[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 447/05 - Red Hat - Eight Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 447/05 dated 13.06.05  Time: 15:40  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Red Hat - Eight Security Advisories:
     1.  Low: gzip security update           [RHSA-2005:357-01]
     2.  Moderate: gftp security update      [RHSA-2005:410-01]
     3.  Low: squid security update          [RHSA-2005:489-01]
     4.  Low: rsh security update            [RHSA-2005:495-01]
     5.  Moderate: gedit security update     [RHSA-2005:499-01]
     6.  Moderate: sysreport security update [RHSA-2005:502-01]
     7.  Low: tcpdump security update        [RHSA-2005:505-01]
     8.  Low: mikmod security update         [RHSA-2005:506-01]


Detail
====== 

Security Advisory summaries:

     1.  A bug was found in the way zgrep processes file names.  A bug was found 
         in the way gunzip modifies permissions of files being decompressed.  A 
         directory traversal bug was found in the way gunzip processes the -N flag.

     2.  A directory traversal bug was found in gFTP. If a user can be tricked into
         downloading a file from a malicious ftp server, it is possible to overwrite
         arbitrary files owned by the victim.

     3.  A bug was found in the way Squid handles PUT and POST requests.  A bug was 
         found in the way Squid handles access to the cachemgr.cgi script.  A bug 
         was found in the way Squid handles DNS replies.

     4.  The rsh package contains a set of programs that allow users to run
         commands on remote machines, login to other machines, and copy files
         between machines, using the rsh, rlogin, and rcp commands. The rcp protocol 
         allows a server to instruct a client to write to arbitrary files outside of 
         the current directory.

     5.  A file name format string vulnerability has been discovered in gEdit. It is
         possible for an attacker to create a file with a carefully crafted name
         which, when the file is opened, executes arbitrary instructions on a
         victim's machine.

     6.  When run by the root user, sysreport includes the contents of the
         /etc/sysconfig/rhn/up2date configuration file.  If up2date has been
         configured to connect to a proxy server that requires an authentication
         password, that password is included in plain text in the system report. 

     7.  A denial of service bug was found in tcpdump during the processing of
         certain network packets. It is possible for an attacker to inject a
         carefully crafted packet onto the network, crashing a running tcpdump
         session.

     8.  A buffer overflow bug was found in mikmod during the processing of archive
         filenames. An attacker could create a malicious archive that when opened by
         mikmod could result in arbitrary code execution.



Security Advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: gzip security update
Advisory ID:       RHSA-2005:357-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-357.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0758 CAN-2005-0988 CAN-2005-1228
- - ---------------------------------------------------------------------

1. Summary:

An updated gzip package is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The gzip package contains the GNU gzip data compression program.

A bug was found in the way zgrep processes file names. If a user can be
tricked into running zgrep on a file with a carefully crafted file name,
arbitrary commands could be executed as the user running zgrep. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0758 to this issue.

A bug was found in the way gunzip modifies permissions of files being
decompressed. A local attacker with write permissions in the directory in
which a victim is decompressing a file could remove the file being written
and replace it with a hard link to a different file owned by the victim. 
gunzip then gives the linked file the permissions of the uncompressed file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0988 to this issue.

A directory traversal bug was found in the way gunzip processes the -N
flag. If a victim decompresses a file with the -N flag, gunzip fails to
sanitize the path which could result in a file owned by the victim being
overwritten. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1228 to this issue.

Users of gzip should upgrade to this updated package, which contains
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

121514 - CAN-2005-0758 zgrep has security issue in sed usage
155745 - CAN-2005-0988 Race condition in gzip
156266 - CAN-2005-1228 directory traversal bug


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gzip-1.3-18.rhel2.src.rpm
050bb94660b780e46c007801901d1f48  gzip-1.3-18.rhel2.src.rpm

i386:
a9c2aeef541764f49a88ecac9c3d9df3  gzip-1.3-18.rhel2.i386.rpm

ia64:
21a0525f3e99b47785846b68f7a12e14  gzip-1.3-18.rhel2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gzip-1.3-18.rhel2.src.rpm
050bb94660b780e46c007801901d1f48  gzip-1.3-18.rhel2.src.rpm

ia64:
21a0525f3e99b47785846b68f7a12e14  gzip-1.3-18.rhel2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gzip-1.3-18.rhel2.src.rpm
050bb94660b780e46c007801901d1f48  gzip-1.3-18.rhel2.src.rpm

i386:
a9c2aeef541764f49a88ecac9c3d9df3  gzip-1.3-18.rhel2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gzip-1.3-18.rhel2.src.rpm
050bb94660b780e46c007801901d1f48  gzip-1.3-18.rhel2.src.rpm

i386:
a9c2aeef541764f49a88ecac9c3d9df3  gzip-1.3-18.rhel2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gzip-1.3.3-12.rhel3.src.rpm
c782da7e04807a88d25df7827a106d8c  gzip-1.3.3-12.rhel3.src.rpm

i386:
1f9538d3128e0bcc76736323385e2220  gzip-1.3.3-12.rhel3.i386.rpm

ia64:
6ac0ce3ed4161bce4e767737923c1886  gzip-1.3.3-12.rhel3.ia64.rpm

ppc:
6c44dc3336b806231012820e460de026  gzip-1.3.3-12.rhel3.ppc.rpm

s390:
60174ff6847b82896ffd07669e483393  gzip-1.3.3-12.rhel3.s390.rpm

s390x:
3a38fb878896505c3a96cc4b0ddae4b8  gzip-1.3.3-12.rhel3.s390x.rpm

x86_64:
483982c10b5e7d5d0fe050c409fad0d1  gzip-1.3.3-12.rhel3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gzip-1.3.3-12.rhel3.src.rpm
c782da7e04807a88d25df7827a106d8c  gzip-1.3.3-12.rhel3.src.rpm

