[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 658/05 - Red Hat - Four Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 657/05 dated 22.08.05  Time: 16:05
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Red Hat - Four Security Advisories:
     1.  Low: netpbm security update     [RHSA-2005:743]
     2.  Low: vim security update        [RHSA-2005:745]
     3.  Low: slocate security update    [RHSA-2005:747]
     4.  Important: php security update  [RHSA-2005:748]


Detail
====== 

Security advisory summaries:

     1.  A bug was found in the way netpbm converts PostScript files into PBM, PGM
         or PPM files.  An attacker could create a carefully crafted PostScript file
         in such a way that it could execute arbitrary commands when the
         file is processed by a victim using pstopnm.

     2.  A bug was found in the way VIM processes modelines. If a user with
         modelines enabled opens a text file with a carefully crafted modeline,
         arbitrary commands may be executed as the user running VIM.

     3.  A bug was found in the way slocate processes very long paths. A local user
         could create a carefully crafted directory structure that would prevent
         updatedb from completing its file system scan, resulting in an incomplete
         slocate database. 

     4.  A bug was discovered in the PEAR XML-RPC Server package included in PHP. If
         a PHP script is used which implements an XML-RPC Server using the PEAR
         XML-RPC package, then it is possible for a remote attacker to construct an
         XML-RPC request which can cause PHP to execute arbitrary PHP commands as
         the 'apache' user.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: netpbm security update
Advisory ID:       RHSA-2005:743-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-743.html
Issue date:        2005-08-22
Updated on:        2005-08-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2471
- - ---------------------------------------------------------------------

1. Summary:

Updated netpbm packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps) and others.

A bug was found in the way netpbm converts PostScript files into PBM, PGM
or PPM files.  An attacker could create a carefully crafted PostScript file
in such a way that it could execute arbitrary commands when the
file is processed by a victim using pstopnm.  The Common Vulnerabilities
and Exposures project assigned the name CAN-2005-2471 to this issue.

All users of netpbm should upgrade to the updated packages, which
contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

165354 - CAN-2005-2471 netpbm should use the -dSAFER option when calling Ghostscript


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm
811dca197324094d79f4242325b08609  netpbm-9.24-9.AS21.4.src.rpm

i386:
ac0b56e01dd861b14e4510a793c9ea8e  netpbm-9.24-9.AS21.4.i386.rpm
b7d87039c032a6dbf6b7831d18e7a103  netpbm-devel-9.24-9.AS21.4.i386.rpm
9befb02310e527a72767c80e21e47eda  netpbm-progs-9.24-9.AS21.4.i386.rpm

ia64:
8286f19e1a7d5ad225c4ca1515d3bbbf  netpbm-9.24-9.AS21.4.ia64.rpm
20d1855ff0ecb091485c02d495433239  netpbm-devel-9.24-9.AS21.4.ia64.rpm
00d36b5c9a0aa343e0cb26ca578490e5  netpbm-progs-9.24-9.AS21.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm
811dca197324094d79f4242325b08609  netpbm-9.24-9.AS21.4.src.rpm

ia64:
8286f19e1a7d5ad225c4ca1515d3bbbf  netpbm-9.24-9.AS21.4.ia64.rpm
20d1855ff0ecb091485c02d495433239  netpbm-devel-9.24-9.AS21.4.ia64.rpm
00d36b5c9a0aa343e0cb26ca578490e5  netpbm-progs-9.24-9.AS21.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm
811dca197324094d79f4242325b08609  netpbm-9.24-9.AS21.4.src.rpm

i386:
ac0b56e01dd861b14e4510a793c9ea8e  netpbm-9.24-9.AS21.4.i386.rpm
b7d87039c032a6dbf6b7831d18e7a103  netpbm-devel-9.24-9.AS21.4.i386.rpm
9befb02310e527a72767c80e21e47eda  netpbm-progs-9.24-9.AS21.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm
811dca197324094d79f4242325b08609  netpbm-9.24-9.AS21.4.src.rpm

i386:
ac0b56e01dd861b14e4510a793c9ea8e  netpbm-9.24-9.AS21.4.i386.rpm
b7d87039c032a6dbf6b7831d18e7a103  netpbm-devel-9.24-9.AS21.4.i386.rpm
9befb02310e527a72767c80e21e47eda  netpbm-progs-9.24-9.AS21.4.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm
0cbc57173d4c67641b1cd4c6d554d7d5  netpbm-9.24-11.30.2.src.rpm

i386:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
e00bf44ef1264face9d30f1f3ea447f0  netpbm-devel-9.24-11.30.2.i386.rpm
577fbbf1e292e68e33673505db2f27b8  netpbm-progs-9.24-11.30.2.i386.rpm

ia64:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
8c62264a5d040d869228ef07c356d511  netpbm-9.24-11.30.2.ia64.rpm
70717ab0600b1f0d9fddb7c3ce55a726  netpbm-devel-9.24-11.30.2.ia64.rpm
0cb39d2f07227be71af3e90ac228ac5d  netpbm-progs-9.24-11.30.2.ia64.rpm

ppc:
8810fb53342e7c9b54777dd15157980d  netpbm-9.24-11.30.2.ppc.rpm
c8a377dcabf4cb2700b5d2921b0f36d6  netpbm-9.24-11.30.2.ppc64.rpm
d5abadde29b8ffcb4dc4ce33ba51e160  netpbm-devel-9.24-11.30.2.ppc.rpm
cdca8f666ca2f2e6e6d73173cc078cda  netpbm-progs-9.24-11.30.2.ppc.rpm

