[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 475/05 - Four Red Hat Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 475/05 dated 24.06.05  Time: 14:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four Red Hat Security Advisories:
1. RHSA-2005:498-01 - spamassassin security update
2. RHSA-2005:517-01 - HelixPlayer security update
3. RHSA-2005:523-01 - RealPlayer security update
4. RHSA-2005:524-01 - freeradius security update
       

Detail
====== 

1. SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email. A denial of service bug has been found in SpamAssassin.

2. HelixPlayer is a media player. A buffer overflow bug was found in the way 
HelixPlayer processes SMIL files.

3. RealPlayer is a media player that provides solid media playback locally and
via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL
2.0, JPEG, GIF, PNG, RealPix, RealText, and more. A buffer overflow bug was 
found in the way RealPlayer processes SMIL files.

4. FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.
A buffer overflow bug was found in the way FreeRADIUS escapes data in an
SQL query.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: spamassassin security update
Advisory ID:       RHSA-2005:498-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-498.html
Issue date:        2005-06-23
Updated on:        2005-06-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1266
- - ---------------------------------------------------------------------

1. Summary:

An updated spamassassin package that fixes a denial of service bug when
parsing malformed messages is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.

A denial of service bug has been found in SpamAssassin.  An attacker could
construct a message in such a way that would cause SpamAssassin to consume
CPU resources.  If a number of these messages were sent it could lead to a
denial of service, potentially  preventing the delivery or filtering of
email. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1266 to this issue.

SpamAssassin version 3.0.4 additionally solves a number of bugs including:
- - - #156390 Spamassassin consumes too much memory during learning
- - - #155423 URI blacklist spam bypass
- - - #147464 Users may now disable subject rewriting
- - - Smarter default Bayes scores
- - - Numerous other bug fixes that improve spam filter accuracy and safety

For full details, please refer to the change details of 3.0.2, 3.0.3, and
3.0.4 in SpamAssassin's online documentation at the following address:
http://wiki.apache.org/spamassassin/NextRelease

Users of SpamAssassin should update to this updated package, containing
version 3.0.4 which is not vulnerable to this issue and resolves these bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

147464 - spamassassin no longer allows disabling subject rewriting
151433 - spamd generate child processes which occupies all memory
159198 - CAN-2005-1266 spamassassin DoS


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/spamassassin-3.0.4-1.el4.src.rpm
0cfa5b1fd18aa2f410fed837928b455c  spamassassin-3.0.4-1.el4.src.rpm

i386:
c5e89bce23bff4757cb542cf56826e54  spamassassin-3.0.4-1.el4.i386.rpm

ia64:
84e256c709e69590520976c43d19c900  spamassassin-3.0.4-1.el4.ia64.rpm

ppc:
3bdc20c485ee078b6a0607cdf99bff5d  spamassassin-3.0.4-1.el4.ppc.rpm

s390:
f85e251044675dd7fb3b5d9d1c0eb674  spamassassin-3.0.4-1.el4.s390.rpm

s390x:
09f74fbccdae19059115a670d90f5f98  spamassassin-3.0.4-1.el4.s390x.rpm

x86_64:
2c44a9c80b1629af93b4543413c0c652  spamassassin-3.0.4-1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/spamassassin-3.0.4-1.el4.src.rpm
0cfa5b1fd18aa2f410fed837928b455c  spamassassin-3.0.4-1.el4.src.rpm

i386:
c5e89bce23bff4757cb542cf56826e54  spamassassin-3.0.4-1.el4.i386.rpm

x86_64:
2c44a9c80b1629af93b4543413c0c652  spamassassin-3.0.4-1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/spamassassin-3.0.4-1.el4.src.rpm
0cfa5b1fd18aa2f410fed837928b455c  spamassassin-3.0.4-1.el4.src.rpm

i386:
c5e89bce23bff4757cb542cf56826e54  spamassassin-3.0.4-1.el4.i386.rpm

ia64:
84e256c709e69590520976c43d19c900  spamassassin-3.0.4-1.el4.ia64.rpm

x86_64:
2c44a9c80b1629af93b4543413c0c652  spamassassin-3.0.4-1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/spamassassin-3.0.4-1.el4.src.rpm
0cfa5b1fd18aa2f410fed837928b455c  spamassassin-3.0.4-1.el4.src.rpm

