[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 552/05 - Fedora Legacy - Eleven Update Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 552/05 dated 18.07.05  Time: 11:30  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Fedora Legacy - Eleven Update Advisories:
     1.  [FLSA-2005:152769] Updated kdelibs/kdebase packages fix security issues
     2.  [FLSA-2005:152838] Updated gd packages fix security issues
     3.  [FLSA-2005:152841] Updated openssl packages fix security issues
     4.  [FLSA-2005:152844] Updated PostgreSQL packages fix security issues
     5.  [FLSA-2005:152874] Updated samba packages fix security issues
     6.  [FLSA-2005:152891] Updated cpio package fixes security issue
     7.  [FLSA-2005:152900] Updated squirrelmail package fixes security issue
     8.  [FLSA-2005:152917] Updated curl packages fix a security issue
     9.  [FLSA-2005:152925] Updated mysql packages fix security issues
    10.  [FLSA-2005:154272] Updated gdk-pixbuf packages fix a security issue
    11.  [FLSA-2005:158149] Updated mozilla packages fix security issues


Detail
====== 

Update advisory summaries:

     1.  Updated kdelibs and kdebase packages that resolve several security
         issues are now available.

     2.  Updated gd packages that fix security issues with overflow in various
         memory allocation calls are now available.

     3.  Updated OpenSSL packages that fix security issues are now available.

     4.  Updated PostgreSQL packages to fix various security flaws are now available.

     5.  Updated samba packages that fix various security vulnerabilities are now
         available.

     6.  An updated cpio package that fixes a umask bug and supports large files
         (>2GB) is now available.

     7.  An updated SquirrelMail package that fixes a cross-site scripting
         vulnerability is now available.

     8.  Updated curl packages are now available.

     9.  Updated mysql packages that fix various security issues are now
         available.

    10.  Updated gdk-pixbuf packages that fix a double free vulnerability are now
         available.

    11.  Updated mozilla packages that fix various security bugs are now
         available.


Update advisory content follows:


1.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated kdelibs/kdebase packages fix security issues
Advisory ID:       FLSA:152769
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2003-0592 CAN-2004-0411 CAN-2004-0689
                   CAN-2004-0721 CAN-2004-0746 CAN-2004-1158
                   CAN-2004-1165
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated kdelibs and kdebase packages that resolve several security
issues are now available.

The kdelibs packages include libraries for the K Desktop Environment.
The kdebase packages include core applications for the K Desktop
Environment.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

Flaws have been found in the cookie path handling between a number of
Web browsers and servers. The HTTP cookie standard allows a Web server
supplying a cookie to a client to specify a subset of URLs on the origin
server to which the cookie applies. Web servers such as Apache do not
filter returned cookies and assume that the client will only send back
cookies for requests that fall within the server-supplied subset of
URLs. However, by supplying URLs that use path traversal (/../) and
character encoding, it is possible to fool many browsers into sending a
cookie to a path outside of the originally-specified subset. The Common
Vulnerabilities and Exposures project has assigned the name
CAN-2003-0592 to this issue.

iDEFENSE identified a vulnerability in the Opera web browser that could
allow remote attackers to create or truncate arbitrary files. The KDE
team has found two similar vulnerabilities that also exist in KDE. A
flaw in the telnet URI handler may allow options to be passed to the
telnet program, resulting in creation or replacement of files. An
attacker could create a carefully crafted link such that when opened by
a victim it creates or overwrites a file with the victim's permissions.
A flaw in the mailto URI handler may allow options to be passed to the
kmail program. These options could cause kmail to write to the file
system or to run on a remote X display. An attacker could create a
carefully crafted link in such a way that access may be obtained to run
arbitrary code as the victim. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0411 to these
issues.

Andrew Tuitt reported that versions of KDE up to and including 3.2.3
create temporary directories with predictable names. A local attacker
could prevent KDE applications from functioning correctly, or overwrite
files owned by other users by creating malicious symlinks. The Common
Vulnerabilities and Exposures project has assigned the name
CAN-2004-0689 to this issue.

WESTPOINT internet reconnaissance services has discovered that the KDE
web browser Konqueror allows websites to set cookies for certain country
specific secondary top level domains. An attacker within one of the
affected domains could construct a cookie which would be sent to all
other websites within the domain leading to a session fixation attack.
This issue does not affect popular domains such as .co.uk, .co.in, or
.com. The Common Vulnerabilities and Exposures project has assigned the
name CAN-2004-0721 to this issue.

A frame injection spoofing vulnerability has been discovered in the
Konqueror web browser. This issue could allow a malicious website to
show arbitrary content in a named frame of a different browser window.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2004-0746 to this issue.

Secunia Research discovered a window injection spoofing vulnerability
affecting the Konqueror web browser. This issue could allow a malicious
website to show arbitrary content in a different browser window. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2004-1158 to this issue.

A bug was discovered in the way kioslave handles URL-encoded newline
(%0a) characters before the FTP command. It is possible that a specially
crafted URL could be used to execute any ftp command on a remote server,
or potentially send unsolicited email. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2004-1165 to this issue.

All users of KDE are advised to upgrade to this updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152769

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kdebase-3.0.5a-0.73.7.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kdelibs-3.0.5a-0.73.6.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdebase-3.0.5a-0.73.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdebase-devel-3.0.5a-0.73.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdelibs-3.0.5a-0.73.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdelibs-devel-3.0.5a-0.73.6.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kdebase-3.1-18.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kdelibs-3.1-17.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/kdebase-3.1-18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kdebase-devel-3.1-18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kdelibs-3.1-17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kdelibs-devel-3.1-17.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kdebase-3.1.4-9.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kdelibs-3.1.4-9.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/kdebase-3.1.4-9.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kdebase-devel-3.1.4-9.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kdelibs-3.1.4-9.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kdelibs-devel-3.1.4-9.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