s390:
ae7c0c83795b2f9d919d632ecbec98e4  netpbm-9.24-11.30.2.s390.rpm
4f77dc9899e24faa336881dc90f049f4  netpbm-devel-9.24-11.30.2.s390.rpm
f6949ce9913ee9c6b4ae5c1282d45ec8  netpbm-progs-9.24-11.30.2.s390.rpm

s390x:
ae7c0c83795b2f9d919d632ecbec98e4  netpbm-9.24-11.30.2.s390.rpm
42f272052b23f14c4593d59613110e4f  netpbm-9.24-11.30.2.s390x.rpm
f192270764af4be44d9040e8ee0960fc  netpbm-devel-9.24-11.30.2.s390x.rpm
cba3eb031401a348108e762b26a558d7  netpbm-progs-9.24-11.30.2.s390x.rpm

x86_64:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
aeeb5e951717021ee5c3e0bcc25106f4  netpbm-9.24-11.30.2.x86_64.rpm
077468df7b231dfc7940c683d8c0d61c  netpbm-devel-9.24-11.30.2.x86_64.rpm
895c4f320449d7458705b79262f8566c  netpbm-progs-9.24-11.30.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm
0cbc57173d4c67641b1cd4c6d554d7d5  netpbm-9.24-11.30.2.src.rpm

i386:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
e00bf44ef1264face9d30f1f3ea447f0  netpbm-devel-9.24-11.30.2.i386.rpm
577fbbf1e292e68e33673505db2f27b8  netpbm-progs-9.24-11.30.2.i386.rpm

x86_64:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
aeeb5e951717021ee5c3e0bcc25106f4  netpbm-9.24-11.30.2.x86_64.rpm
077468df7b231dfc7940c683d8c0d61c  netpbm-devel-9.24-11.30.2.x86_64.rpm
895c4f320449d7458705b79262f8566c  netpbm-progs-9.24-11.30.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm
0cbc57173d4c67641b1cd4c6d554d7d5  netpbm-9.24-11.30.2.src.rpm

i386:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
e00bf44ef1264face9d30f1f3ea447f0  netpbm-devel-9.24-11.30.2.i386.rpm
577fbbf1e292e68e33673505db2f27b8  netpbm-progs-9.24-11.30.2.i386.rpm

ia64:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
8c62264a5d040d869228ef07c356d511  netpbm-9.24-11.30.2.ia64.rpm
70717ab0600b1f0d9fddb7c3ce55a726  netpbm-devel-9.24-11.30.2.ia64.rpm
0cb39d2f07227be71af3e90ac228ac5d  netpbm-progs-9.24-11.30.2.ia64.rpm

x86_64:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
aeeb5e951717021ee5c3e0bcc25106f4  netpbm-9.24-11.30.2.x86_64.rpm
077468df7b231dfc7940c683d8c0d61c  netpbm-devel-9.24-11.30.2.x86_64.rpm
895c4f320449d7458705b79262f8566c  netpbm-progs-9.24-11.30.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm
0cbc57173d4c67641b1cd4c6d554d7d5  netpbm-9.24-11.30.2.src.rpm

i386:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
e00bf44ef1264face9d30f1f3ea447f0  netpbm-devel-9.24-11.30.2.i386.rpm
577fbbf1e292e68e33673505db2f27b8  netpbm-progs-9.24-11.30.2.i386.rpm

ia64:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
8c62264a5d040d869228ef07c356d511  netpbm-9.24-11.30.2.ia64.rpm
70717ab0600b1f0d9fddb7c3ce55a726  netpbm-devel-9.24-11.30.2.ia64.rpm
0cb39d2f07227be71af3e90ac228ac5d  netpbm-progs-9.24-11.30.2.ia64.rpm

x86_64:
54e4b9b1f3148d653642b0207bb95a05  netpbm-9.24-11.30.2.i386.rpm
aeeb5e951717021ee5c3e0bcc25106f4  netpbm-9.24-11.30.2.x86_64.rpm
077468df7b231dfc7940c683d8c0d61c  netpbm-devel-9.24-11.30.2.x86_64.rpm
895c4f320449d7458705b79262f8566c  netpbm-progs-9.24-11.30.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm
869e0f21cfd0377739445c391731eedd  netpbm-10.25-2.EL4.1.src.rpm

i386:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
1dbb7efb0c0263385155d384d4391b98  netpbm-devel-10.25-2.EL4.1.i386.rpm
171ac58a455d11573617987a1d1491b5  netpbm-progs-10.25-2.EL4.1.i386.rpm

ia64:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
880f3a657940bc52db851023867a0352  netpbm-10.25-2.EL4.1.ia64.rpm
71a8155fef4920eb70a810731fc5f692  netpbm-devel-10.25-2.EL4.1.ia64.rpm
d37c2f791950d4956a628ecbb8747615  netpbm-progs-10.25-2.EL4.1.ia64.rpm

ppc:
cc0188a8ccbddfda6740ac2022e8863f  netpbm-10.25-2.EL4.1.ppc.rpm
b058426aed7fac9f713733f457744538  netpbm-10.25-2.EL4.1.ppc64.rpm
8a540650f6c8902973b3e8df86a8b154  netpbm-devel-10.25-2.EL4.1.ppc.rpm
b8cc6b71ad253855729e181bc5efecdc  netpbm-progs-10.25-2.EL4.1.ppc.rpm