i386:
c5e89bce23bff4757cb542cf56826e54  spamassassin-3.0.4-1.el4.i386.rpm

ia64:
84e256c709e69590520976c43d19c900  spamassassin-3.0.4-1.el4.ia64.rpm

x86_64:
2c44a9c80b1629af93b4543413c0c652  spamassassin-3.0.4-1.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCuw7PXlSAg2UNWIIRAs9pAJ9SoZqMqhePjwiJ/LxmPHcFo+k32wCfRyg2
4aoZNEFsVWV92tQ7E2ttTfY=
=oW32
- -----END PGP SIGNATURE-----


2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: HelixPlayer security update
Advisory ID:       RHSA-2005:517-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-517.html
Issue date:        2005-06-23
Updated on:        2005-06-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1766
- - ---------------------------------------------------------------------

1. Summary:

An updated HelixPlayer package that fixes a buffer overflow issue is now
available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, x86_64
Red Hat Enterprise Linux WS version 4 - i386, x86_64

3. Problem description:

HelixPlayer is a media player.

A buffer overflow bug was found in the way HelixPlayer processes SMIL files.
An attacker could create a specially crafted SMIL file, which when combined
with a malicious web server, could execute arbitrary code when opened by a
user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1766 to this issue.

All users of HelixPlayer are advised to upgrade to this updated package,
which contains HelixPlayer version 10.0.5 and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159871 - CAN-2005-1766 HelixPlayer heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/HelixPlayer-1.0.5-0.EL4.1.src.rpm
08f868c1d1b7d9674c8c757438f3bdf3  HelixPlayer-1.0.5-0.EL4.1.src.rpm

i386:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

ppc:
7b235efc96792aff7a96a9019763239e  HelixPlayer-1.0.5-0.EL4.1.ppc.rpm

x86_64:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/HelixPlayer-1.0.5-0.EL4.1.src.rpm
08f868c1d1b7d9674c8c757438f3bdf3  HelixPlayer-1.0.5-0.EL4.1.src.rpm

i386:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

x86_64:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/HelixPlayer-1.0.5-0.EL4.1.src.rpm
08f868c1d1b7d9674c8c757438f3bdf3  HelixPlayer-1.0.5-0.EL4.1.src.rpm

i386:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

x86_64:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/HelixPlayer-1.0.5-0.EL4.1.src.rpm
08f868c1d1b7d9674c8c757438f3bdf3  HelixPlayer-1.0.5-0.EL4.1.src.rpm

i386:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

x86_64:
679711b03ecb529acd7eae0ed2537fb4  HelixPlayer-1.0.5-0.EL4.1.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1766

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCuw8VXlSAg2UNWIIRAgLYAKCOny/6nMgy2dHRpyBf09qJyQCF+gCfWM+W
2zeaekd2RJwPp4Sb+F11jjw=
=d3/R
- -----END PGP SIGNATURE-----


3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: RealPlayer security update
Advisory ID:       RHSA-2005:523-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-523.html
Issue date:        2005-06-23
Updated on:        2005-06-23
Product:           Red Hat Enterprise Linux Extras
CVE Names:         CAN-2005-1766
- - ---------------------------------------------------------------------

1. Summary:

An updated RealPlayer package that fixes a buffer overflow issue is now
available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Problem description:

RealPlayer is a media player that provides solid media playback locally and
via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL
2.0, JPEG, GIF, PNG, RealPix, RealText, and more.

A buffer overflow bug was found in the way RealPlayer processes SMIL files.
An attacker could create a specially crafted SMIL file, which when combined
with a malicious Web server, could execute arbitrary code when opened by a
user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1766 to this issue.