i386:
1f9538d3128e0bcc76736323385e2220  gzip-1.3.3-12.rhel3.i386.rpm

x86_64:
483982c10b5e7d5d0fe050c409fad0d1  gzip-1.3.3-12.rhel3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gzip-1.3.3-12.rhel3.src.rpm
c782da7e04807a88d25df7827a106d8c  gzip-1.3.3-12.rhel3.src.rpm

i386:
1f9538d3128e0bcc76736323385e2220  gzip-1.3.3-12.rhel3.i386.rpm

ia64:
6ac0ce3ed4161bce4e767737923c1886  gzip-1.3.3-12.rhel3.ia64.rpm

x86_64:
483982c10b5e7d5d0fe050c409fad0d1  gzip-1.3.3-12.rhel3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gzip-1.3.3-12.rhel3.src.rpm
c782da7e04807a88d25df7827a106d8c  gzip-1.3.3-12.rhel3.src.rpm

i386:
1f9538d3128e0bcc76736323385e2220  gzip-1.3.3-12.rhel3.i386.rpm

ia64:
6ac0ce3ed4161bce4e767737923c1886  gzip-1.3.3-12.rhel3.ia64.rpm

x86_64:
483982c10b5e7d5d0fe050c409fad0d1  gzip-1.3.3-12.rhel3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gzip-1.3.3-15.rhel4.src.rpm
2ab2fa50a597a9a99484b40e1a15f510  gzip-1.3.3-15.rhel4.src.rpm

i386:
bab580dbcc384693e2c60c9c4eeb743c  gzip-1.3.3-15.rhel4.i386.rpm

ia64:
c1ad3d861270717a1c492f1e962aaab0  gzip-1.3.3-15.rhel4.ia64.rpm

ppc:
46a890b156a25e7390961011aa1f99b3  gzip-1.3.3-15.rhel4.ppc.rpm

s390:
8adbf741f5f5b0b78f153acf305be1b8  gzip-1.3.3-15.rhel4.s390.rpm

s390x:
1656bd93bd9765203bf9996e54148d90  gzip-1.3.3-15.rhel4.s390x.rpm

x86_64:
20aa8fe74a5db703c86f82329d2b3b7e  gzip-1.3.3-15.rhel4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gzip-1.3.3-15.rhel4.src.rpm
2ab2fa50a597a9a99484b40e1a15f510  gzip-1.3.3-15.rhel4.src.rpm

i386:
bab580dbcc384693e2c60c9c4eeb743c  gzip-1.3.3-15.rhel4.i386.rpm

x86_64:
20aa8fe74a5db703c86f82329d2b3b7e  gzip-1.3.3-15.rhel4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gzip-1.3.3-15.rhel4.src.rpm
2ab2fa50a597a9a99484b40e1a15f510  gzip-1.3.3-15.rhel4.src.rpm

i386:
bab580dbcc384693e2c60c9c4eeb743c  gzip-1.3.3-15.rhel4.i386.rpm

ia64:
c1ad3d861270717a1c492f1e962aaab0  gzip-1.3.3-15.rhel4.ia64.rpm

x86_64:
20aa8fe74a5db703c86f82329d2b3b7e  gzip-1.3.3-15.rhel4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gzip-1.3.3-15.rhel4.src.rpm
2ab2fa50a597a9a99484b40e1a15f510  gzip-1.3.3-15.rhel4.src.rpm

i386:
bab580dbcc384693e2c60c9c4eeb743c  gzip-1.3.3-15.rhel4.i386.rpm

ia64:
c1ad3d861270717a1c492f1e962aaab0  gzip-1.3.3-15.rhel4.ia64.rpm

x86_64:
20aa8fe74a5db703c86f82329d2b3b7e  gzip-1.3.3-15.rhel4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX2wXlSAg2UNWIIRAhqkAKCBnO1I5+8klZgop59NrHUEn3bVBACeOfU+
TUg4muAZm8K8CG98z8TQwlQ=
=Hkvo
- -----END PGP SIGNATURE-----





2.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: gftp security update
Advisory ID:       RHSA-2005:410-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-410.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0372
- - ---------------------------------------------------------------------

1. Summary:

An updated gFTP package that fixes a directory traversal issue is now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

gFTP is a multi-threaded FTP client for the X Window System.

A directory traversal bug was found in gFTP. If a user can be tricked into
downloading a file from a malicious ftp server, it is possible to overwrite
arbitrary files owned by the victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0372 to
this issue.

Users of gftp should upgrade to this updated package, which contains a
backported fix for this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

149109 - CAN-2005-0372 directory traversal issue in gftp


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

i386:
43668a3d9304b5bd3e1c10089e0d1aad  gftp-2.0.8-5.i386.rpm

ia64:
f6d35d6320d0c829994dfbfd2059acd8  gftp-2.0.8-5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

ia64:
f6d35d6320d0c829994dfbfd2059acd8  gftp-2.0.8-5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

i386:
43668a3d9304b5bd3e1c10089e0d1aad  gftp-2.0.8-5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

i386:
43668a3d9304b5bd3e1c10089e0d1aad  gftp-2.0.8-5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

ia64:
25b3c26a26f2ff5f7da7398c76cf1a62  gftp-2.0.14-4.ia64.rpm

ppc:
e8bd14e811c5f61980523908488f517f  gftp-2.0.14-4.ppc.rpm

s390:
0c41a94c255a367ca689550da2fc3f61  gftp-2.0.14-4.s390.rpm

s390x:
8d5cd4377701caf95823a616cdaccb01  gftp-2.0.14-4.s390x.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

ia64:
25b3c26a26f2ff5f7da7398c76cf1a62  gftp-2.0.14-4.ia64.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

ia64:
25b3c26a26f2ff5f7da7398c76cf1a62  gftp-2.0.14-4.ia64.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

ia64:
60fbcc6fd5db5d4b468c680d89b52cf3  gftp-2.0.17-5.ia64.rpm

ppc:
f406c09280eac463ce88e5126bb06715  gftp-2.0.17-5.ppc.rpm

s390:
2c7593bcd854a18c2ee08c15c59c8459  gftp-2.0.17-5.s390.rpm

s390x:
d8956d0266bad37b28a7cba9a1ef636f  gftp-2.0.17-5.s390x.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

ia64:
60fbcc6fd5db5d4b468c680d89b52cf3  gftp-2.0.17-5.ia64.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

ia64:
60fbcc6fd5db5d4b468c680d89b52cf3  gftp-2.0.17-5.ia64.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX3YXlSAg2UNWIIRAh/aAKC6hnG0gAetBDrjGz+ayC2fjCld9wCgotsf
GoHq9L1/5EsqKzCmk7/Snbg=
=+9EW
- -----END PGP SIGNATURE-----