s390:
19f7fa268d1030ed163ee10c578bd915  netpbm-10.25-2.EL4.1.s390.rpm
6ffe8964ea0ddd43ebd3ae1ce7710c89  netpbm-devel-10.25-2.EL4.1.s390.rpm
ca7ec7adb7519cde1ea22407e412bf04  netpbm-progs-10.25-2.EL4.1.s390.rpm

s390x:
19f7fa268d1030ed163ee10c578bd915  netpbm-10.25-2.EL4.1.s390.rpm
146544c0a2ad3b1dce15cfe1957d98cf  netpbm-10.25-2.EL4.1.s390x.rpm
744c222b67dbb77f83d60ba9fc45e9eb  netpbm-devel-10.25-2.EL4.1.s390x.rpm
a7d0e17a1693d02734ffebc4d00496bb  netpbm-progs-10.25-2.EL4.1.s390x.rpm

x86_64:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
79ab9dcf0c19661719ef8d19d778aea0  netpbm-10.25-2.EL4.1.x86_64.rpm
cddf4e0c5e2bbcac02002376e7830ae8  netpbm-devel-10.25-2.EL4.1.x86_64.rpm
1de2e67ae51b427005999b2ad413c5d6  netpbm-progs-10.25-2.EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm
869e0f21cfd0377739445c391731eedd  netpbm-10.25-2.EL4.1.src.rpm

i386:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
1dbb7efb0c0263385155d384d4391b98  netpbm-devel-10.25-2.EL4.1.i386.rpm
171ac58a455d11573617987a1d1491b5  netpbm-progs-10.25-2.EL4.1.i386.rpm

x86_64:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
79ab9dcf0c19661719ef8d19d778aea0  netpbm-10.25-2.EL4.1.x86_64.rpm
cddf4e0c5e2bbcac02002376e7830ae8  netpbm-devel-10.25-2.EL4.1.x86_64.rpm
1de2e67ae51b427005999b2ad413c5d6  netpbm-progs-10.25-2.EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm
869e0f21cfd0377739445c391731eedd  netpbm-10.25-2.EL4.1.src.rpm

i386:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
1dbb7efb0c0263385155d384d4391b98  netpbm-devel-10.25-2.EL4.1.i386.rpm
171ac58a455d11573617987a1d1491b5  netpbm-progs-10.25-2.EL4.1.i386.rpm

ia64:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
880f3a657940bc52db851023867a0352  netpbm-10.25-2.EL4.1.ia64.rpm
71a8155fef4920eb70a810731fc5f692  netpbm-devel-10.25-2.EL4.1.ia64.rpm
d37c2f791950d4956a628ecbb8747615  netpbm-progs-10.25-2.EL4.1.ia64.rpm

x86_64:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
79ab9dcf0c19661719ef8d19d778aea0  netpbm-10.25-2.EL4.1.x86_64.rpm
cddf4e0c5e2bbcac02002376e7830ae8  netpbm-devel-10.25-2.EL4.1.x86_64.rpm
1de2e67ae51b427005999b2ad413c5d6  netpbm-progs-10.25-2.EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm
869e0f21cfd0377739445c391731eedd  netpbm-10.25-2.EL4.1.src.rpm

i386:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
1dbb7efb0c0263385155d384d4391b98  netpbm-devel-10.25-2.EL4.1.i386.rpm
171ac58a455d11573617987a1d1491b5  netpbm-progs-10.25-2.EL4.1.i386.rpm

ia64:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
880f3a657940bc52db851023867a0352  netpbm-10.25-2.EL4.1.ia64.rpm
71a8155fef4920eb70a810731fc5f692  netpbm-devel-10.25-2.EL4.1.ia64.rpm
d37c2f791950d4956a628ecbb8747615  netpbm-progs-10.25-2.EL4.1.ia64.rpm

x86_64:
4c9721788faee4772a53714354ddeeaf  netpbm-10.25-2.EL4.1.i386.rpm
79ab9dcf0c19661719ef8d19d778aea0  netpbm-10.25-2.EL4.1.x86_64.rpm
cddf4e0c5e2bbcac02002376e7830ae8  netpbm-devel-10.25-2.EL4.1.x86_64.rpm
1de2e67ae51b427005999b2ad413c5d6  netpbm-progs-10.25-2.EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2471

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDCd5JXlSAg2UNWIIRAsQfAJ9z6t0YOvu74lYoGq+Guok8aJBLsQCfRJvk
S/v3VzWuL2OSlctXOqkJEtc=
=wy6K
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: vim security update
Advisory ID:       RHSA-2005:745-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-745.html
Issue date:        2005-08-22
Updated on:        2005-08-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2368
- - ---------------------------------------------------------------------

1. Summary:

Updated vim packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

VIM (VIsual editor iMproved) is a version of the vi editor.   

A bug was found in the way VIM processes modelines. If a user with
modelines enabled opens a text file with a carefully crafted modeline,
arbitrary commands may be executed as the user running VIM. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-2368
to this issue.
 
Users of VIM are advised to upgrade to these updated packages, which
resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata 
relevant to your system have been applied. 
 