ab6411334132d5802fc3ee5f2fe84f093e4bc2e7
redhat/7.3/updates/i386/kdebase-3.0.5a-0.73.7.legacy.i386.rpm
56c46a2228202188e3ed7568d920026271c7b50b
redhat/7.3/updates/i386/kdebase-devel-3.0.5a-0.73.7.legacy.i386.rpm
150f547193e5c29da348580d5fbd3a073f9ef10e
redhat/7.3/updates/i386/kdelibs-3.0.5a-0.73.6.legacy.i386.rpm
018101a1b09d9e8f1ce5aef49186385ee5822eaf
redhat/7.3/updates/i386/kdelibs-devel-3.0.5a-0.73.6.legacy.i386.rpm
5cd53bb265cb29964d1d52680846296eaa34aa5e
redhat/7.3/updates/SRPMS/kdebase-3.0.5a-0.73.7.legacy.src.rpm
aac6a1b078750398b5636e26890d37eeaba15d07
redhat/7.3/updates/SRPMS/kdelibs-3.0.5a-0.73.6.legacy.src.rpm
89ec164225d93ec6572d40f843c8ffed6e0b454b
redhat/9/updates/i386/kdebase-3.1-18.legacy.i386.rpm
a7e702304cc599eba38bd232ab216b2f11c04b03
redhat/9/updates/i386/kdebase-devel-3.1-18.legacy.i386.rpm
43952098114d6f1de023ad02051850d1e62a843b
redhat/9/updates/i386/kdelibs-3.1-17.legacy.i386.rpm
bfc0d2fc7e80c57a5306aac818cd75f073b114bd
redhat/9/updates/i386/kdelibs-devel-3.1-17.legacy.i386.rpm
937fc96d039dd3eb43a4acc975545b954112e3d5
redhat/9/updates/SRPMS/kdebase-3.1-18.legacy.src.rpm
2afbef59e60e63906b9ee20a57dccf438f667dcc
redhat/9/updates/SRPMS/kdelibs-3.1-17.legacy.src.rpm
c9bb19c3b14d0307048d6963fd943a558b6beace
fedora/1/updates/i386/kdebase-3.1.4-9.legacy.i386.rpm
229ea248850a2bc07f3ea50f6a26932ba019aa93
fedora/1/updates/i386/kdebase-devel-3.1.4-9.legacy.i386.rpm
a9778ed5012ffbe9d9453e589ab04db5531e3918
fedora/1/updates/i386/kdelibs-3.1.4-9.legacy.i386.rpm
fbb005803701315f6d5932967f7e9152eb2365f0
fedora/1/updates/i386/kdelibs-devel-3.1.4-9.legacy.i386.rpm
3cdb52e7b0fd6fc444a7cea58034db5dcdbc9f99
fedora/1/updates/SRPMS/kdebase-3.1.4-9.legacy.src.rpm
0d896b24d8d88e072e7b46d1cf1ba9733b78b42a
fedora/1/updates/SRPMS/kdelibs-3.1.4-9.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




2.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated gd packages fix security issues
Advisory ID:       FLSA:152838
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2004-0941 CAN-2004-0990
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated gd packages that fix security issues with overflow in various
memory allocation calls are now available.

The gd packages contain a graphics library used for the dynamic creation
of images such as PNG and JPEG.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

Several buffer overflows were reported in various memory allocation
calls. An attacker could create a carefully crafted image file in such a
way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.

While researching the fixes to these overflows, additional buffer
overflows were discovered in calls to gdMalloc. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0941 to these issues.

Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152838

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gd-1.8.4-4.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gd-1.8.4-4.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gd-devel-1.8.4-4.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gd-progs-1.8.4-4.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gd-1.8.4-11.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/gd-1.8.4-11.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/gd-devel-1.8.4-11.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/gd-progs-1.8.4-11.1.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/gd-2.0.15-1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/gd-2.0.15-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/gd-devel-2.0.15-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/gd-progs-2.0.15-1.2.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

094e683de916db07104de9f735a0773db3a89d25
redhat/7.3/updates/i386/gd-1.8.4-4.1.legacy.i386.rpm
addb29d84db162ceedd78e208efa08b3f7b35589
redhat/7.3/updates/i386/gd-devel-1.8.4-4.1.legacy.i386.rpm
e736bda88bfdc20a5560c33a2866d36af57d365a
redhat/7.3/updates/i386/gd-progs-1.8.4-4.1.legacy.i386.rpm
f75168266e076834d3c8c4bd247f5b71dd46a6b3
redhat/7.3/updates/SRPMS/gd-1.8.4-4.1.legacy.src.rpm
3315825ff28caf0516227aa9c7b60df6ad5fb865
redhat/9/updates/i386/gd-1.8.4-11.1.legacy.i386.rpm
e4e1128a446799ade2bdfd31c2b2165e8391298c
redhat/9/updates/i386/gd-devel-1.8.4-11.1.legacy.i386.rpm
68ddd0a5e252b8c478006a7121a516a125b468e7
redhat/9/updates/i386/gd-progs-1.8.4-11.1.legacy.i386.rpm
66a0ea816ea63de04c80914410cec6d772e89dee
redhat/9/updates/SRPMS/gd-1.8.4-11.1.legacy.src.rpm
e468a13340eb0adc2c4a53ea46db6acd2a909cdc
fedora/1/updates/i386/gd-2.0.15-1.2.legacy.i386.rpm
1b589147f1a2779031d9815c330b919098fcc4ca
fedora/1/updates/i386/gd-devel-2.0.15-1.2.legacy.i386.rpm
eec3d79e1bb687c7aae118d561ff8683d0c4713d
fedora/1/updates/i386/gd-progs-2.0.15-1.2.legacy.i386.rpm
ca49d8c20730afd691e5cbe83b9c396a57a789aa
fedora/1/updates/SRPMS/gd-2.0.15-1.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0990

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




3.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated openssl packages fix security issues
Advisory ID:       FLSA:152841
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2004-0975
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated OpenSSL packages that fix security issues are now available.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a
full-strength general purpose cryptography library.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

A flaw was found in the way the der_chop script creates temporary files.
It is possible that a malicious local user could cause der_chop to
overwrite files (CAN-2004-0975).

Users are advised to update to these erratum packages which contain
a patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152841

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssl-0.9.6b-39.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-0.9.6b-39.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-0.9.6b-39.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-devel-0.9.6b-39.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-perl-0.9.6b-39.7.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openssl-0.9.7a-20.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-0.9.7a-20.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-0.9.7a-20.4.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-devel-0.9.7a-20.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-perl-0.9.7a-20.4.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openssl-0.9.7a-33.11.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-0.9.7a-33.11.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-0.9.7a-33.11.legacy.i686.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-devel-0.9.7a-33.11.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-perl-0.9.7a-33.11.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