3.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: squid security update
Advisory ID:       RHSA-2005:489-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-489.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-1999-0710 CAN-2005-0718 CAN-2005-1519
- - ---------------------------------------------------------------------

1. Summary:

An updated squid package that fixes several security issues is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386

3. Problem description:

Squid is a full-featured Web proxy cache. 
 
A bug was found in the way Squid handles PUT and POST requests. It is
possible for an authorised remote user to cause a failed PUT or POST
request which can cause Squid to crash. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0718 to
this issue.
 
A bug was found in the way Squid handles access to the cachemgr.cgi script. 
It is possible for an authorised remote user to bypass access control
lists with this flaw. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-1999-0710 to this issue.
 
A bug was found in the way Squid handles DNS replies.  If the port Squid
uses for DNS requests is not protected by a firewall, it is possible for a
remote attacker to spoof DNS replies, possibly redirecting a user to
spoofed or malicious content. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name  CAN-2005-1519 to this issue. 
 
Additionally, this update fixes the following bugs:   
 - squid fails in the unpacking of squid-2.4.STABLE7-1.21as.5.src.rpm
 
Users of Squid should upgrade to this updated package, which contains
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

125007 - insecure permissions for squid.conf
151423 - CAN-2005-0718 Segmentation fault on failed PUT/POST request
153960 - It fails in the unpacking of squid-2.4.STABLE7-1.21as.5.src.rpm
156161 - CVE-1999-0710 cachemgr.cgi access control bypass
157455 - CAN-2005-1519 DNS lookups unreliable on untrusted networks


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/squid-2.4.STABLE7-1.21as.8.src.rpm
94a0e2ba3779a229af1d161555341cc2  squid-2.4.STABLE7-1.21as.8.src.rpm

i386:
08c0d416b59e426120c9f7932e974f9d  squid-2.4.STABLE7-1.21as.8.i386.rpm

ia64:
9e15091928dd05b3f8dcf9f2285bd608  squid-2.4.STABLE7-1.21as.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/squid-2.4.STABLE7-1.21as.8.src.rpm
94a0e2ba3779a229af1d161555341cc2  squid-2.4.STABLE7-1.21as.8.src.rpm

ia64:
9e15091928dd05b3f8dcf9f2285bd608  squid-2.4.STABLE7-1.21as.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/squid-2.4.STABLE7-1.21as.8.src.rpm
94a0e2ba3779a229af1d161555341cc2  squid-2.4.STABLE7-1.21as.8.src.rpm

i386:
08c0d416b59e426120c9f7932e974f9d  squid-2.4.STABLE7-1.21as.8.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1519

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX36XlSAg2UNWIIRAi9tAJ9u1K3/IT/MIxtNb4Erms53mtBGuACfd/k9
qrfd67V28A0ZG/vfQc5t97I=
=LtXt
- -----END PGP SIGNATURE-----





4.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: rsh security update
Advisory ID:       RHSA-2005:495-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-495.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0175
- - ---------------------------------------------------------------------

1. Summary:

Updated rsh packages that fix a theoretical security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The rsh package contains a set of programs that allow users to run
commands on remote machines, login to other machines, and copy files
between machines, using the rsh, rlogin, and rcp commands. All three of
these commands use rhosts-style authentication.

The rcp protocol allows a server to instruct a client to write to arbitrary
files outside of the current directory.  This could potentially cause a
security issue if a user uses rcp to copy files from a malicious server. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0175 to this issue.

All users of rsh should upgrade to these updated packages, which resolve
these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

158916 - CAN-2004-0175 malicious rsh server can cause rcp to write to arbitrary files


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/rsh-0.17-18.AS21.4.src.rpm
97e3fc12d40b985c90c1da4feb8d7e44  rsh-0.17-18.AS21.4.src.rpm

i386:
53f2f58873f6b1448138b0051fc4d0c8  rsh-0.17-18.AS21.4.i386.rpm
7f1279fd4dd249e01309dc4d71506849  rsh-server-0.17-18.AS21.4.i386.rpm

ia64:
39238168acaff66c7366db659f48809d  rsh-0.17-18.AS21.4.ia64.rpm
87c3d4bb78f30940d49a289bb149647d  rsh-server-0.17-18.AS21.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/rsh-0.17-18.AS21.4.src.rpm
97e3fc12d40b985c90c1da4feb8d7e44  rsh-0.17-18.AS21.4.src.rpm

ia64:
39238168acaff66c7366db659f48809d  rsh-0.17-18.AS21.4.ia64.rpm
87c3d4bb78f30940d49a289bb149647d  rsh-server-0.17-18.AS21.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/rsh-0.17-18.AS21.4.src.rpm
97e3fc12d40b985c90c1da4feb8d7e44  rsh-0.17-18.AS21.4.src.rpm

i386:
53f2f58873f6b1448138b0051fc4d0c8  rsh-0.17-18.AS21.4.i386.rpm
7f1279fd4dd249e01309dc4d71506849  rsh-server-0.17-18.AS21.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/rsh-0.17-18.AS21.4.src.rpm
97e3fc12d40b985c90c1da4feb8d7e44  rsh-0.17-18.AS21.4.src.rpm

i386:
53f2f58873f6b1448138b0051fc4d0c8  rsh-0.17-18.AS21.4.i386.rpm
7f1279fd4dd249e01309dc4d71506849  rsh-server-0.17-18.AS21.4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX4ZXlSAg2UNWIIRAitvAKCAnDh1tPQVP8wJz1lD+ib4vlO6EwCgwPIs
cSegbsRZAMBvR/QFSojgc/8=
=iJwn
- -----END PGP SIGNATURE-----





5.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: gedit security update
Advisory ID:       RHSA-2005:499-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-499.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1686
- - ---------------------------------------------------------------------

1. Summary:

An updated gedit package that fixes a file name format string vulnerability
is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

gEdit is a small text editor designed specifically for the GNOME GUI desktop. 

