1p1-18.ia64.rpm
84e4947066a71f613b29320c82d2a862  openssh-askpass-gnome-3.1p1-18.ia64.rpm
09351afec720211c67a4694c848dde3d  openssh-clients-3.1p1-18.ia64.rpm
0e0035471647317e577c92c7a8445123  openssh-server-3.1p1-18.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0  openssh-3.1p1-18.src.rpm

i386:
f9a4ad5d4502a22246188c193300b05e  openssh-3.1p1-18.i386.rpm
f55b10b912864dd554ed4907e62da0a5  openssh-askpass-3.1p1-18.i386.rpm
eadfcea8a8dec401a5df795bec13c6cd  openssh-askpass-gnome-3.1p1-18.i386.rpm
afe0e8f5dceaa347cbde08277f17c3d2  openssh-clients-3.1p1-18.i386.rpm
b11eb4ff417d5c52e07b6dcc911cffab  openssh-server-3.1p1-18.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0  openssh-3.1p1-18.src.rpm

i386:
f9a4ad5d4502a22246188c193300b05e  openssh-3.1p1-18.i386.rpm
f55b10b912864dd554ed4907e62da0a5  openssh-askpass-3.1p1-18.i386.rpm
eadfcea8a8dec401a5df795bec13c6cd  openssh-askpass-gnome-3.1p1-18.i386.rpm
afe0e8f5dceaa347cbde08277f17c3d2  openssh-clients-3.1p1-18.i386.rpm
b11eb4ff417d5c52e07b6dcc911cffab  openssh-server-3.1p1-18.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCnxkjXlSAg2UNWIIRAgDLAJkBmsJ0k+UDtERrh10mgoXibyrFMACgkyEl
U9GtcvygxNO0uKY2A2+FUQI=
=9LGM
- -----END PGP SIGNATURE-----


- -- 
Enterprise-watch-list mailing list
Enterprise-watch-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/enterprise-watch-list


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQqBfEIpao72zK539AQGE2gP9GX7ejGm5VFWWrmX5Wp0YfNsEBqGZfD13
Z5qVNzsZUgsNSimboZvgMfeYXpmoJ1kX2lvb0FLO2XvS0TC9kqg6PlSD+F5jFjL2
Ee/M6SkyYsW9tBnNui+W9ZusGwVEG7pyvZpTq9ygZTjJFu5LRALCzPHryLeB5wlc
w7kLIQXDZwM=
=Qod5
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________