23e338ea168362be064b0fc5818ca75fb0ff478d
redhat/7.3/updates/i386/openssl-0.9.6b-39.7.legacy.i386.rpm
909d19843a102c8db726f4ce19bec343e468c205
redhat/7.3/updates/i386/openssl-0.9.6b-39.7.legacy.i686.rpm
e5d2ded644fc5e6efd947ce85c6889e8f3d85cf9
redhat/7.3/updates/i386/openssl-devel-0.9.6b-39.7.legacy.i386.rpm
94f5abf2da579c8546b26a579d125a402c517cd4
redhat/7.3/updates/i386/openssl-perl-0.9.6b-39.7.legacy.i386.rpm
22e61ba5e83c0f2ffb1cf01c2f440e0f5778aeb5
redhat/7.3/updates/SRPMS/openssl-0.9.6b-39.7.legacy.src.rpm
fc4ccd852dbdb32d35feda73d57dfec9695bb124
redhat/9/updates/i386/openssl-0.9.7a-20.4.legacy.i386.rpm
53d60e01f25892efcc5da5281110259f15560f95
redhat/9/updates/i386/openssl-0.9.7a-20.4.legacy.i686.rpm
6044af703d7b8915a0ff64cd57862c09f202884b
redhat/9/updates/i386/openssl-devel-0.9.7a-20.4.legacy.i386.rpm
366b375b6e77103d41e2b3b1fbdf2e4fd11ff31c
redhat/9/updates/i386/openssl-perl-0.9.7a-20.4.legacy.i386.rpm
55334c3b4a44b6743d86d7a5e40ec2ac853cfca9
redhat/9/updates/SRPMS/openssl-0.9.7a-20.4.legacy.src.rpm
76fa768ce6ead9d3a2fe5a4bafa7c78c7d73049c
fedora/1/updates/i386/openssl-0.9.7a-33.11.legacy.i386.rpm
b0eadfbcbfe4b8306eff0d0d9fe1abc56e77633b
fedora/1/updates/i386/openssl-0.9.7a-33.11.legacy.i686.rpm
7b24ed7cdbd8c55dbe0f7c9234314383c1cb90ca
fedora/1/updates/i386/openssl-devel-0.9.7a-33.11.legacy.i386.rpm
196577ad1b00b1285a41c30d8e42cf2c22d4063a
fedora/1/updates/i386/openssl-perl-0.9.7a-33.11.legacy.i386.rpm
adfbc1d2c8753ae170cc9badee8ed56f5f4cf5cb
fedora/1/updates/SRPMS/openssl-0.9.7a-33.11.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




4.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated PostgreSQL packages fix security issues
Advisory ID:       FLSA:152844
Issue date:        2005-07-16
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2004-0977 CAN-2005-0227 CAN-2005-0244
                   CAN-2005-0245 CAN-2005-0246 CAN-2005-0247
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated PostgreSQL packages to fix various security flaws are now available.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

Trustix has identified improper temporary file usage in the
make_oidjoins_check script. It is possible that an attacker could
overwrite arbitrary file contents as the user running the
make_oidjoins_check script. This script has been removed from the RPM file
since it has no use to ordinary users. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to
this issue.

A flaw in the LOAD command in PostgreSQL was discovered. A local user
could use this flaw to load arbitrary shared librarys and therefore execute
arbitrary code, gaining the privileges of the PostgreSQL server. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0227 to this issue.

A permission checking flaw in PostgreSQL was discovered. A local user
could bypass the EXECUTE permission check for functions by using the CREATE
AGGREGATE command. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0244 to this issue.

Multiple buffer overflows were found in PL/PgSQL. A database user who has
permissions to create plpgsql functions could trigger this flaw which could
lead to arbitrary code execution, gaining the privileges of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues.

A flaw in the integer aggregator (intagg) contrib module for PostgreSQL was
found. A user could create carefully crafted arrays and cause a denial of
service (crash). The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0246 to this issue.

Users of PostgreSQL are advised to update to these erratum packages which
are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152844

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/postgresql-7.2.7-1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-contrib-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-devel-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-docs-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-jdbc-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-libs-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-odbc-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-perl-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-python-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-server-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-tcl-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-test-7.2.7-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/postgresql-tk-7.2.7-1.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-contrib-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-devel-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-docs-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-jdbc-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-libs-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-pl-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-python-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-server-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-tcl-7.3.9-0.90.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/postgresql-test-7.3.9-0.90.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/postgresql-7.3.9-1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-contrib-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-devel-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-docs-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-jdbc-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-libs-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-pl-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-python-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-server-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-tcl-7.3.9-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/postgresql-test-7.3.9-1.2.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