A file name format string vulnerability has been discovered in gEdit. It is
possible for an attacker to create a file with a carefully crafted name
which, when the file is opened, executes arbitrary instructions on a
victim's machine. Although it is unlikely that a user would manually open a
file with such a carefully crafted file name, a user could, for example, be
tricked into opening such a file from within an email client.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1686 to this issue. 

Users of gEdit should upgrade to this updated package, which contains a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159655 - CAN-2005-1686 filename format string vulnerability


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gedit-2.2.2-4.rhel3.src.rpm
4af12e7afe233dd817a34637ea4c2e40  gedit-2.2.2-4.rhel3.src.rpm

i386:
a0c73bb8d16bd87091ea07995e66b926  gedit-2.2.2-4.rhel3.i386.rpm

ia64:
9c34d1ee8720ea981b0189019fcdf5fd  gedit-2.2.2-4.rhel3.ia64.rpm

ppc:
0389a291108df49c17423ba201cf9a37  gedit-2.2.2-4.rhel3.ppc.rpm

s390:
47575246c230dd8d075002e275653edb  gedit-2.2.2-4.rhel3.s390.rpm

s390x:
e5ee83fb888d93e8f8f8641dd4c8f2b8  gedit-2.2.2-4.rhel3.s390x.rpm

x86_64:
885c88930937b3d47f75a0eb61acae37  gedit-2.2.2-4.rhel3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gedit-2.2.2-4.rhel3.src.rpm
4af12e7afe233dd817a34637ea4c2e40  gedit-2.2.2-4.rhel3.src.rpm

i386:
a0c73bb8d16bd87091ea07995e66b926  gedit-2.2.2-4.rhel3.i386.rpm

x86_64:
885c88930937b3d47f75a0eb61acae37  gedit-2.2.2-4.rhel3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gedit-2.2.2-4.rhel3.src.rpm
4af12e7afe233dd817a34637ea4c2e40  gedit-2.2.2-4.rhel3.src.rpm

i386:
a0c73bb8d16bd87091ea07995e66b926  gedit-2.2.2-4.rhel3.i386.rpm

ia64:
9c34d1ee8720ea981b0189019fcdf5fd  gedit-2.2.2-4.rhel3.ia64.rpm

x86_64:
885c88930937b3d47f75a0eb61acae37  gedit-2.2.2-4.rhel3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gedit-2.2.2-4.rhel3.src.rpm
4af12e7afe233dd817a34637ea4c2e40  gedit-2.2.2-4.rhel3.src.rpm

i386:
a0c73bb8d16bd87091ea07995e66b926  gedit-2.2.2-4.rhel3.i386.rpm

ia64:
9c34d1ee8720ea981b0189019fcdf5fd  gedit-2.2.2-4.rhel3.ia64.rpm

x86_64:
885c88930937b3d47f75a0eb61acae37  gedit-2.2.2-4.rhel3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gedit-2.8.1-4.src.rpm
91234d8bd44d20e5f21e72767e76ec7b  gedit-2.8.1-4.src.rpm

i386:
3f5ca71eb65123424ad9980fb6585529  gedit-2.8.1-4.i386.rpm
8800696a1e229e76158ba660324ca777  gedit-devel-2.8.1-4.i386.rpm

ia64:
7f3208d4697da4d0fb0b75e152307ded  gedit-2.8.1-4.ia64.rpm
bcd737443ddf2047343060b9b2db08dc  gedit-devel-2.8.1-4.ia64.rpm

ppc:
0ae4743c760546b15dbcab0970db6c01  gedit-2.8.1-4.ppc.rpm
40756b42e85e068ae9defdce288fc0e0  gedit-devel-2.8.1-4.ppc.rpm

s390:
624d11da5afffab3823ca176b3321793  gedit-2.8.1-4.s390.rpm
01608a19d9c89524a632c78f39b14fac  gedit-devel-2.8.1-4.s390.rpm

s390x:
47b7648f2c394b70e78cd3b15cbd7040  gedit-2.8.1-4.s390x.rpm
b56c95ed023e54206e325da8ec75cf1e  gedit-devel-2.8.1-4.s390x.rpm

x86_64:
103ee4bfed24c7ab79bbb72c41a045ea  gedit-2.8.1-4.x86_64.rpm
1254f73092b0eb3c7809ead5137d90ad  gedit-devel-2.8.1-4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gedit-2.8.1-4.src.rpm
91234d8bd44d20e5f21e72767e76ec7b  gedit-2.8.1-4.src.rpm

i386:
3f5ca71eb65123424ad9980fb6585529  gedit-2.8.1-4.i386.rpm
8800696a1e229e76158ba660324ca777  gedit-devel-2.8.1-4.i386.rpm

x86_64:
103ee4bfed24c7ab79bbb72c41a045ea  gedit-2.8.1-4.x86_64.rpm
1254f73092b0eb3c7809ead5137d90ad  gedit-devel-2.8.1-4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gedit-2.8.1-4.src.rpm
91234d8bd44d20e5f21e72767e76ec7b  gedit-2.8.1-4.src.rpm