This update is available via Red Hat Network.  To use Red Hat Network, 
launch the Red Hat Update Agent with the following command: 
 
up2date 
 
This will start an interactive process that will result in the 
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

164279 - CAN-2005-2368 vim modeline arbitrary command execution


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f  vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a  vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce  vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79  vim-minimal-6.0-7.22.i386.rpm

ia64:
a59088f23c02c6f9d52d4d630a38eda6  vim-X11-6.0-7.22.ia64.rpm
eec185f945687b4e40ab7bf531de6229  vim-common-6.0-7.22.ia64.rpm
bd90b0f4c9b28ed43ba28acd2f8a312f  vim-enhanced-6.0-7.22.ia64.rpm
54578b4ca37bad8ff0a3be7a4b654d0c  vim-minimal-6.0-7.22.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

ia64:
a59088f23c02c6f9d52d4d630a38eda6  vim-X11-6.0-7.22.ia64.rpm
eec185f945687b4e40ab7bf531de6229  vim-common-6.0-7.22.ia64.rpm
bd90b0f4c9b28ed43ba28acd2f8a312f  vim-enhanced-6.0-7.22.ia64.rpm
54578b4ca37bad8ff0a3be7a4b654d0c  vim-minimal-6.0-7.22.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f  vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a  vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce  vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79  vim-minimal-6.0-7.22.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/vim-6.0-7.22.src.rpm
719114adb0832e14e2e88e6ff83a6ffe  vim-6.0-7.22.src.rpm

i386:
104bac9feab3d01ea8925c0481f0804f  vim-X11-6.0-7.22.i386.rpm
99ee9e8ff887b9478b2fa8395edc2c6a  vim-common-6.0-7.22.i386.rpm
27bfb5ae7f01b5d33100d0c71c1b18ce  vim-enhanced-6.0-7.22.i386.rpm
16abf305958e4491998f58de45703b79  vim-minimal-6.0-7.22.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58  vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d  vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c  vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5  vim-minimal-6.3.046-0.30E.4.ia64.rpm

ppc:
813ffad3b98f8c892b8c5903e4d27d2e  vim-X11-6.3.046-0.30E.4.ppc.rpm
5c2ca151372e51d5a20b10cce19890bf  vim-common-6.3.046-0.30E.4.ppc.rpm
221fe7968c756a0f00072421aaf30158  vim-enhanced-6.3.046-0.30E.4.ppc.rpm
fb5741c3b749ca84ecdb09d211d5898b  vim-minimal-6.3.046-0.30E.4.ppc.rpm

s390:
65d7f40c16974dd9072100f1f1f7d1d1  vim-X11-6.3.046-0.30E.4.s390.rpm
2d48d6be2667ad5ec03e06700c945175  vim-common-6.3.046-0.30E.4.s390.rpm
ce22307cf11d8426505791ca6d233cb6  vim-enhanced-6.3.046-0.30E.4.s390.rpm
a4a0e10883721dc72b1febf19bd89c6c  vim-minimal-6.3.046-0.30E.4.s390.rpm

s390x:
5547916eb79a26e110fa4c684f4112e6  vim-X11-6.3.046-0.30E.4.s390x.rpm
b345578932db26bff59472a8bab31d4a  vim-common-6.3.046-0.30E.4.s390x.rpm
ddedf5962c2e1564b5a819e8d2e07b90  vim-enhanced-6.3.046-0.30E.4.s390x.rpm
b2a44ba8b8211147931a652e10780b15  vim-minimal-6.3.046-0.30E.4.s390x.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58  vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d  vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c  vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5  vim-minimal-6.3.046-0.30E.4.ia64.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm
b641243591379284dac93099ecf5d97d  vim-6.3.046-0.30E.4.src.rpm

i386:
62a9c4c046c7ca958b0b6904261dfb0e  vim-X11-6.3.046-0.30E.4.i386.rpm
4696813b685d6afd35be1496978e7dbe  vim-common-6.3.046-0.30E.4.i386.rpm
91335f3fe94955e8214df17e5c90083f  vim-enhanced-6.3.046-0.30E.4.i386.rpm
44b31284599dea17971d04d69831f8fb  vim-minimal-6.3.046-0.30E.4.i386.rpm

ia64:
6f9589a9d973060b71f642cf727e2f58  vim-X11-6.3.046-0.30E.4.ia64.rpm
2ceba89647f26fdf8c7e893d8bfa7e8d  vim-common-6.3.046-0.30E.4.ia64.rpm
73c566459e7e8de46cc6f19431a57b2c  vim-enhanced-6.3.046-0.30E.4.ia64.rpm
8087a713fd9d3cdbf1074926519166d5  vim-minimal-6.3.046-0.30E.4.ia64.rpm

x86_64:
f486ae74052fd72b3232e03c6d04892d  vim-X11-6.3.046-0.30E.4.x86_64.rpm
0ba8572080b6337f494cea32402b8770  vim-common-6.3.046-0.30E.4.x86_64.rpm
023d6e760c0ed69bb4d266ac9e95c5aa  vim-enhanced-6.3.046-0.30E.4.x86_64.rpm
dbda6a6fa0e3fb84b656d7bbedf589d9  vim-minimal-6.3.046-0.30E.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a  vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2  vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb  vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac  vim-minimal-6.3.046-0.40E.7.ia64.rpm

