[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 612/05 - Red Hat - Two Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 612/05 dated 08.07.05  Time: 14:25  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Red Hat - Two Security Advisories:
     1.  Moderate: ruby security update          [RHSA-2005:543-01]
     2.  Moderate: squirrelmail security update  [RHSA-2005:595-02]


Detail
====== 

Security advisory summaries:

     1.  A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC
         server is launched in a certain way, it becomes possible for a remote
         attacker to execute arbitrary commands within the XMLRPC server.

     2.  An updated squirrelmail package that fixes two security issues is now
         available.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby security update
Advisory ID:       RHSA-2005:543-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-543.html
Issue date:        2005-08-05
Updated on:        2005-08-05
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1992
- - ---------------------------------------------------------------------

1. Summary:

Updated ruby packages that fix an arbitrary command execution issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC
server is launched in a certain way, it becomes possible for a remote
attacker to execute arbitrary commands within the XMLRPC server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1992 to this issue. 

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

161095 - CAN-2005-1992 ruby arbitrary command execution on XMLRPC server


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c  irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc  ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0  ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602  ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595  ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344  ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6  ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

ppc:
beb4d0fdf8d2f5f38651eba62dd6ba9e  irb-1.8.1-7.EL4.1.ppc.rpm
d8ed91625d984f15bd6c9b352e54aaec  ruby-1.8.1-7.EL4.1.ppc.rpm
cc105ec506abbd823bf8dc80fb7cec08  ruby-devel-1.8.1-7.EL4.1.ppc.rpm
51920db16a6ee64764898987d2026448  ruby-docs-1.8.1-7.EL4.1.ppc.rpm
b0c61ce2d92fc642e9b6d52c66e8040e  ruby-libs-1.8.1-7.EL4.1.ppc.rpm
a46badf51f3138a6620391f246729b0f  ruby-libs-1.8.1-7.EL4.1.ppc64.rpm
25c298da4b472459db1fc2b40c8db701  ruby-mode-1.8.1-7.EL4.1.ppc.rpm
60271fc79cbdff10cf5cb1ef722a39bd  ruby-tcltk-1.8.1-7.EL4.1.ppc.rpm

s390:
04aa2db064a7a762e5389b235b5daa91  irb-1.8.1-7.EL4.1.s390.rpm
f72f12eed8b173cb92bb511b1dbf3302  ruby-1.8.1-7.EL4.1.s390.rpm
6f86c9e7b69193900f580ede127b60b2  ruby-devel-1.8.1-7.EL4.1.s390.rpm
0b7143547b88db11492d4864cb701880  ruby-docs-1.8.1-7.EL4.1.s390.rpm
243c6aaea67f84a658fab8b8c31244db  ruby-libs-1.8.1-7.EL4.1.s390.rpm
40cdfa4be97de9aad1a6a9da689c059a  ruby-mode-1.8.1-7.EL4.1.s390.rpm
f2e934e2ebfdf5a6191106aec522a892  ruby-tcltk-1.8.1-7.EL4.1.s390.rpm

s390x:
11a8a4d354b51334138a0ea477bb4fd7  irb-1.8.1-7.EL4.1.s390x.rpm
f02bb4e23c656ab468d1537c1190a61c  ruby-1.8.1-7.EL4.1.s390x.rpm
63139e897479ddaf3e054e59fcd08526  ruby-devel-1.8.1-7.EL4.1.s390x.rpm
3e6448faa84b800efa597db361263727  ruby-docs-1.8.1-7.EL4.1.s390x.rpm
243c6aaea67f84a658fab8b8c31244db  ruby-libs-1.8.1-7.EL4.1.s390.rpm
cc7f3c4f5c0435cc6120a12781b2d5d4  ruby-libs-1.8.1-7.EL4.1.s390x.rpm
c9ea680fbc08965381d30fe5bb471da0  ruby-mode-1.8.1-7.EL4.1.s390x.rpm
295e384de3ce95eb0f0bcdaeda286d8d  ruby-tcltk-1.8.1-7.EL4.1.s390x.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c  irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc  ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0  ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602  ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595  ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344  ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6  ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm
31372062f0d881ce2c91e2d187b029d5  ruby-1.8.1-7.EL4.1.src.rpm

i386:
b9ab29ce32e70dd5471de91560bdd4f6  irb-1.8.1-7.EL4.1.i386.rpm
eba2cc72188020b2b9bbc5bbde939bb8  ruby-1.8.1-7.EL4.1.i386.rpm
4257ac1ab4709dfa464f81054bd12c39  ruby-devel-1.8.1-7.EL4.1.i386.rpm
dedecf5621f2859495d52f0b02282841  ruby-docs-1.8.1-7.EL4.1.i386.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
c380cbac78da65fbb897c646cb3b5459  ruby-mode-1.8.1-7.EL4.1.i386.rpm
e9e56dd4415929b52a4c90d6839659b9  ruby-tcltk-1.8.1-7.EL4.1.i386.rpm

ia64:
ed8843b0bfe19091e0c533d8db33196c  irb-1.8.1-7.EL4.1.ia64.rpm
4c5ce3e8cbb7c57cee6f66849fc763cc  ruby-1.8.1-7.EL4.1.ia64.rpm
34e76823bfaeda823383bde64d0df4e0  ruby-devel-1.8.1-7.EL4.1.ia64.rpm
21647391f11e72744b0be03dc8028602  ruby-docs-1.8.1-7.EL4.1.ia64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
b4073db97e76467866f7d85a45765595  ruby-libs-1.8.1-7.EL4.1.ia64.rpm
fa21b028a1b2a5799def731cb846b344  ruby-mode-1.8.1-7.EL4.1.ia64.rpm
193f81cc54cf1227b139a6e5ac119ea6  ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm

x86_64:
bc12397f3bb00edddf14f64f74ab67ba  irb-1.8.1-7.EL4.1.x86_64.rpm
b26063e6a2aa63710e6944d5bb79b453  ruby-1.8.1-7.EL4.1.x86_64.rpm
427f4782a84142f57a1af1b7c61cdf9d  ruby-devel-1.8.1-7.EL4.1.x86_64.rpm
f0c0d0ea9a30b3d3f66dfd8373e9b499  ruby-docs-1.8.1-7.EL4.1.x86_64.rpm
f7ed1bed02b2f79fe4cd097dc567a2c7  ruby-libs-1.8.1-7.EL4.1.i386.rpm
1725ca62b635102dfcbb093227acb20c  ruby-libs-1.8.1-7.EL4.1.x86_64.rpm
8cc745ce2f953090fb82ba0b85a0b63c  ruby-mode-1.8.1-7.EL4.1.x86_64.rpm
4bb79c1c55987a45937382465bc4522f  ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFC8235XlSAg2UNWIIRAp4bAJ9qABBnljFS367+VGWTEQt94CToOQCeKNJw
8BEFXOhNcrV4U/1FD3eOPSk=
=N/nD
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: squirrelmail security update
Advisory ID:       RHSA-2005:595-02
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-595.html
Issue date:        2005-08-03
Updated on:        2005-08-05
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2095 CAN-2005-1769
- - ---------------------------------------------------------------------

1. Summary:

An updated squirrelmail package that fixes two security issues is now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

[Updated 04 Aug 2005]
The previous SquirrelMail package released with this errata contained a bug
which rendered the addressbook unusable. The erratum has been updated with
a package which corrects this issue.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch
Red Hat Enterprise Linux AS version 4 - noarch
Red Hat Enterprise Linux Desktop version 4 - noarch
Red Hat Enterprise Linux ES version 4 - noarch
Red Hat Enterprise Linux WS version 4 - noarch

3. Problem description:

SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail handled the $_POST variable. If a
user is tricked into visiting a malicious URL, the user's SquirrelMail
preferences could be read or modified. The Common Vulnerabilities and
Exposures project assigned the name CAN-2005-2095 to this issue.

Several cross-site scripting bugs were discovered in SquirrelMail. An
attacker could inject arbitrary Javascript or HTML content into
SquirrelMail pages by tricking a user into visiting a carefully crafted
URL, or by sending them a carefully constructed HTML email message. The
Common Vulnerabilities and Exposures project assigned the name
CAN-2005-1769 to this issue. 

All users of SquirrelMail should upgrade to this updated package, which
contains backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

Additionally, users will have to bring up the "Network Proxy" dialog and
reset their keys for the settings to take place.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

160241 - CAN-2005-1769 Multiple XSS issues in squirrelmail
162275 - CAN-2005-2095 squirrelmail cross site posting issue


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm
51264a9a13d8166c6a0d45893043136a  squirrelmail-1.4.3a-11.EL3.src.rpm

noarch:
8bae28c011cc422745118524c6f9e4d5  squirrelmail-1.4.3a-11.EL3.noarch.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm
51264a9a13d8166c6a0d45893043136a  squirrelmail-1.4.3a-11.EL3.src.rpm

noarch:
8bae28c011cc422745118524c6f9e4d5  squirrelmail-1.4.3a-11.EL3.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm
51264a9a13d8166c6a0d45893043136a  squirrelmail-1.4.3a-11.EL3.src.rpm

noarch:
8bae28c011cc422745118524c6f9e4d5  squirrelmail-1.4.3a-11.EL3.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm
51264a9a13d8166c6a0d45893043136a  squirrelmail-1.4.3a-11.EL3.src.rpm

noarch:
8bae28c011cc422745118524c6f9e4d5  squirrelmail-1.4.3a-11.EL3.noarch.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm
95770004b2ff1aa0f0ed3819e8b077a0  squirrelmail-1.4.3a-12.EL4.src.rpm

noarch:
d5cbae9acad77bd520328aed41841904  squirrelmail-1.4.3a-12.EL4.noarch.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm
95770004b2ff1aa0f0ed3819e8b077a0  squirrelmail-1.4.3a-12.EL4.src.rpm

noarch:
d5cbae9acad77bd520328aed41841904  squirrelmail-1.4.3a-12.EL4.noarch.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm
95770004b2ff1aa0f0ed3819e8b077a0  squirrelmail-1.4.3a-12.EL4.src.rpm

noarch:
d5cbae9acad77bd520328aed41841904  squirrelmail-1.4.3a-12.EL4.noarch.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm
95770004b2ff1aa0f0ed3819e8b077a0  squirrelmail-1.4.3a-12.EL4.src.rpm

noarch:
d5cbae9acad77bd520328aed41841904  squirrelmail-1.4.3a-12.EL4.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1769

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFC824PXlSAg2UNWIIRAo6oAJ0blrhAkASHndgkoySeWwKsHYrR8wCeJz76
oDjMcEg7Hk4FYE9vDpHIbFM=
=LQmk
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQvddIYpao72zK539AQHY8QP+JyMuPRVQ2ndbCx9JiEUgu6vZ/AbHCr4k
tkaIObp+pC4n4TCQFLgity1IJONnAEEenwceDrcq7a+9TA9NlTX4efmpFWINYz2I
0FXFo3F5xEtgVLYu+pyVHyiga7VcK+xmib1PyhGwfdyMmmxgmI+sj20AElYpkwe6
lj73jrX3CfA=
=/0WP
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________