d31c189c8a7deff6956075bf77e2b1d65ec5c4a7
redhat/7.3/updates/i386/postgresql-7.2.7-1.2.legacy.i386.rpm
2f0d1bf43ce424777839a4114c1586de17003028
redhat/7.3/updates/i386/postgresql-contrib-7.2.7-1.2.legacy.i386.rpm
3c8ca3b49b600ee328d376509ba2fa81178bc785
redhat/7.3/updates/i386/postgresql-devel-7.2.7-1.2.legacy.i386.rpm
69f068253ca62dbfecf102e4599ad592fe07d654
redhat/7.3/updates/i386/postgresql-docs-7.2.7-1.2.legacy.i386.rpm
0aef7d8c5eaa0f9acbbf6bbdb9aa325ff993094c
redhat/7.3/updates/i386/postgresql-jdbc-7.2.7-1.2.legacy.i386.rpm
4ddd20835495bf19a00665136b3e7634e3e29da4
redhat/7.3/updates/i386/postgresql-libs-7.2.7-1.2.legacy.i386.rpm
11a5ef1ad11f2cbd11344aa225c4685ecffe56c1
redhat/7.3/updates/i386/postgresql-odbc-7.2.7-1.2.legacy.i386.rpm
5cafe5600b825fcbf96eebc390ac0f2024b2a2be
redhat/7.3/updates/i386/postgresql-perl-7.2.7-1.2.legacy.i386.rpm
a00ed6283f7b0b4878be4a5d33c4d08c6cecd032
redhat/7.3/updates/i386/postgresql-python-7.2.7-1.2.legacy.i386.rpm
022b23b4f4f7942220a8ca069b739089873685b2
redhat/7.3/updates/i386/postgresql-server-7.2.7-1.2.legacy.i386.rpm
77156886ec28350b6dffef06f96fcb3ee1ee7ebf
redhat/7.3/updates/i386/postgresql-tcl-7.2.7-1.2.legacy.i386.rpm
2c3cc238af77cee13a342c677c965c5d57c34bb9
redhat/7.3/updates/i386/postgresql-test-7.2.7-1.2.legacy.i386.rpm
f150672bd8473dc450010b436e557a46761f5c57
redhat/7.3/updates/i386/postgresql-tk-7.2.7-1.2.legacy.i386.rpm
35222d526cd08e720a50d5f441a152fc6d93056f
redhat/7.3/updates/SRPMS/postgresql-7.2.7-1.2.legacy.src.rpm
97c1e38c06d6bb16a76e346aad2a9ae9f4dbe4de
redhat/9/updates/i386/postgresql-7.3.9-0.90.2.legacy.i386.rpm
44dc64014d89dd84cb7dbc7077adcb0b8d382233
redhat/9/updates/i386/postgresql-contrib-7.3.9-0.90.2.legacy.i386.rpm
12fea917971b79931ab833c7725e2fed9ee737f5
redhat/9/updates/i386/postgresql-devel-7.3.9-0.90.2.legacy.i386.rpm
db0d341829ca4d29dfefa049939efea2f0a7b966
redhat/9/updates/i386/postgresql-docs-7.3.9-0.90.2.legacy.i386.rpm
882789ef9a838332b16477f4c217c9c61517ac97
redhat/9/updates/i386/postgresql-jdbc-7.3.9-0.90.2.legacy.i386.rpm
9247cee701af231b2c5a29d880c347a2a9d99399
redhat/9/updates/i386/postgresql-libs-7.3.9-0.90.2.legacy.i386.rpm
7afd9c0344c6b340d77fd74be9ba2f7b078d7a8a
redhat/9/updates/i386/postgresql-pl-7.3.9-0.90.2.legacy.i386.rpm
11889c69f5ecafcbf8d75905d8452ae3a8f8227f
redhat/9/updates/i386/postgresql-python-7.3.9-0.90.2.legacy.i386.rpm
1446eb258819fb54beb7c4cafd53ad828b445eab
redhat/9/updates/i386/postgresql-server-7.3.9-0.90.2.legacy.i386.rpm
9d367f4e478199a6d186633f302c706ba2a6dbd6
redhat/9/updates/i386/postgresql-tcl-7.3.9-0.90.2.legacy.i386.rpm
8c06644a98389f11fa1a5a13f5a4d6c9558b8d0f
redhat/9/updates/i386/postgresql-test-7.3.9-0.90.2.legacy.i386.rpm
7855eeced400cfeaf85b478c69810099eb304826
redhat/9/updates/SRPMS/postgresql-7.3.9-0.90.2.legacy.src.rpm
e41bd8377a22b935f44202ddc785fc9185355234
fedora/1/updates/i386/postgresql-7.3.9-1.2.legacy.i386.rpm
efab40afd8fe5c92a7d68a5a41d01fcec96430c6
fedora/1/updates/i386/postgresql-contrib-7.3.9-1.2.legacy.i386.rpm
9044550eed20628c22f4f75bb13afcddfd0d724a
fedora/1/updates/i386/postgresql-devel-7.3.9-1.2.legacy.i386.rpm
8c689dc13b2be91d97a235a389f85f615d1d1ee6
fedora/1/updates/i386/postgresql-docs-7.3.9-1.2.legacy.i386.rpm
2da174ac3fd08fa4e5dda831054d1e541f7226fb
fedora/1/updates/i386/postgresql-jdbc-7.3.9-1.2.legacy.i386.rpm
d6a0eb0d12ebc73b5fde3bd45e6eb9061f56ca00
fedora/1/updates/i386/postgresql-libs-7.3.9-1.2.legacy.i386.rpm
a1bccc43dffd3bbb0bcd1351f4b75965f8e24e6d
fedora/1/updates/i386/postgresql-pl-7.3.9-1.2.legacy.i386.rpm
4a4d1bf5cfa876b0303a4eefb4df4aea7f90cea3
fedora/1/updates/i386/postgresql-python-7.3.9-1.2.legacy.i386.rpm
62e0287827577a799f586b0815cbbe5544952207
fedora/1/updates/i386/postgresql-server-7.3.9-1.2.legacy.i386.rpm
c993c8888856a89603116de70a8f6f5de8422c7a
fedora/1/updates/i386/postgresql-tcl-7.3.9-1.2.legacy.i386.rpm
766dd53d0ef9761c986373f7c9626ecb85635893
fedora/1/updates/i386/postgresql-test-7.3.9-1.2.legacy.i386.rpm
993c2134e2a29ecde59935afa87b6d11a1d3a108
fedora/1/updates/SRPMS/postgresql-7.3.9-1.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




5.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated samba packages fix security issues
Advisory ID:       FLSA:152874
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2004-0882 CAN-2004-0930 CAN-2004-1154
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated samba packages that fix various security vulnerabilities are now
available.

Samba provides file and printer sharing services to SMB/CIFS clients.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

During a code audit, Stefan Esser discovered a buffer overflow in Samba
versions prior to 3.0.8 when handling unicode filenames. An
authenticated remote user could exploit this bug which may lead to
arbitrary code execution on the server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0882 to
this issue.

A bug was found in the input validation routines in versions of Samba
prior to 3.0.8 that caused the smbd process to consume abnormal amounts
of system memory. An authenticated remote user could exploit this bug to
cause a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0930 to this
issue.

Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in
Samba versions prior to 3.0.10. An authenticated remote user could
exploit this bug which may lead to arbitrary code execution on the Samba
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1154 to this issue.

Users of Samba should upgrade to these updated packages, which contain
backported security patches, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152874

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/samba-2.2.12-0.73.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/samba-2.2.12-0.73.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/samba-client-2.2.12-0.73.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/samba-common-2.2.12-0.73.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/samba-swat-2.2.12-0.73.7.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/samba-2.2.12-0.90.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/samba-client-2.2.12-0.90.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/samba-common-2.2.12-0.90.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/samba-swat-2.2.12-0.90.6.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/samba-3.0.10-1.fc1.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/samba-3.0.10-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/samba-client-3.0.10-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/samba-common-3.0.10-1.fc1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/samba-swat-3.0.10-1.fc1.1.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