All users of RealPlayer are advised to upgrade to this updated package,
which contains RealPlayer version 10.0.5 and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159864 - CAN-2005-1766 RealPlayer heap overflow
159868 - CAN-2005-1766 RealPlayer heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

x86_64:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

x86_64:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

x86_64:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

x86_64:
7508c3d3ca7a7739e3422ad14537b657  realplayer-10.0.5-0.rhel3.1.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

x86_64:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

x86_64:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

x86_64:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

x86_64:
a894c6c6ab69e12f2d2696c1367a9b2c  RealPlayer-10.0.5-1.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1766

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCuw8vXlSAg2UNWIIRAqXhAKC2XVyqAErU3zZxq0ePL7n6JN2J2wCeJFnl
gOqcfKgGUYfRTfTsEMZ9Gzo=
=fq4v
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: freeradius security update
Advisory ID:       RHSA-2005:524-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-524.html
Issue date:        2005-06-23
Updated on:        2005-06-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1454 CAN-2005-1455
- - ---------------------------------------------------------------------

1. Summary:

Updated freeradius packages that fix a buffer overflow and possible SQL
injection attacks in the sql module are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

3. Problem description:

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A buffer overflow bug was found in the way FreeRADIUS escapes data in an
SQL query. An attacker may be able to crash FreeRADIUS if they cause
FreeRADIUS to escape a string containing three or less characters. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is
possible that an authenticated user could execute arbitrary SQL queries by
sending a specially crafted request to FreeRADIUS. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1455 to this issue.

Users of FreeRADIUS should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

156941 - CAN-2005-1454 Multiple issues in freeradius (CAN-2005-1455)


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/freeradius-1.0.1-1.1.RHEL3.src.rpm
1fd359fe09899c240dd58c6b1cba38b7  freeradius-1.0.1-1.1.RHEL3.src.rpm

i386:
8fd519d93b3871849933b28f7e1bc2d9  freeradius-1.0.1-1.1.RHEL3.i386.rpm

ia64:
5442a3527c92a8d07d08acd77dace190  freeradius-1.0.1-1.1.RHEL3.ia64.rpm

ppc:
fd51f53af3f1e45fe6c0dad9a68fbad0  freeradius-1.0.1-1.1.RHEL3.ppc.rpm

s390:
536f28bdca07bf52391d5cae2e8f073c  freeradius-1.0.1-1.1.RHEL3.s390.rpm

s390x:
209ec09aa78f6e0e4ab8f26f4b356182  freeradius-1.0.1-1.1.RHEL3.s390x.rpm

x86_64:
4b1d9482db8d45cb79e6c522e72cb25a  freeradius-1.0.1-1.1.RHEL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/freeradius-1.0.1-1.1.RHEL3.src.rpm
1fd359fe09899c240dd58c6b1cba38b7  freeradius-1.0.1-1.1.RHEL3.src.rpm

i386:
8fd519d93b3871849933b28f7e1bc2d9  freeradius-1.0.1-1.1.RHEL3.i386.rpm

ia64:
5442a3527c92a8d07d08acd77dace190  freeradius-1.0.1-1.1.RHEL3.ia64.rpm

x86_64:
4b1d9482db8d45cb79e6c522e72cb25a  freeradius-1.0.1-1.1.RHEL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.src.rpm
454ecaca99cdbbbd70d31b72aae7e682  freeradius-1.0.1-3.RHEL4.src.rpm

i386:
ff75a31027509f376c3706efaeb10305  freeradius-1.0.1-3.RHEL4.i386.rpm
ff28f13e57713e277a74b789969bc583  freeradius-mysql-1.0.1-3.RHEL4.i386.rpm
3dc1a74e7dd8ce755e60887ac4fd73cc  freeradius-postgresql-1.0.1-3.RHEL4.i386.rpm
eab011f77b2bce24d42e5608abcea1ed  freeradius-unixODBC-1.0.1-3.RHEL4.i386.rpm

ia64:
0eac053fe887cd2f8c805badd511b91e  freeradius-1.0.1-3.RHEL4.ia64.rpm
de0ccf2e0a508eba3062bfdd5b222835  freeradius-mysql-1.0.1-3.RHEL4.ia64.rpm
0de26700a43c17adeec0498db847a5bc  freeradius-postgresql-1.0.1-3.RHEL4.ia64.rpm
bcc8c5f0ea86f06cbb8f182e0b2e427f  freeradius-unixODBC-1.0.1-3.RHEL4.ia64.rpm

ppc:
0bdd63fef27bd242ed17f48598e25194  freeradius-1.0.1-3.RHEL4.ppc.rpm
68eadec552a9d1f1ec5bd15b90f91b3a  freeradius-mysql-1.0.1-3.RHEL4.ppc.rpm
8be58c952be576172e7f5c50908a3fde  freeradius-postgresql-1.0.1-3.RHEL4.ppc.rpm
76013d354aa7ad542685dc72d62edde5  freeradius-unixODBC-1.0.1-3.RHEL4.ppc.rpm