i386:
3f5ca71eb65123424ad9980fb6585529  gedit-2.8.1-4.i386.rpm
8800696a1e229e76158ba660324ca777  gedit-devel-2.8.1-4.i386.rpm

ia64:
7f3208d4697da4d0fb0b75e152307ded  gedit-2.8.1-4.ia64.rpm
bcd737443ddf2047343060b9b2db08dc  gedit-devel-2.8.1-4.ia64.rpm

x86_64:
103ee4bfed24c7ab79bbb72c41a045ea  gedit-2.8.1-4.x86_64.rpm
1254f73092b0eb3c7809ead5137d90ad  gedit-devel-2.8.1-4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gedit-2.8.1-4.src.rpm
91234d8bd44d20e5f21e72767e76ec7b  gedit-2.8.1-4.src.rpm

i386:
3f5ca71eb65123424ad9980fb6585529  gedit-2.8.1-4.i386.rpm
8800696a1e229e76158ba660324ca777  gedit-devel-2.8.1-4.i386.rpm

ia64:
7f3208d4697da4d0fb0b75e152307ded  gedit-2.8.1-4.ia64.rpm
bcd737443ddf2047343060b9b2db08dc  gedit-devel-2.8.1-4.ia64.rpm

x86_64:
103ee4bfed24c7ab79bbb72c41a045ea  gedit-2.8.1-4.x86_64.rpm
1254f73092b0eb3c7809ead5137d90ad  gedit-devel-2.8.1-4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1686

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX5SXlSAg2UNWIIRAmmiAJ9DsKXMfwJDVLXL8griow3eTgGT0wCfR9+r
gxZ53vW/K2vpJukUPmlNkbQ=
=ADRj
- -----END PGP SIGNATURE-----





6.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: sysreport security update
Advisory ID:       RHSA-2005:502-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-502.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1760
- - ---------------------------------------------------------------------

1. Summary:

An updated sysreport package that fixes an information disclosure flaw is
now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - noarch
Red Hat Linux Advanced Workstation 2.1 - noarch
Red Hat Enterprise Linux ES version 2.1 - noarch
Red Hat Enterprise Linux WS version 2.1 - noarch
Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch
Red Hat Enterprise Linux AS version 4 - noarch
Red Hat Enterprise Linux Desktop version 4 - noarch
Red Hat Enterprise Linux ES version 4 - noarch
Red Hat Enterprise Linux WS version 4 - noarch

3. Problem description:

Sysreport is a utility that gathers information about a system's hardware
and configuration. The information can then be used for diagnostic purposes
and debugging.

When run by the root user, sysreport includes the contents of the
/etc/sysconfig/rhn/up2date configuration file.  If up2date has been
configured to connect to a proxy server that requires an authentication
password, that password is included in plain text in the system report. 
The Common Vulnerabilities and Exposures project assigned the name
CAN-2005-1760 to this issue.

Users of sysreport should update to this erratum package, which contains a
patch that removes any proxy authentication passwords.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159502 - CAN-2005-1760 sysreport includes proxy password in cleartext


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sysreport-1.3.7.0-4.src.rpm
ee0162efdf945753f3870eabbd6f2ace  sysreport-1.3.7.0-4.src.rpm

noarch:
877c7a9ce70dc7f83852485666cd7b81  sysreport-1.3.7.0-4.noarch.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sysreport-1.3.7.0-4.src.rpm
ee0162efdf945753f3870eabbd6f2ace  sysreport-1.3.7.0-4.src.rpm

noarch:
877c7a9ce70dc7f83852485666cd7b81  sysreport-1.3.7.0-4.noarch.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sysreport-1.3.7.0-4.src.rpm
ee0162efdf945753f3870eabbd6f2ace  sysreport-1.3.7.0-4.src.rpm

noarch:
877c7a9ce70dc7f83852485666cd7b81  sysreport-1.3.7.0-4.noarch.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sysreport-1.3.7.0-4.src.rpm
ee0162efdf945753f3870eabbd6f2ace  sysreport-1.3.7.0-4.src.rpm

noarch:
877c7a9ce70dc7f83852485666cd7b81  sysreport-1.3.7.0-4.noarch.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sysreport-1.3.7.2-6.src.rpm
3d862802529be0c1751719fcc0769460  sysreport-1.3.7.2-6.src.rpm

noarch:
cb23bfbecf4a03066410253fed765549  sysreport-1.3.7.2-6.noarch.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sysreport-1.3.7.2-6.src.rpm
3d862802529be0c1751719fcc0769460  sysreport-1.3.7.2-6.src.rpm

noarch:
cb23bfbecf4a03066410253fed765549  sysreport-1.3.7.2-6.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sysreport-1.3.7.2-6.src.rpm
3d862802529be0c1751719fcc0769460  sysreport-1.3.7.2-6.src.rpm

noarch:
cb23bfbecf4a03066410253fed765549  sysreport-1.3.7.2-6.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sysreport-1.3.7.2-6.src.rpm
3d862802529be0c1751719fcc0769460  sysreport-1.3.7.2-6.src.rpm

noarch:
cb23bfbecf4a03066410253fed765549  sysreport-1.3.7.2-6.noarch.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sysreport-1.3.15-2.src.rpm
776bab105ff07f51652caab88d1d6597  sysreport-1.3.15-2.src.rpm

noarch:
ec397dff4766feb681352573cb105db8  sysreport-1.3.15-2.noarch.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sysreport-1.3.15-2.src.rpm
776bab105ff07f51652caab88d1d6597  sysreport-1.3.15-2.src.rpm

noarch:
ec397dff4766feb681352573cb105db8  sysreport-1.3.15-2.noarch.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sysreport-1.3.15-2.src.rpm
776bab105ff07f51652caab88d1d6597  sysreport-1.3.15-2.src.rpm

noarch:
ec397dff4766feb681352573cb105db8  sysreport-1.3.15-2.noarch.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sysreport-1.3.15-2.src.rpm
776bab105ff07f51652caab88d1d6597  sysreport-1.3.15-2.src.rpm

noarch:
ec397dff4766feb681352573cb105db8  sysreport-1.3.15-2.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1760

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX51XlSAg2UNWIIRAm0vAKDDc30VCnWAzZOAIx5kx9fKuBhy6ACfTZ7s
FLSUafsoO7crDCfOpbUl/zY=
=5szo
- -----END PGP SIGNATURE-----





7.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: tcpdump security update
Advisory ID:       RHSA-2005:505-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-505.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1267
- - ---------------------------------------------------------------------

1. Summary:

Updated tcpdump packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Tcpdump is a command line tool for monitoring network traffic.