42ecbf32e60d20aad26f484f56f3ff8238693476
redhat/7.3/updates/i386/samba-2.2.12-0.73.7.legacy.i386.rpm
8fd4d9cbba8086ccfd900d2f52606c2d54806988
redhat/7.3/updates/i386/samba-client-2.2.12-0.73.7.legacy.i386.rpm
6daa57cd26b5e821863c3eb9cfe2ae3f0c663ddb
redhat/7.3/updates/i386/samba-common-2.2.12-0.73.7.legacy.i386.rpm
e3675223b6b0bcd6dad4c2fe4012f4545ca7515a
redhat/7.3/updates/i386/samba-swat-2.2.12-0.73.7.legacy.i386.rpm
2c2a86f860e4e1d431d805baaf8677d3c9f48ac7
redhat/7.3/updates/SRPMS/samba-2.2.12-0.73.7.legacy.src.rpm
ff231fafc909e978892e585eb74fb3e7401eb31a
redhat/9/updates/i386/samba-2.2.12-0.90.6.legacy.i386.rpm
6b6e61f0b359f34188958e5a24e4899844e3d0e7
redhat/9/updates/i386/samba-client-2.2.12-0.90.6.legacy.i386.rpm
9e26a3dae0f0fd7e4970fb5cafb29252be65cf2f
redhat/9/updates/i386/samba-common-2.2.12-0.90.6.legacy.i386.rpm
f4a8520bad06083f5f472334d9b69e0ec36db5ed
redhat/9/updates/i386/samba-swat-2.2.12-0.90.6.legacy.i386.rpm
7e9fdd549b6e0ea6876a633ee4309d8eb648d7f7
redhat/9/updates/SRPMS/samba-2.2.12-0.90.6.legacy.src.rpm
43f8acddedfb9ad2dcaee1fb6a9f00a76f0e5d14
fedora/1/updates/i386/samba-3.0.10-1.fc1.1.legacy.i386.rpm
9c60ba3681f1ba637cf4683bd0f5ae82232506a8
fedora/1/updates/i386/samba-client-3.0.10-1.fc1.1.legacy.i386.rpm
df6025e7fb9539f3c728c3fef379f70076bd563b
fedora/1/updates/i386/samba-common-3.0.10-1.fc1.1.legacy.i386.rpm
9c8bf7b144c3aa4078216369936072b1b1e8c092
fedora/1/updates/i386/samba-swat-3.0.10-1.fc1.1.legacy.i386.rpm
f047f8ec8734653aee8b62683aae922a38bd606e
fedora/1/updates/SRPMS/samba-3.0.10-1.fc1.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




6.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated cpio package fixes security issue
Advisory ID:       FLSA:152891
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-1999-1572
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

An updated cpio package that fixes a umask bug and supports large files
(>2GB) is now available.

GNU cpio copies files into or out of a cpio or tar archive.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

It was discovered that cpio uses a 0 umask when creating files using the
- -O (archive) option. This creates output files with mode 0666 (all can
read and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-1999-1572 to this issue.

All users of cpio should upgrade to this updated package, which resolves
this issue, and adds support for large files (> 2GB).

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152891

6. RPMs required:

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cpio-2.5-3.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/cpio-2.5-3.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cpio-2.5-5.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/cpio-2.5-5.2.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

9f7b398cf0b0259eb983fa3f77aaae4558aa3f81
redhat/9/updates/i386/cpio-2.5-3.2.legacy.i386.rpm
afb4f3892398e6a08bb9f8f3016ffe4a33302fdc
redhat/9/updates/SRPMS/cpio-2.5-3.2.legacy.src.rpm
757cee489c9ceb9aa0d8c775a035cfbe5f1f93fe
fedora/1/updates/i386/cpio-2.5-5.2.legacy.i386.rpm
d78fe3e156c510479e55b52ec284b0ba04704909
fedora/1/updates/SRPMS/cpio-2.5-5.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




7.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated squirrelmail package fixes security issue
Advisory ID:       FLSA:152900
Issue date:        2005-07-16
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2004-1036 CAN-2005-0075 CAN-2005-0103
                   CAN-2005-0104
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

An updated SquirrelMail package that fixes a cross-site scripting
vulnerability is now available.

SquirrelMail is a webmail package written in PHP.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

A cross-site scripting bug has been found in SquirrelMail. This issue
could allow an attacker to send a mail with a carefully crafted header,
which could result in causing the victim's machine to execute a
malicious script. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2004-1036 to this issue.

Jimmy Conner discovered a missing variable initialization in
Squirrelmail. This flaw could allow potential insecure file inclusions
on servers where the PHP setting "register_globals" is set to "On". This
is not a default or recommended setting. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0075 to
this issue.

A URL sanitisation bug was found in Squirrelmail. This flaw could allow
a cross site scripting attack when loading the URL for the sidebar. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0103 to this issue.

A missing variable initialization bug was found in Squirrelmail. This
flaw could allow a cross site scripting attack. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-0104 to this issue.

Users of Squirrelmail are advised to upgrade to this updated package,
which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152900

6. RPMs required:

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/squirrelmail-1.4.3-0.f0.9.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/squirrelmail-1.4.3-0.f0.9.3.legacy.noarch.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/squirrelmail-1.4.3-0.f1.1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/squirrelmail-1.4.3-0.f1.1.2.legacy.noarch.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

3196c12423fef52a83ad5e4636f7b74793c8e63e
redhat/9/updates/i386/squirrelmail-1.4.3-0.f0.9.3.legacy.noarch.rpm
7a07ddaffdf6cb57a5990839ad17e4f27d29eaf7
redhat/9/updates/SRPMS/squirrelmail-1.4.3-0.f0.9.3.legacy.src.rpm
fee964ec13662fc69361810ed6a4a4d3f2c16196
fedora/1/updates/i386/squirrelmail-1.4.3-0.f1.1.2.legacy.noarch.rpm
3e0b6ab9bfb4b83c05de5d7ba3749e464ee2329d
fedora/1/updates/SRPMS/squirrelmail-1.4.3-0.f1.1.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0104

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




8.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated curl packages fix a security issue
Advisory ID:       FLSA:152917
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2005-0490
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated curl packages are now available.

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
Dict servers, using any of the supported protocols. cURL is designed
to work without user interaction or any kind of interactivity.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

Multiple buffer overflow bugs were found in the way curl processes
base64 encoded replies. If a victim can be tricked into visiting a URL
with curl, a malicious web server could execute arbitrary code on a
victim's machine. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0490 to this issue.