ppc:
5ad278b1e5491d8e8c972e9a77a58255  vim-X11-6.3.046-0.40E.7.ppc.rpm
1db40dd090924c092f2de2e3a6feb92e  vim-common-6.3.046-0.40E.7.ppc.rpm
68a488570856102b877df40c21d9533d  vim-enhanced-6.3.046-0.40E.7.ppc.rpm
0100e370d117ee4f3519a0082be21797  vim-minimal-6.3.046-0.40E.7.ppc.rpm

s390:
71667bd231b7e487dfa358f6778a3e4b  vim-X11-6.3.046-0.40E.7.s390.rpm
a84d5604e9d2774ad021433a56194a94  vim-common-6.3.046-0.40E.7.s390.rpm
9f71ff6c9a67e6274d9001852a3c8b19  vim-enhanced-6.3.046-0.40E.7.s390.rpm
171d74ca135383894c1ed0beb01c8c1e  vim-minimal-6.3.046-0.40E.7.s390.rpm

s390x:
fa609585aa9e1560d54b06aeefc9719a  vim-X11-6.3.046-0.40E.7.s390x.rpm
4c76afa7473c9b84af1b4c02969fa931  vim-common-6.3.046-0.40E.7.s390x.rpm
879bddaefa444fc0ae4fb1b44aa93869  vim-enhanced-6.3.046-0.40E.7.s390x.rpm
51b8c7371ea60611350746b9e5ac68ea  vim-minimal-6.3.046-0.40E.7.s390x.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a  vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2  vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb  vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac  vim-minimal-6.3.046-0.40E.7.ia64.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm
998b74b81555dd0de71aff94af5974bc  vim-6.3.046-0.40E.7.src.rpm

i386:
4b5da36806ad3797360adc3bdcdb228e  vim-X11-6.3.046-0.40E.7.i386.rpm
6318e32a59fbb384b134bb7374c55b86  vim-common-6.3.046-0.40E.7.i386.rpm
1f22c28d6d856ece02748167a9369f6d  vim-enhanced-6.3.046-0.40E.7.i386.rpm
206c32710b4bc504c2be35b4b5ecf127  vim-minimal-6.3.046-0.40E.7.i386.rpm

ia64:
ef7404bd22dbd423098bf698e6ecb26a  vim-X11-6.3.046-0.40E.7.ia64.rpm
ad363dd68e1b7a17124c9fb53366b4c2  vim-common-6.3.046-0.40E.7.ia64.rpm
f51bfd05a709cf238a8cc7ded20486cb  vim-enhanced-6.3.046-0.40E.7.ia64.rpm
16d524482f33edb3330e1e7be7e2b5ac  vim-minimal-6.3.046-0.40E.7.ia64.rpm

x86_64:
ebd79be3473d17260d4facd9509a73e6  vim-X11-6.3.046-0.40E.7.x86_64.rpm
7d2ae388363aaa07f110739706b13599  vim-common-6.3.046-0.40E.7.x86_64.rpm
c8057314de1c5e21bf34cf064b512964  vim-enhanced-6.3.046-0.40E.7.x86_64.rpm
271b29bbb88eb5b453d9a70c3207338a  vim-minimal-6.3.046-0.40E.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDCd5UXlSAg2UNWIIRApPbAJsGqtRhB0WDZdiiqOHUxMOf3PhAVgCdGY/v
9TDz3N/seCyAmHw4BJPxNYE=
=niXL
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: slocate security update
Advisory ID:       RHSA-2005:747-02
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-747.html
Issue date:        2005-08-22
Updated on:        2005-08-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2499
- - ---------------------------------------------------------------------

1. Summary:

An updated slocate package that fixes a denial of service issue is now
available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Slocate is a security-enhanced version of locate. Like locate, slocate
searches through a nightly-updated central database for files that match a
given pattern.

A bug was found in the way slocate processes very long paths. A local user
could create a carefully crafted directory structure that would prevent
updatedb from completing its file system scan, resulting in an incomplete
slocate database. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-2499 to this issue.

Users are advised to upgrade to this updated package, which includes a
backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

165430 - CAN-2005-2499 slocate DOS


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm
48bc2399648a71b9cdc6f7eee3457f5c  slocate-2.7-1.el2.1.src.rpm

i386:
422f42516805c04797c817a4e8c4d333  slocate-2.7-1.el2.1.i386.rpm

ia64:
68f823b854a10eec8a180b05cca7a240  slocate-2.7-1.el2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm
48bc2399648a71b9cdc6f7eee3457f5c  slocate-2.7-1.el2.1.src.rpm

ia64:
68f823b854a10eec8a180b05cca7a240  slocate-2.7-1.el2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm
48bc2399648a71b9cdc6f7eee3457f5c  slocate-2.7-1.el2.1.src.rpm

i386:
422f42516805c04797c817a4e8c4d333  slocate-2.7-1.el2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm
48bc2399648a71b9cdc6f7eee3457f5c  slocate-2.7-1.el2.1.src.rpm

i386:
422f42516805c04797c817a4e8c4d333  slocate-2.7-1.el2.1.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2499

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDCeA5XlSAg2UNWIIRAoS6AJ9Jic50A9zX3HHTbGiodEaG4N0HCgCgoygR
AznF3V+gwnjw3LRKSiBMH0E=
=v3Cf
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: php security update
Advisory ID:       RHSA-2005:748-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-748.html
Issue date:        2005-08-19
Updated on:        2005-08-19
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2498
- - ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix a security issue are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A bug was discovered in the PEAR XML-RPC Server package included in PHP. If
a PHP script is used which implements an XML-RPC Server using the PEAR
XML-RPC package, then it is possible for a remote attacker to construct an
XML-RPC request which can cause PHP to execute arbitrary PHP commands as
the 'apache' user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-2498 to this issue.