A denial of service bug was found in tcpdump during the processing of
certain network packets. It is possible for an attacker to inject a
carefully crafted packet onto the network, crashing a running tcpdump
session. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1267 to this issue. 

Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159208 - CAN-2005-1267 tcpdump BGP DoS


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tcpdump-3.8.2-10.RHEL4.src.rpm
282487d62fa99a54900b540261c399f8  tcpdump-3.8.2-10.RHEL4.src.rpm

i386:
915ffa5eb69ac30ef880db7a7d118eb1  arpwatch-2.1a13-10.RHEL4.i386.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
54c561a0af5fa0f8d30693a58af3478f  tcpdump-3.8.2-10.RHEL4.i386.rpm

ia64:
0249f1f82c2b0d2991e08256ba45efb9  arpwatch-2.1a13-10.RHEL4.ia64.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
effeaf9e1937b5fbc16e291fc7c47a79  libpcap-0.8.3-10.RHEL4.ia64.rpm
cbd5cd10732b1e8a66854f35f09342a6  tcpdump-3.8.2-10.RHEL4.ia64.rpm

ppc:
a11bc11bfac3d410a351ca3b47485025  arpwatch-2.1a13-10.RHEL4.ppc.rpm
3a3cbe9a5f59a067b94acfec2524a180  libpcap-0.8.3-10.RHEL4.ppc.rpm
e6ba2d5dd9271a85001918c91d2afe57  libpcap-0.8.3-10.RHEL4.ppc64.rpm
47a75b07dfed82a17420cf3b23814d43  tcpdump-3.8.2-10.RHEL4.ppc.rpm

s390:
095b4699cc2b62e1dac9f4d00e97b47f  arpwatch-2.1a13-10.RHEL4.s390.rpm
1f810b00fc409bcf612e062d7c274c22  libpcap-0.8.3-10.RHEL4.s390.rpm
fbbad5da43b5df92bf533ffef59e1249  tcpdump-3.8.2-10.RHEL4.s390.rpm

s390x:
2f9a9af8bbc8430415d12aaf266b1e10  arpwatch-2.1a13-10.RHEL4.s390x.rpm
1f810b00fc409bcf612e062d7c274c22  libpcap-0.8.3-10.RHEL4.s390.rpm
d2b5e5a8764736d74c8ef214b95c59f1  libpcap-0.8.3-10.RHEL4.s390x.rpm
1655c64e87224852fc8093860ceb474b  tcpdump-3.8.2-10.RHEL4.s390x.rpm

x86_64:
b28de5bc7cd4a6b6accd48c0bf6edb59  arpwatch-2.1a13-10.RHEL4.x86_64.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
dacdf9f4f40a12cf36d89a0ed3249187  libpcap-0.8.3-10.RHEL4.x86_64.rpm
ef7dc19abecc70943533bde89c3e7f59  tcpdump-3.8.2-10.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tcpdump-3.8.2-10.RHEL4.src.rpm
282487d62fa99a54900b540261c399f8  tcpdump-3.8.2-10.RHEL4.src.rpm

i386:
915ffa5eb69ac30ef880db7a7d118eb1  arpwatch-2.1a13-10.RHEL4.i386.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
54c561a0af5fa0f8d30693a58af3478f  tcpdump-3.8.2-10.RHEL4.i386.rpm

x86_64:
b28de5bc7cd4a6b6accd48c0bf6edb59  arpwatch-2.1a13-10.RHEL4.x86_64.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
dacdf9f4f40a12cf36d89a0ed3249187  libpcap-0.8.3-10.RHEL4.x86_64.rpm
ef7dc19abecc70943533bde89c3e7f59  tcpdump-3.8.2-10.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tcpdump-3.8.2-10.RHEL4.src.rpm
282487d62fa99a54900b540261c399f8  tcpdump-3.8.2-10.RHEL4.src.rpm

i386:
915ffa5eb69ac30ef880db7a7d118eb1  arpwatch-2.1a13-10.RHEL4.i386.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
54c561a0af5fa0f8d30693a58af3478f  tcpdump-3.8.2-10.RHEL4.i386.rpm

ia64:
0249f1f82c2b0d2991e08256ba45efb9  arpwatch-2.1a13-10.RHEL4.ia64.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
effeaf9e1937b5fbc16e291fc7c47a79  libpcap-0.8.3-10.RHEL4.ia64.rpm
cbd5cd10732b1e8a66854f35f09342a6  tcpdump-3.8.2-10.RHEL4.ia64.rpm

x86_64:
b28de5bc7cd4a6b6accd48c0bf6edb59  arpwatch-2.1a13-10.RHEL4.x86_64.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
dacdf9f4f40a12cf36d89a0ed3249187  libpcap-0.8.3-10.RHEL4.x86_64.rpm
ef7dc19abecc70943533bde89c3e7f59  tcpdump-3.8.2-10.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tcpdump-3.8.2-10.RHEL4.src.rpm
282487d62fa99a54900b540261c399f8  tcpdump-3.8.2-10.RHEL4.src.rpm

i386:
915ffa5eb69ac30ef880db7a7d118eb1  arpwatch-2.1a13-10.RHEL4.i386.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
54c561a0af5fa0f8d30693a58af3478f  tcpdump-3.8.2-10.RHEL4.i386.rpm