All users of curl are advised to upgrade to these updated packages,
which contain backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152917

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/curl-7.9.5-2.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/curl-7.9.5-2.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/curl-devel-7.9.5-2.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/curl-7.9.8-5.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/curl-7.9.8-5.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/curl-devel-7.9.8-5.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/curl-7.10.6-7.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/curl-7.10.6-7.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/curl-devel-7.10.6-7.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/curl-7.11.1-1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/curl-7.11.1-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/curl-devel-7.11.1-1.2.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

8032bf94d434873de3f02100fd8eb36b206cba02
redhat/7.3/updates/i386/curl-7.9.5-2.2.legacy.i386.rpm
2d95c39024f58f3a7897e58da3da39dd297c8109
redhat/7.3/updates/i386/curl-devel-7.9.5-2.2.legacy.i386.rpm
559d63a957091747972eb963a29642ef7c3835d7
redhat/7.3/updates/SRPMS/curl-7.9.5-2.2.legacy.src.rpm
ca02f070ca45c96cfb93157e88b81f96c4646051
redhat/9/updates/i386/curl-7.9.8-5.2.legacy.i386.rpm
57329416fa302765f25ba963bf9a6d334a225e72
redhat/9/updates/i386/curl-devel-7.9.8-5.2.legacy.i386.rpm
e793df5a65927b98203c0308972389cc80896749
redhat/9/updates/SRPMS/curl-7.9.8-5.2.legacy.src.rpm
c083d601e3b6f1c54dede72bb635e0215bb6230b
fedora/1/updates/i386/curl-7.10.6-7.2.legacy.i386.rpm
835a427b82413d4ccc83a17dbc0ea0204dfd1e4a
fedora/1/updates/i386/curl-devel-7.10.6-7.2.legacy.i386.rpm
cb59fc5fd7f74e1e5d407fe6fdd4d086e7f93bac
fedora/1/updates/SRPMS/curl-7.10.6-7.2.legacy.src.rpm
c8c23e7748058bd6965efb188fc02fc27bc1f1c1
fedora/2/updates/i386/curl-7.11.1-1.2.legacy.i386.rpm
401b44aeb653730fb6dcc7b83ecb88f9600f64cc
fedora/2/updates/i386/curl-devel-7.11.1-1.2.legacy.i386.rpm
d0fbc3ee3137034a02cdc136959f7e119daae817
fedora/2/updates/SRPMS/curl-7.11.1-1.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




9.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated mysql packages fix security issues
Advisory ID:       FLSA:152925
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2005-0709 CAN-2005-0710 CAN-2005-0711
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated mysql packages that fix various security issues are now
available.

MySQL is a multi-user, multi-threaded SQL database server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

This update fixes several security risks in the MySQL server.

Stefano Di Paola discovered two bugs in the way MySQL handles user-
defined functions. A user with the ability to create and execute a user
defined function could potentially execute arbitrary code on the MySQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues.

Stefano Di Paola also discovered a bug in the way MySQL creates
temporary tables. A local user could create a specially crafted symlink
which could result in the MySQL server overwriting a file which it has
write access to. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-0711 to this issue.

All users of the MySQL server are advised to upgrade to these updated
packages, which contain fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152925

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mysql-3.23.58-1.73.6.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-3.23.58-1.73.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-devel-3.23.58-1.73.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mysql-server-3.23.58-1.73.6.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mysql-3.23.58-1.90.6.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-3.23.58-1.90.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-devel-3.23.58-1.90.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mysql-server-3.23.58-1.90.6.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mysql-3.23.58-4.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-3.23.58-4.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-bench-3.23.58-4.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-devel-3.23.58-4.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mysql-server-3.23.58-4.4.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

6b9ad2acc6eaaebeef935feb6e32b1e59f8d1e94
redhat/7.3/updates/i386/mysql-3.23.58-1.73.6.legacy.i386.rpm
090bce8a56c5cc7fedbca223925eb9d15dca5cd5
redhat/7.3/updates/i386/mysql-devel-3.23.58-1.73.6.legacy.i386.rpm
8d8565f44b2de5f7d36274803d04e4b06e2abf81
redhat/7.3/updates/i386/mysql-server-3.23.58-1.73.6.legacy.i386.rpm
1d8f01787f7824c2d2638c8e48e9e8c03d7c0c28
redhat/7.3/updates/SRPMS/mysql-3.23.58-1.73.6.legacy.src.rpm
c838b40be12cd10b40f4b2c7e4c14c368734da23
redhat/9/updates/i386/mysql-3.23.58-1.90.6.legacy.i386.rpm
dc86a50ecfef42f4f85aaf798f84beea0bf656fa
redhat/9/updates/i386/mysql-devel-3.23.58-1.90.6.legacy.i386.rpm
dc24c3c52eeb2874b3547b0d2347e214b321da02
redhat/9/updates/i386/mysql-server-3.23.58-1.90.6.legacy.i386.rpm
4f713ffcf56fd07d19e12f291a87a4feea6fbd23
redhat/9/updates/SRPMS/mysql-3.23.58-1.90.6.legacy.src.rpm
ed3ddb39dbadf121a87348c9b7cfb3d6fc3917c4
fedora/1/updates/i386/mysql-3.23.58-4.4.legacy.i386.rpm
3c57f554ed37cbb29e05773c1527f389f4601b16
fedora/1/updates/i386/mysql-bench-3.23.58-4.4.legacy.i386.rpm
d08b91055dae251b192de109a453a4bbe03828c9
fedora/1/updates/i386/mysql-devel-3.23.58-4.4.legacy.i386.rpm
950b5116ba77127478cb02d5a9b7e23711376daf
fedora/1/updates/i386/mysql-server-3.23.58-4.4.legacy.i386.rpm
56257305e480c2db1669de92024033f7bb9f1702
fedora/1/updates/SRPMS/mysql-3.23.58-4.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




10.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated gdk-pixbuf packages fix a security issue
Advisory ID:       FLSA:154272
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2005-0891
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated gdk-pixbuf packages that fix a double free vulnerability are now
available.

The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

A bug was found in the way gdk-pixbuf processes BMP images. It is
possible that a specially crafted BMP image could cause a denial of
service attack on applications linked against gdk-pixbuf. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-0891 to this issue.

Users of gdk-pixbuf are advised to upgrade to these packages, which
contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154272

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gdk-pixbuf-0.22.0-7.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gdk-pixbuf-0.22.0-7.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gdk-pixbuf-devel-0.22.0-7.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gdk-pixbuf-gnome-0.22.0-7.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gdk-pixbuf-0.22.0-7.90.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/gdk-pixbuf-0.22.0-7.90.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/gdk-pixbuf-devel-0.22.0-7.90.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/gdk-pixbuf-gnome-0.22.0-7.90.3.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/gdk-pixbuf-0.22.0-11.3.4.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/gdk-pixbuf-0.22.0-11.3.4.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/gdk-pixbuf-devel-0.22.0-11.3.4.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/gdk-pixbuf-gnome-0.22.0-11.3.4.1.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