When using the default SELinux "targeted" policy on Red Hat Enterprise
Linux 4, the impact of this issue is reduced since the scripts executed by
PHP are constrained within the httpd_sys_script_t security context.

Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

165846 - CAN-2005-2498 PHP PEAR:XMLRPC eval code injection


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

ia64:
9a4dbeb30cc5405a7a48e1bc02f363ea  php-4.3.2-25.ent.ia64.rpm
853345e24ec67719dc509a8efac7fc1f  php-devel-4.3.2-25.ent.ia64.rpm
55611e3eb2ad4386eaf9f2aeefbae207  php-imap-4.3.2-25.ent.ia64.rpm
0b5e1dfb9ff9299cd0b9d27bfdba8c09  php-ldap-4.3.2-25.ent.ia64.rpm
f734685a65e4224edc92cc64ac5e995e  php-mysql-4.3.2-25.ent.ia64.rpm
21c6e481bcece62c684f5cc7dcddb8f9  php-odbc-4.3.2-25.ent.ia64.rpm
d1cad3dac8d7f922990853ff48478f97  php-pgsql-4.3.2-25.ent.ia64.rpm

ppc:
7eca26595c589909d14f1304ba2ee375  php-4.3.2-25.ent.ppc.rpm
580e11d514426001888b1330cb1e1cce  php-devel-4.3.2-25.ent.ppc.rpm
8bd6ff8a589e48582b1ad2ab3d0b3d55  php-imap-4.3.2-25.ent.ppc.rpm
447160dea22d85fd27e7a58fcf3958b9  php-ldap-4.3.2-25.ent.ppc.rpm
c3690c46988ded0628a05b970efbbe74  php-mysql-4.3.2-25.ent.ppc.rpm
1c993e2d91f8885b747fada9911d43f2  php-odbc-4.3.2-25.ent.ppc.rpm
9d90e82de707dda53eaab3ce775da349  php-pgsql-4.3.2-25.ent.ppc.rpm

s390:
a5689c1761a08e33c0c28e0aec878d69  php-4.3.2-25.ent.s390.rpm
a8762e56d83756f462b13f5d5a2303e7  php-devel-4.3.2-25.ent.s390.rpm
546936bc35e28275086aa5461e7fe8fe  php-imap-4.3.2-25.ent.s390.rpm
4b7239fe911530391679eb68e5348ceb  php-ldap-4.3.2-25.ent.s390.rpm
e6e9819c2421ac68fb27a33de1a9ea4a  php-mysql-4.3.2-25.ent.s390.rpm
c06f394b3c9410342623ef004658d923  php-odbc-4.3.2-25.ent.s390.rpm
a49b311fd89c0c92d85e87ba064d24cb  php-pgsql-4.3.2-25.ent.s390.rpm

s390x:
f249944850b28f3c11318e8c19d1ace9  php-4.3.2-25.ent.s390x.rpm
60f7b03fe3e933319a24b0670a56b1bc  php-devel-4.3.2-25.ent.s390x.rpm
c7036910984bd31a3d60c51427e39747  php-imap-4.3.2-25.ent.s390x.rpm
6dad978fbd65a0b008401d8a0e421f7d  php-ldap-4.3.2-25.ent.s390x.rpm
930d2e0c4aa0d09c2756a3e6760e00d3  php-mysql-4.3.2-25.ent.s390x.rpm
5f231e51c0de5c41419d49723ad3e46f  php-odbc-4.3.2-25.ent.s390x.rpm
b3750b470d85481353c41428b83277d2  php-pgsql-4.3.2-25.ent.s390x.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

ia64:
9a4dbeb30cc5405a7a48e1bc02f363ea  php-4.3.2-25.ent.ia64.rpm
853345e24ec67719dc509a8efac7fc1f  php-devel-4.3.2-25.ent.ia64.rpm
55611e3eb2ad4386eaf9f2aeefbae207  php-imap-4.3.2-25.ent.ia64.rpm
0b5e1dfb9ff9299cd0b9d27bfdba8c09  php-ldap-4.3.2-25.ent.ia64.rpm
f734685a65e4224edc92cc64ac5e995e  php-mysql-4.3.2-25.ent.ia64.rpm
21c6e481bcece62c684f5cc7dcddb8f9  php-odbc-4.3.2-25.ent.ia64.rpm
d1cad3dac8d7f922990853ff48478f97  php-pgsql-4.3.2-25.ent.ia64.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

ia64:
9a4dbeb30cc5405a7a48e1bc02f363ea  php-4.3.2-25.ent.ia64.rpm
853345e24ec67719dc509a8efac7fc1f  php-devel-4.3.2-25.ent.ia64.rpm
55611e3eb2ad4386eaf9f2aeefbae207  php-imap-4.3.2-25.ent.ia64.rpm
0b5e1dfb9ff9299cd0b9d27bfdba8c09  php-ldap-4.3.2-25.ent.ia64.rpm
f734685a65e4224edc92cc64ac5e995e  php-mysql-4.3.2-25.ent.ia64.rpm
21c6e481bcece62c684f5cc7dcddb8f9  php-odbc-4.3.2-25.ent.ia64.rpm
d1cad3dac8d7f922990853ff48478f97  php-pgsql-4.3.2-25.ent.ia64.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