ia64:
0249f1f82c2b0d2991e08256ba45efb9  arpwatch-2.1a13-10.RHEL4.ia64.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
effeaf9e1937b5fbc16e291fc7c47a79  libpcap-0.8.3-10.RHEL4.ia64.rpm
cbd5cd10732b1e8a66854f35f09342a6  tcpdump-3.8.2-10.RHEL4.ia64.rpm

x86_64:
b28de5bc7cd4a6b6accd48c0bf6edb59  arpwatch-2.1a13-10.RHEL4.x86_64.rpm
243f6883db13135f88f6692ad3280e34  libpcap-0.8.3-10.RHEL4.i386.rpm
dacdf9f4f40a12cf36d89a0ed3249187  libpcap-0.8.3-10.RHEL4.x86_64.rpm
ef7dc19abecc70943533bde89c3e7f59  tcpdump-3.8.2-10.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX6vXlSAg2UNWIIRAshIAJ9ePjbIL67CZyOFAZykX2QTSLA8WgCff7DQ
wHcdKxAnnj4M6pRL7kZViD4=
=skYW
- -----END PGP SIGNATURE-----





8.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: mikmod security update
Advisory ID:       RHSA-2005:506-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-506.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2003-0427
- - ---------------------------------------------------------------------

1. Summary:

Updated mikmod packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

MikMod is a well known MOD music file player for UNIX-based systems.

A buffer overflow bug was found in mikmod during the processing of archive
filenames. An attacker could create a malicious archive that when opened by
mikmod could result in arbitrary code execution. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0427
to this issue. 

Users of mikmod are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159290 - CAN-2003-0427 mikmod flaw


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mikmod-3.1.6-14.EL21.src.rpm
3970786eda79db9cb1e296287b37b6ac  mikmod-3.1.6-14.EL21.src.rpm

i386:
8466e1bce1554356966133dc58a2dacf  mikmod-3.1.6-14.EL21.i386.rpm

ia64:
b5213ec19799e26f9c6975e3a4ed2f62  mikmod-3.1.6-14.EL21.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mikmod-3.1.6-14.EL21.src.rpm
3970786eda79db9cb1e296287b37b6ac  mikmod-3.1.6-14.EL21.src.rpm

ia64:
b5213ec19799e26f9c6975e3a4ed2f62  mikmod-3.1.6-14.EL21.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mikmod-3.1.6-14.EL21.src.rpm
3970786eda79db9cb1e296287b37b6ac  mikmod-3.1.6-14.EL21.src.rpm

i386:
8466e1bce1554356966133dc58a2dacf  mikmod-3.1.6-14.EL21.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mikmod-3.1.6-14.EL21.src.rpm
3970786eda79db9cb1e296287b37b6ac  mikmod-3.1.6-14.EL21.src.rpm

i386:
8466e1bce1554356966133dc58a2dacf  mikmod-3.1.6-14.EL21.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mikmod-3.1.6-22.EL3.src.rpm
ca592164c295c662169f59899b5d20ed  mikmod-3.1.6-22.EL3.src.rpm

i386:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
4f212188933bf38552074df16b177a10  mikmod-devel-3.1.6-22.EL3.i386.rpm

ia64:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
61cdfc9ac651ec6ac0cebb9b6ee21e5f  mikmod-3.1.6-22.EL3.ia64.rpm
5ad42fbfc304dfbdc3730bbe312a5209  mikmod-devel-3.1.6-22.EL3.ia64.rpm

ppc:
81957975a9fd51062153c128383720a8  mikmod-3.1.6-22.EL3.ppc.rpm
022c641f1a955354b0b0e72bb6b2e8ac  mikmod-3.1.6-22.EL3.ppc64.rpm
ad5dbdcd0add2466d38f59c9043f8e5b  mikmod-devel-3.1.6-22.EL3.ppc.rpm

s390:
3fcbfc2496c589fd193c85cc9b8ed80b  mikmod-3.1.6-22.EL3.s390.rpm
c73f83b9d004b1d1b29381bf9970874f  mikmod-devel-3.1.6-22.EL3.s390.rpm

s390x:
3fcbfc2496c589fd193c85cc9b8ed80b  mikmod-3.1.6-22.EL3.s390.rpm
fe365a4396d912d7dd87762eab613ed1  mikmod-3.1.6-22.EL3.s390x.rpm
08d4c973c1a803f0f4d3e2422218ba1f  mikmod-devel-3.1.6-22.EL3.s390x.rpm

x86_64:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
b964adeb79a724b8246c6fbfc5ea15a0  mikmod-3.1.6-22.EL3.x86_64.rpm
27ea70c35b53d82c3f7614d0c47698ed  mikmod-devel-3.1.6-22.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mikmod-3.1.6-22.EL3.src.rpm
ca592164c295c662169f59899b5d20ed  mikmod-3.1.6-22.EL3.src.rpm

i386:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
4f212188933bf38552074df16b177a10  mikmod-devel-3.1.6-22.EL3.i386.rpm

x86_64:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
b964adeb79a724b8246c6fbfc5ea15a0  mikmod-3.1.6-22.EL3.x86_64.rpm
27ea70c35b53d82c3f7614d0c47698ed  mikmod-devel-3.1.6-22.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mikmod-3.1.6-22.EL3.src.rpm
ca592164c295c662169f59899b5d20ed  mikmod-3.1.6-22.EL3.src.rpm

i386:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
4f212188933bf38552074df16b177a10  mikmod-devel-3.1.6-22.EL3.i386.rpm

ia64:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
61cdfc9ac651ec6ac0cebb9b6ee21e5f  mikmod-3.1.6-22.EL3.ia64.rpm
5ad42fbfc304dfbdc3730bbe312a5209  mikmod-devel-3.1.6-22.EL3.ia64.rpm