603ade3d2671dc2486de4e88e5753c390cfbe25c
redhat/7.3/updates/i386/gdk-pixbuf-0.22.0-7.73.3.legacy.i386.rpm
9af2cd78533f6aa3edf18e418f22972e96dd68b8
redhat/7.3/updates/i386/gdk-pixbuf-devel-0.22.0-7.73.3.legacy.i386.rpm
c23e9bfe47fa3e23d05da3d336f151f15f260467
redhat/7.3/updates/i386/gdk-pixbuf-gnome-0.22.0-7.73.3.legacy.i386.rpm
9b4c5298bcaff267cb7ffa0bbfe90e64f6f2d925
redhat/7.3/updates/SRPMS/gdk-pixbuf-0.22.0-7.73.3.legacy.src.rpm
34c176e0ff80d5cf680edd35aac08541a13cd4e6
redhat/9/updates/i386/gdk-pixbuf-0.22.0-7.90.3.legacy.i386.rpm
8dcb027f064d3a378f44354fbc8fbfdf54402113
redhat/9/updates/i386/gdk-pixbuf-devel-0.22.0-7.90.3.legacy.i386.rpm
53d96ae1336f7d4a442f239db2afc24ac91e27d5
redhat/9/updates/i386/gdk-pixbuf-gnome-0.22.0-7.90.3.legacy.i386.rpm
9fb12eae733ceca5606814fe6d46b9d2c2c63bd5
redhat/9/updates/SRPMS/gdk-pixbuf-0.22.0-7.90.3.legacy.src.rpm
26ad2e60b327e7f5d4d0a5056be6cd42b0bff150
fedora/1/updates/i386/gdk-pixbuf-0.22.0-11.3.4.1.legacy.i386.rpm
66885c30f770531c0dc53cc3715aa56633780613
fedora/1/updates/i386/gdk-pixbuf-devel-0.22.0-11.3.4.1.legacy.i386.rpm
f70ac09e0a5d768da740c37f1d5115589c6515e4
fedora/1/updates/i386/gdk-pixbuf-gnome-0.22.0-11.3.4.1.legacy.i386.rpm
2f70a1f23a819f242d916529e7b531d494ef45eb
fedora/1/updates/SRPMS/gdk-pixbuf-0.22.0-11.3.4.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0891

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------




11.


- ---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated mozilla packages fix security issues
Advisory ID:       FLSA:158149
Issue date:        2005-07-15
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CAN-2005-1476 CAN-2005-1477 CAN-2005-1531
                   CAN-2005-1532
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated mozilla packages that fix various security bugs are now
available.

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

Several bugs were found in the way Mozilla executes javascript code.
Javascript executed from a web page should run with a restricted access
level, preventing dangerous actions. It is possible that a malicious web
page could execute javascript code with elevated privileges, allowing
access to protected data and functions. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-1476,
CAN-2005-1477, CAN-2005-1531, and CAN-2005-1532 to these issues.

Users of Mozilla are advised to upgrade to this updated package, which
contains Mozilla version 1.7.8 to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158149

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.8-0.73.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-debugger-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-devel-1.7.8-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.14-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.8-0.90.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-inspector-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debugger-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-devel-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-devel-1.7.8-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0.90.3.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.8-1.1.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-inspector-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debugger-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-devel-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-devel-1.7.8-1.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8-1.fc1.3.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.8-1.2.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.4.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-inspector-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debugger-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-devel-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-devel-1.7.8-1.2.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10-0.2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-0.9.1-0.2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.7.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
- ---------------------------------------------------------------------