ia64:
31fb5e5a7900f6d18f92c09f5b53af90  php-4.3.9-3.8.ia64.rpm
13f62dcaeb16dc91b4443c9d4e523b84  php-devel-4.3.9-3.8.ia64.rpm
6756575f3575d16a6f43a07be9909779  php-domxml-4.3.9-3.8.ia64.rpm
950bb064c3c71440f7f90c07ae84889e  php-gd-4.3.9-3.8.ia64.rpm
e720736aa9bbe451e325ed700b84a9a0  php-imap-4.3.9-3.8.ia64.rpm
dfb52afcdceddfeb9ae1e688add1eb8d  php-ldap-4.3.9-3.8.ia64.rpm
ea84d79e2c9f9b5f52238bf5b01fdaf3  php-mbstring-4.3.9-3.8.ia64.rpm
0df8783bc4adb9c3a74f59da40744d41  php-mysql-4.3.9-3.8.ia64.rpm
0a36c7e443e76c389814bb284fbf5ded  php-ncurses-4.3.9-3.8.ia64.rpm
181dda661bd4150366ec8fc5e1315b49  php-odbc-4.3.9-3.8.ia64.rpm
0020e01ff72c0c0f999f962d0bae513b  php-pear-4.3.9-3.8.ia64.rpm
b45d0b44eb5b343d3a4cd600b5754611  php-pgsql-4.3.9-3.8.ia64.rpm
d6d4ccc44ee12736ee65780ddaffdae5  php-snmp-4.3.9-3.8.ia64.rpm
b71a96ce00186e024fb0ead2a8f4e100  php-xmlrpc-4.3.9-3.8.ia64.rpm

ppc:
bd34db8f23114905bcc56376ce1fd0b7  php-4.3.9-3.8.ppc.rpm
fa58e7518f05706a98b35745c1d4b913  php-devel-4.3.9-3.8.ppc.rpm
48ce6b37b6ad12be24d4f84e9e67452b  php-domxml-4.3.9-3.8.ppc.rpm
5b066afed81a791aace7cdcbb6a90947  php-gd-4.3.9-3.8.ppc.rpm
fd84f47ef66dc4ff55464eae3df2efc4  php-imap-4.3.9-3.8.ppc.rpm
b48ca33c593124d6c8c59008041b79cb  php-ldap-4.3.9-3.8.ppc.rpm
82e4b5e99580c7d308b4ecea56df6738  php-mbstring-4.3.9-3.8.ppc.rpm
552a51dbe98d0f4ae22228ae1f13e19a  php-mysql-4.3.9-3.8.ppc.rpm
550ebfa0b4d3d9684d2523b50603f881  php-ncurses-4.3.9-3.8.ppc.rpm
1196dc21d9ee440787f679876ed440b2  php-odbc-4.3.9-3.8.ppc.rpm
ba14e117c2754801a06870022468d207  php-pear-4.3.9-3.8.ppc.rpm
2183466fbf6bc9fcf5b5e7725fc5cb5a  php-pgsql-4.3.9-3.8.ppc.rpm
dbab2c19b448606ac1ef87af64c8dd35  php-snmp-4.3.9-3.8.ppc.rpm
77dac822b135a91c931390e365a3a3c0  php-xmlrpc-4.3.9-3.8.ppc.rpm

s390:
d180410bf180e90c8a40be0fdc80ff29  php-4.3.9-3.8.s390.rpm
cfb3f3e2546aa13a9623a6012a08995e  php-devel-4.3.9-3.8.s390.rpm
71abbaefd50c44f73f0df6881fe69e5e  php-domxml-4.3.9-3.8.s390.rpm
37fc36bd054c106e5303873c326401ef  php-gd-4.3.9-3.8.s390.rpm
1c630c18aff48f8219c9e0f4f096df3c  php-imap-4.3.9-3.8.s390.rpm
1c8bf3ba6fce68d3983a0ac3565f6023  php-ldap-4.3.9-3.8.s390.rpm
cc5051676df9580ed8a861aad3c8c8d8  php-mbstring-4.3.9-3.8.s390.rpm
b7314f018786de79b4399646b54b5403  php-mysql-4.3.9-3.8.s390.rpm
387f8205ec3cb69519d5d4de63446c90  php-ncurses-4.3.9-3.8.s390.rpm
e0ac0c167353567c5cca3b036f343064  php-odbc-4.3.9-3.8.s390.rpm
90a71adefa907cb35419d4cf923868e0  php-pear-4.3.9-3.8.s390.rpm
d35ddfb3cd210c006f3d1df6d5d61c02  php-pgsql-4.3.9-3.8.s390.rpm
01757c42045de567d808402c7d8f737c  php-snmp-4.3.9-3.8.s390.rpm
c94551d25c1934782cdd7ed662ab1fea  php-xmlrpc-4.3.9-3.8.s390.rpm