x86_64:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
b964adeb79a724b8246c6fbfc5ea15a0  mikmod-3.1.6-22.EL3.x86_64.rpm
27ea70c35b53d82c3f7614d0c47698ed  mikmod-devel-3.1.6-22.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mikmod-3.1.6-22.EL3.src.rpm
ca592164c295c662169f59899b5d20ed  mikmod-3.1.6-22.EL3.src.rpm

i386:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
4f212188933bf38552074df16b177a10  mikmod-devel-3.1.6-22.EL3.i386.rpm

ia64:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
61cdfc9ac651ec6ac0cebb9b6ee21e5f  mikmod-3.1.6-22.EL3.ia64.rpm
5ad42fbfc304dfbdc3730bbe312a5209  mikmod-devel-3.1.6-22.EL3.ia64.rpm

x86_64:
2ad7f47a2cb94d9a93a92ed4bc62c702  mikmod-3.1.6-22.EL3.i386.rpm
b964adeb79a724b8246c6fbfc5ea15a0  mikmod-3.1.6-22.EL3.x86_64.rpm
27ea70c35b53d82c3f7614d0c47698ed  mikmod-devel-3.1.6-22.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mikmod-3.1.6-32.EL4.src.rpm
db1185414af6d6fe8fd74ee726db714e  mikmod-3.1.6-32.EL4.src.rpm

i386:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
74fb923f34913d78d51f09c4127ce7eb  mikmod-devel-3.1.6-32.EL4.i386.rpm

ia64:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
6ef2e377622084eef15242025f1a2e54  mikmod-3.1.6-32.EL4.ia64.rpm
463452e2bf31d86d14ab7ae76d7c19de  mikmod-devel-3.1.6-32.EL4.ia64.rpm

ppc:
69639a800fb155b7394c96f92b7fcb1d  mikmod-3.1.6-32.EL4.ppc.rpm
b6ac65c0c55b3cabd3d501aaa3b639c8  mikmod-3.1.6-32.EL4.ppc64.rpm
b61f7624921a95a60d217b30513f8679  mikmod-devel-3.1.6-32.EL4.ppc.rpm

s390:
638419bd8668b782555a9ff6ebe2013e  mikmod-3.1.6-32.EL4.s390.rpm
69f181c1aee41ba2169a202b9d2e5187  mikmod-devel-3.1.6-32.EL4.s390.rpm

s390x:
638419bd8668b782555a9ff6ebe2013e  mikmod-3.1.6-32.EL4.s390.rpm
32596b851069a2bdafcb8ea339e1460c  mikmod-3.1.6-32.EL4.s390x.rpm
e70152c88e13730d19b20d682440f593  mikmod-devel-3.1.6-32.EL4.s390x.rpm

x86_64:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
c6c8501d1224dcdaaabcc3ff85de07b0  mikmod-3.1.6-32.EL4.x86_64.rpm
7cab8526728b5a8acc0e99639689300c  mikmod-devel-3.1.6-32.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mikmod-3.1.6-32.EL4.src.rpm
db1185414af6d6fe8fd74ee726db714e  mikmod-3.1.6-32.EL4.src.rpm

i386:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
74fb923f34913d78d51f09c4127ce7eb  mikmod-devel-3.1.6-32.EL4.i386.rpm

x86_64:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
c6c8501d1224dcdaaabcc3ff85de07b0  mikmod-3.1.6-32.EL4.x86_64.rpm
7cab8526728b5a8acc0e99639689300c  mikmod-devel-3.1.6-32.EL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mikmod-3.1.6-32.EL4.src.rpm
db1185414af6d6fe8fd74ee726db714e  mikmod-3.1.6-32.EL4.src.rpm

i386:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
74fb923f34913d78d51f09c4127ce7eb  mikmod-devel-3.1.6-32.EL4.i386.rpm

ia64:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
6ef2e377622084eef15242025f1a2e54  mikmod-3.1.6-32.EL4.ia64.rpm
463452e2bf31d86d14ab7ae76d7c19de  mikmod-devel-3.1.6-32.EL4.ia64.rpm

x86_64:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
c6c8501d1224dcdaaabcc3ff85de07b0  mikmod-3.1.6-32.EL4.x86_64.rpm
7cab8526728b5a8acc0e99639689300c  mikmod-devel-3.1.6-32.EL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mikmod-3.1.6-32.EL4.src.rpm
db1185414af6d6fe8fd74ee726db714e  mikmod-3.1.6-32.EL4.src.rpm

i386:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
74fb923f34913d78d51f09c4127ce7eb  mikmod-devel-3.1.6-32.EL4.i386.rpm

ia64:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
6ef2e377622084eef15242025f1a2e54  mikmod-3.1.6-32.EL4.ia64.rpm
463452e2bf31d86d14ab7ae76d7c19de  mikmod-devel-3.1.6-32.EL4.ia64.rpm

x86_64:
28c57176420b3b899675b8f8d4240bd2  mikmod-3.1.6-32.EL4.i386.rpm
c6c8501d1224dcdaaabcc3ff85de07b0  mikmod-3.1.6-32.EL4.x86_64.rpm
7cab8526728b5a8acc0e99639689300c  mikmod-devel-3.1.6-32.EL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0427

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX+GXlSAg2UNWIIRAsXJAKCej5YQ+PhOtmzio395ZTXVT7jXwQCfU7V0
b5b2XkSdcfOdDx8u9CNetxg=
=b+PQ
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQq2acIpao72zK539AQElUAP/TXYCQqabG5jU7ote5XVxKz6BQLFXOhnz
NPHtqx1UB7wrMloZucPTSOU/mu5LUNR7llT2RGHN8y2Dr+nVwMeQp3lLWgNQn35L
7D3G1TBpbgc8b3BwDzGcc25OuH7g74e2MZMrv5bb9Ha3f3cEH/4dM+d7Ph5s79rT
mxtr7bvEPRA=
=mMve
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________