s390:
d42b57021c61dbfea75314cf7a947f8b  freeradius-1.0.1-3.RHEL4.s390.rpm
0a86a8b88be9aff82f04ea734b1e43eb  freeradius-mysql-1.0.1-3.RHEL4.s390.rpm
cdf1a574f93ade40e99e086f28c81b14  freeradius-postgresql-1.0.1-3.RHEL4.s390.rpm
8441481b5543541d5aae8a3d7bd896cc  freeradius-unixODBC-1.0.1-3.RHEL4.s390.rpm

s390x:
67feac31092680e592c0c0ed7e31ee0c  freeradius-1.0.1-3.RHEL4.s390x.rpm
a369980828701e0694200269c6fd8777  freeradius-mysql-1.0.1-3.RHEL4.s390x.rpm
5d43a5e4ea7b32c74c9b5488172781f7  freeradius-postgresql-1.0.1-3.RHEL4.s390x.rpm
19d3425135a11bfe28fcf09438d298f6  freeradius-unixODBC-1.0.1-3.RHEL4.s390x.rpm

x86_64:
216dcc841b3ef864f866d0536d2e4769  freeradius-1.0.1-3.RHEL4.x86_64.rpm
3a709b00d74cd9e89f1bf1d82f0874a4  freeradius-mysql-1.0.1-3.RHEL4.x86_64.rpm
a41378ac35d1b3ab52b9f0217812aef2  freeradius-postgresql-1.0.1-3.RHEL4.x86_64.rpm
422c04328234167649bb811f882cb774  freeradius-unixODBC-1.0.1-3.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.src.rpm
454ecaca99cdbbbd70d31b72aae7e682  freeradius-1.0.1-3.RHEL4.src.rpm

i386:
ff75a31027509f376c3706efaeb10305  freeradius-1.0.1-3.RHEL4.i386.rpm
ff28f13e57713e277a74b789969bc583  freeradius-mysql-1.0.1-3.RHEL4.i386.rpm
3dc1a74e7dd8ce755e60887ac4fd73cc  freeradius-postgresql-1.0.1-3.RHEL4.i386.rpm
eab011f77b2bce24d42e5608abcea1ed  freeradius-unixODBC-1.0.1-3.RHEL4.i386.rpm

ia64:
0eac053fe887cd2f8c805badd511b91e  freeradius-1.0.1-3.RHEL4.ia64.rpm
de0ccf2e0a508eba3062bfdd5b222835  freeradius-mysql-1.0.1-3.RHEL4.ia64.rpm
0de26700a43c17adeec0498db847a5bc  freeradius-postgresql-1.0.1-3.RHEL4.ia64.rpm
bcc8c5f0ea86f06cbb8f182e0b2e427f  freeradius-unixODBC-1.0.1-3.RHEL4.ia64.rpm

x86_64:
216dcc841b3ef864f866d0536d2e4769  freeradius-1.0.1-3.RHEL4.x86_64.rpm
3a709b00d74cd9e89f1bf1d82f0874a4  freeradius-mysql-1.0.1-3.RHEL4.x86_64.rpm
a41378ac35d1b3ab52b9f0217812aef2  freeradius-postgresql-1.0.1-3.RHEL4.x86_64.rpm
422c04328234167649bb811f882cb774  freeradius-unixODBC-1.0.1-3.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1455

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCuw9EXlSAg2UNWIIRArAuAJ0bMr7qTjecKGU6RRtqDzBqLa7l+QCgxTyb
G3LY9a35RPjFeBUG3RdZs4g=
=cKr1
- -----END PGP SIGNATURE-----


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQrwG1Ypao72zK539AQFpMwQAirp/6uNgDHRTZuJ30lC6RzylwGhoOoUh
7SMwViZXnh5jIXplzu15yroXgdR4vPbp4pbrpyfclvWAIrR6dyECT72/LZ74Gm+3
W+BEGa7YEiAy+JsQzu1XSI4wfSWXHbnd0vLzLhmgXOhJcoH4WU3OQBEMKpbj7V8q
0uuZqlOs5cw=
=Y2Gb
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________