s390x:
61f9ac19c4ba7716404b48de56373521  php-4.3.9-3.8.s390x.rpm
deb89d9fb54a82fb915ca021a54e2e68  php-devel-4.3.9-3.8.s390x.rpm
a28bbddd28f97d0da1580df4d374d447  php-domxml-4.3.9-3.8.s390x.rpm
fc4bc891dfb91e5082c4cbb0dda02314  php-gd-4.3.9-3.8.s390x.rpm
887c4678d7966f6035e90737fda4afd1  php-imap-4.3.9-3.8.s390x.rpm
003e92e07d789c19d902f8301b628178  php-ldap-4.3.9-3.8.s390x.rpm
fd0ee023262407e6e1cd629e74217e63  php-mbstring-4.3.9-3.8.s390x.rpm
9859ebd83766c0a6c7b1d9d6177c410a  php-mysql-4.3.9-3.8.s390x.rpm
bdcd50dafb2b4ca148072ee1695fd1bb  php-ncurses-4.3.9-3.8.s390x.rpm
fba112c1ea14563d92343c2f2bb86d14  php-odbc-4.3.9-3.8.s390x.rpm
c1279024b71f8bbaac74a3950447699d  php-pear-4.3.9-3.8.s390x.rpm
fc44cb66d82b6d8c81caa37eb2cb1ea5  php-pgsql-4.3.9-3.8.s390x.rpm
d5ed53874ff1be6a2d84d8cd1a14876a  php-snmp-4.3.9-3.8.s390x.rpm
25f1527864ffeee21dc3f665c5576f2e  php-xmlrpc-4.3.9-3.8.s390x.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

ia64:
31fb5e5a7900f6d18f92c09f5b53af90  php-4.3.9-3.8.ia64.rpm
13f62dcaeb16dc91b4443c9d4e523b84  php-devel-4.3.9-3.8.ia64.rpm
6756575f3575d16a6f43a07be9909779  php-domxml-4.3.9-3.8.ia64.rpm
950bb064c3c71440f7f90c07ae84889e  php-gd-4.3.9-3.8.ia64.rpm
e720736aa9bbe451e325ed700b84a9a0  php-imap-4.3.9-3.8.ia64.rpm
dfb52afcdceddfeb9ae1e688add1eb8d  php-ldap-4.3.9-3.8.ia64.rpm
ea84d79e2c9f9b5f52238bf5b01fdaf3  php-mbstring-4.3.9-3.8.ia64.rpm
0df8783bc4adb9c3a74f59da40744d41  php-mysql-4.3.9-3.8.ia64.rpm
0a36c7e443e76c389814bb284fbf5ded  php-ncurses-4.3.9-3.8.ia64.rpm
181dda661bd4150366ec8fc5e1315b49  php-odbc-4.3.9-3.8.ia64.rpm
0020e01ff72c0c0f999f962d0bae513b  php-pear-4.3.9-3.8.ia64.rpm
b45d0b44eb5b343d3a4cd600b5754611  php-pgsql-4.3.9-3.8.ia64.rpm
d6d4ccc44ee12736ee65780ddaffdae5  php-snmp-4.3.9-3.8.ia64.rpm
b71a96ce00186e024fb0ead2a8f4e100  php-xmlrpc-4.3.9-3.8.ia64.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

ia64:
31fb5e5a7900f6d18f92c09f5b53af90  php-4.3.9-3.8.ia64.rpm
13f62dcaeb16dc91b4443c9d4e523b84  php-devel-4.3.9-3.8.ia64.rpm
6756575f3575d16a6f43a07be9909779  php-domxml-4.3.9-3.8.ia64.rpm
950bb064c3c71440f7f90c07ae84889e  php-gd-4.3.9-3.8.ia64.rpm
e720736aa9bbe451e325ed700b84a9a0  php-imap-4.3.9-3.8.ia64.rpm
dfb52afcdceddfeb9ae1e688add1eb8d  php-ldap-4.3.9-3.8.ia64.rpm
ea84d79e2c9f9b5f52238bf5b01fdaf3  php-mbstring-4.3.9-3.8.ia64.rpm
0df8783bc4adb9c3a74f59da40744d41  php-mysql-4.3.9-3.8.ia64.rpm
0a36c7e443e76c389814bb284fbf5ded  php-ncurses-4.3.9-3.8.ia64.rpm
181dda661bd4150366ec8fc5e1315b49  php-odbc-4.3.9-3.8.ia64.rpm
0020e01ff72c0c0f999f962d0bae513b  php-pear-4.3.9-3.8.ia64.rpm
b45d0b44eb5b343d3a4cd600b5754611  php-pgsql-4.3.9-3.8.ia64.rpm
d6d4ccc44ee12736ee65780ddaffdae5  php-snmp-4.3.9-3.8.ia64.rpm
b71a96ce00186e024fb0ead2a8f4e100  php-xmlrpc-4.3.9-3.8.ia64.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDBhpuXlSAg2UNWIIRAht2AKCKNTyBleqPN0NCBkvfatjXQFCZKwCeO5eG
w3j1/7JddU7Xvn+7aTkVLjs=
=Uqxk
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQwnph4pao72zK539AQGZawP/WPABH6CS2ukiZw3laGg3TziMe9jCjeNm
hIy2ZYwSp4NjVqWGg4a+cAcA76tN3XuvtyGW/fuj2f70hrfdA4K65a+8D3NndLCH
KLqGKuDQjM+EsUvhs72jeyE6rzC0NrDjC3ppUxJ5ZgmsLzTrR+AdlC+Wy8mXLffk
Mup39gg+Guw=
=FF0H
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________