53bfba163e4771b025d445b797325241c2f64cc5
redhat/7.3/updates/i386/mozilla-1.7.8-0.73.1.legacy.i386.rpm
1adb3bd0f07970e08a68ad7885455291c715057e
redhat/7.3/updates/i386/mozilla-chat-1.7.8-0.73.1.legacy.i386.rpm
00b6c60d5595977f421566918da4c61aef8fe575
redhat/7.3/updates/i386/mozilla-devel-1.7.8-0.73.1.legacy.i386.rpm
8a41e399f0db66efd9ab716d0a6a8ff6d5d62566
redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.8-0.73.1.legacy.i386.rpm
f7d191586e65e40bff5a68efda356628dbfb5ecf
redhat/7.3/updates/i386/mozilla-js-debugger-1.7.8-0.73.1.legacy.i386.rpm
f3659f9a5c7f90abbc6e8ed95867103773f7a032
redhat/7.3/updates/i386/mozilla-mail-1.7.8-0.73.1.legacy.i386.rpm
b3891f513e1ac4473811b3fb9d6d6cf10fc793eb
redhat/7.3/updates/i386/mozilla-nspr-1.7.8-0.73.1.legacy.i386.rpm
4ec6616b781f1f94ad807525327084435b5be477
redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.8-0.73.1.legacy.i386.rpm
5af05b2836009b2081c3ac035ab82661a056705a
redhat/7.3/updates/i386/mozilla-nss-1.7.8-0.73.1.legacy.i386.rpm
3b41861da189e369bafdca92e22a7ba5cd403d3b
redhat/7.3/updates/i386/mozilla-nss-devel-1.7.8-0.73.1.legacy.i386.rpm
3c0dec35034ceec86ccbe5976d7bcaa937372c99
redhat/7.3/updates/SRPMS/mozilla-1.7.8-0.73.1.legacy.src.rpm
f1d71f876d9a14884a2c78e6f52b0d85eda58420
redhat/7.3/updates/i386/galeon-1.2.14-0.73.3.legacy.i386.rpm
c7c74a1d0c0e82963ae297b299870c0266a6fd29
redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.3.legacy.src.rpm
19f88b4dc5a45a4252dafe81ecefa575caafac72
redhat/9/updates/i386/mozilla-1.7.8-0.90.1.legacy.i386.rpm
575d3b0ede7f8b9f44b2e5490ac35df7a2b6dbf4
redhat/9/updates/i386/mozilla-chat-1.7.8-0.90.1.legacy.i386.rpm
378b0f97133657932c4cd3d37bc7253382ff4a36
redhat/9/updates/i386/mozilla-devel-1.7.8-0.90.1.legacy.i386.rpm
4d95a0a8aa165cf936ed8241429a6ab79eba2503
redhat/9/updates/i386/mozilla-dom-inspector-1.7.8-0.90.1.legacy.i386.rpm
65c8f757d727d0f9574a453487075150062d67f4
redhat/9/updates/i386/mozilla-js-debugger-1.7.8-0.90.1.legacy.i386.rpm
7293d848df84337a70c2a9a1b1d91761e74ec0a9
redhat/9/updates/i386/mozilla-mail-1.7.8-0.90.1.legacy.i386.rpm
1b82a4b2c9b949d81ee15847e8d60175a164012e
redhat/9/updates/i386/mozilla-nspr-1.7.8-0.90.1.legacy.i386.rpm
743753ebcfa235ab55d2973bf1f27f29edd58740
redhat/9/updates/i386/mozilla-nspr-devel-1.7.8-0.90.1.legacy.i386.rpm
581ba496932635198b89e90b73bdbc2e3960a535
redhat/9/updates/i386/mozilla-nss-1.7.8-0.90.1.legacy.i386.rpm
3a1564245d1fb4f7fec69dc8d804630ae0289846
redhat/9/updates/i386/mozilla-nss-devel-1.7.8-0.90.1.legacy.i386.rpm
d2ec94bec7f180a30689df5ef71dfce501803514
redhat/9/updates/SRPMS/mozilla-1.7.8-0.90.1.legacy.src.rpm
a9d0d67e3e1decf95935fb586e2c20169342a6d9
redhat/9/updates/i386/galeon-1.2.14-0.90.3.legacy.i386.rpm
05aeb7cbb8752b2329a8d8fdda5c8a79fcd6546f
redhat/9/updates/SRPMS/galeon-1.2.14-0.90.3.legacy.src.rpm
f2ccc30d5dee06f1154ba54adac985750e530adf
fedora/1/updates/i386/mozilla-1.7.8-1.1.1.legacy.i386.rpm
0048085efd174b33a9eeed00e48aa687aaee7f99
fedora/1/updates/i386/mozilla-chat-1.7.8-1.1.1.legacy.i386.rpm
d0d0cc511d4d2ffc84073927e34b38345f6abab9
fedora/1/updates/i386/mozilla-devel-1.7.8-1.1.1.legacy.i386.rpm
1b886dbcef418cc55ca974ca3d80850bffe30052
fedora/1/updates/i386/mozilla-dom-inspector-1.7.8-1.1.1.legacy.i386.rpm
177808f5cfe0aa7bd3aa881b3667f8c19c2e0269
fedora/1/updates/i386/mozilla-js-debugger-1.7.8-1.1.1.legacy.i386.rpm
1655745d989c7d66b8f99e0864be7860a59e92fe
fedora/1/updates/i386/mozilla-mail-1.7.8-1.1.1.legacy.i386.rpm
07b0a00586ef0daac144ef99b1af769bb93e9b8c
fedora/1/updates/i386/mozilla-nspr-1.7.8-1.1.1.legacy.i386.rpm
1d613a99f63808f47bc7187012c58211e455ba8d
fedora/1/updates/i386/mozilla-nspr-devel-1.7.8-1.1.1.legacy.i386.rpm
39ff2c9023453a8288010d4c51bfaa08575989f4
fedora/1/updates/i386/mozilla-nss-1.7.8-1.1.1.legacy.i386.rpm
4f48517697ddd63df94272a19ea381b591dad2f5
fedora/1/updates/i386/mozilla-nss-devel-1.7.8-1.1.1.legacy.i386.rpm
bcc8e1337881d00774d61109b795ff26dbaef05f
fedora/1/updates/SRPMS/mozilla-1.7.8-1.1.1.legacy.src.rpm
54323a70f1a98fed5e2cfe1f110ebe36e6b369f0
fedora/1/updates/i386/epiphany-1.0.8-1.fc1.3.legacy.i386.rpm
5fdcb7b6eb361740d92ee428c13896bf279d4d42
fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.3.legacy.src.rpm
4c9998181a6aec013277b6033fb76d995ca744fa
fedora/2/updates/i386/mozilla-1.7.8-1.2.1.legacy.i386.rpm
f63261e90613cc48ab9890481b9ba79dbe57e32f
fedora/2/updates/i386/mozilla-chat-1.7.8-1.2.1.legacy.i386.rpm
ac6deaaa97b6a07a751c85002e119158a65ae6bc
fedora/2/updates/i386/mozilla-devel-1.7.8-1.2.1.legacy.i386.rpm
31391d41a8e4580761ee6d8f769f98ac60695e6a
fedora/2/updates/i386/mozilla-dom-inspector-1.7.8-1.2.1.legacy.i386.rpm
dbc5b635361a4c81a16f40e24aa2b5a431bd8cb9
fedora/2/updates/i386/mozilla-js-debugger-1.7.8-1.2.1.legacy.i386.rpm
eb40fa6b6ea9a346a92940341b436a10db1447ab
fedora/2/updates/i386/mozilla-mail-1.7.8-1.2.1.legacy.i386.rpm
6d2ef4fcf9f89756e21a2446584e8e64a3ebc1f2
fedora/2/updates/i386/mozilla-nspr-1.7.8-1.2.1.legacy.i386.rpm
c1096bad603bf508c86e1dbef2a7def8dd5bc457
fedora/2/updates/i386/mozilla-nspr-devel-1.7.8-1.2.1.legacy.i386.rpm
8f576d7491bf3f342ca561f4fd0d7958204f90f1
fedora/2/updates/i386/mozilla-nss-1.7.8-1.2.1.legacy.i386.rpm
852ca275701aca0661fd10135432438f28f3dba4
fedora/2/updates/i386/mozilla-nss-devel-1.7.8-1.2.1.legacy.i386.rpm
4325b3cc4308aa7a0f38da1916b1660762470984
fedora/2/updates/SRPMS/mozilla-1.7.8-1.2.1.legacy.src.rpm
271bcd5329cd2de25c7e306bad38b7fb3c06e0d3
fedora/2/updates/i386/epiphany-1.2.10-0.2.4.legacy.i386.rpm
782fa5b86e1c01c6913c8c17ccba29a807de8443
fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.4.legacy.src.rpm
d90b234dbaeca4b4ade39c5b9dd56cefd6891e90
fedora/2/updates/i386/devhelp-0.9.1-0.2.7.legacy.i386.rpm
76064f34923bafe79ab89a47e2a95d944fdfda51
fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.7.legacy.i386.rpm
11d23437935e95917a803662e6475dc4ea8037ff
fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.7.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1532

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Fedora Legacy for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQtuEnYpao72zK539AQFDXwP+JmdXwLA5Tynh77kbm1eV1K8T7EETmDIz
p5h+IBbYGpwGCtCq1lqRPkbc8618O9n7OBBJD+VsmOCLI2E6FTK7dnK7HO37vvjs
rOVkLOHgijlelEd0PVjjobo8z6GIGDkhjQuBysRYARydhj5L7w405VSU3Apch1Ad
c9D4MMd2dM4=
=pm5s
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________