Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2005 > Multiple Red Hat Security Advisories

April 2005

Multiple Red Hat Security Advisories

ID: 00354
Ref: 327/2005
Date: 27 April 2005:15:47:40
Version: 1
Title: Multiple Red Hat Security Advisories
Abstract: Description of various vulnerabilities
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2005:293-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-293.html
Issue date: 2005-04-22
Updated on: 2005-04-22
Product: Red Hat Enterprise Linux
Keywords: taroon
Obsoletes: RHSA-2005:043
CVE Names: CAN-2004-0075 CAN-2004-0177 CAN-2004-0814 CAN-2004-1058
CAN-2004-1073 CAN-2005-0135 CAN-2005-0137 CAN-2005-0204 CAN-2005-0384
CAN-2005-0403 CAN-2005-0449 CAN-2005-0736 CAN-2005-0749 CAN-2005-0750
- - ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

The Linux kernel handles the basic functions of the operating system.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The following security issues were fixed:

The Vicam USB driver did not use the copy_from_user function to access
userspace, crossing security boundaries. (CAN-2004-0075)

The ext3 and jfs code did not properly initialize journal descriptor
blocks. A privileged local user could read portions of kernel memory.
(CAN-2004-0177)

The terminal layer did not properly lock line discipline changes or pending
IO. An unprivileged local user could read portions of kernel memory, or
cause a denial of service (system crash). (CAN-2004-0814)

A race condition was discovered. Local users could use this flaw to read
the environment variables of another process that is still spawning via
/proc/.../cmdline. (CAN-2004-1058)

A flaw in the execve() syscall handling was discovered, allowing a local
user to read setuid ELF binaries that should otherwise be protected by
standard permissions. (CAN-2004-1073). Red Hat originally reported this
as being fixed by RHSA-2004:549, but the associated fix was missing from
that update.

Keith Owens reported a flaw in the Itanium unw_unwind_to_user() function.
A local user could use this flaw to cause a denial of service (system
crash) on the Itanium architecture. (CAN-2005-0135)

A missing Itanium syscall table entry could allow an unprivileged
local user to cause a denial of service (system crash) on the Itanium
architecture. (CAN-2005-0137)

A flaw affecting the OUTS instruction on the AMD64 and Intel EM64T
architectures was discovered. A local user could use this flaw to
access privileged IO ports. (CAN-2005-0204)

A flaw was discovered in the Linux PPP driver. On systems allowing remote
users to connect to a server using ppp, a remote client could cause a
denial of service (system crash). (CAN-2005-0384)

A flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was
discovered that left a pointer to a freed tty structure. A local user
could potentially use this flaw to cause a denial of service (system crash)
or possibly gain read or write access to ttys that should normally be
prevented. (CAN-2005-0403)

A flaw in fragment queuing was discovered affecting the netfilter
subsystem. On systems configured to filter or process network packets (for
example those configured to do firewalling), a remote attacker could send a
carefully crafted set of fragmented packets to a machine and cause a denial
of service (system crash). In order to sucessfully exploit this flaw, the
attacker would need to know (or guess) some aspects of the firewall ruleset
in place on the target system to be able to craft the right fragmented
packets. (CAN-2005-0449)

Missing validation of an epoll_wait() system call parameter could allow
a local user to cause a denial of service (system crash) on the IBM S/390
and zSeries architectures. (CAN-2005-0736)

A flaw when freeing a pointer in load_elf_library was discovered. A local
user could potentially use this flaw to cause a denial of service (system
crash). (CAN-2005-0749)

A flaw was discovered in the bluetooth driver system. On system where the
bluetooth modules are loaded, a local user could use this flaw to gain
elevated (root) privileges. (CAN-2005-0750)

In addition to the security issues listed above, there was an important
fix made to the handling of the msync() system call for a particular case
in which the call could return without queuing modified mmap()'ed data for
file system update. (BZ 147969)

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to
the packages associated with their machine architectures/configurations

Please note that the fix for CAN-2005-0449 required changing the
external symbol linkages (kernel module ABI) for the ip_defrag()
and ip_ct_gather_frags() functions. Any third-party module using either
of these would also need to be fixed.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

121032 - CAN-2004-0177 ext3 infoleak
126407 - CAN-2004-0075 Vicam USB user/kernel copying
130774 - oops in drivers/char/tty_io.c:init_dev()
131674 - CAN-2004-0814 potential race condition in RHEL 2.1/3 tty layer
133108 - CAN-2004-0814 input/serio local DOS
133113 - CAN-2004-1058 /proc//cmdline information disclosure
144059 - CAN-2005-0403 panic in tty init_dev
144530 - random poolsize sysctl handler integer overflow
148855 - CAN-2005-0204 OUTS instruction does not cause SIGSEGV for all ports
150334 - Kernel panic: Code: Bad EIP value
151086 - kernel locks up tty/psuedo-tty access
151241 - CAN-2005-0384 pppd remote DoS
151805 - CAN-2005-0449 Possible remote Oops/firewall bypass
152178 - CAN-2005-0750 bluetooth security flaw
152411 - CAN-2005-0749 load_elf_library possible DoS
152552 - CAN-2004-1073 looks unfixed in RHEL3
155234 - CAN-2005-0137 ia64 syscall_table DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm

i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm

ia64:
9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm
fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm
b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm
0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm

ppc:
7741e86ffde8e3b811eaa10b88ff3719 kernel-2.4.21-27.0.4.EL.ppc64iseries.rpm
50ca9beed2cab6c982d7551b9a9da883 kernel-2.4.21-27.0.4.EL.ppc64pseries.rpm
eb5f512c6fe2bdb321dee28461c7ef0c kernel-doc-2.4.21-27.0.4.EL.ppc64.rpm
0e287838ad66535182c633332e183d36 kernel-source-2.4.21-27.0.4.EL.ppc64.rpm
47e6f0f318afb7c96817444606feb815 kernel-unsupported-2.4.21-27.0.4.EL.ppc64iseries.rpm
d43b29927d2bad0a1958f76993609d9b kernel-unsupported-2.4.21-27.0.4.EL.ppc64pseries.rpm

s390:
c9d699236207e0f1e66fd422a1a93096 kernel-2.4.21-27.0.4.EL.s390.rpm
e436e4e5457db03aae0cfc2993463352 kernel-doc-2.4.21-27.0.4.EL.s390.rpm
1e0d2dbfff8e909d634349d0ba8f4e7f kernel-source-2.4.21-27.0.4.EL.s390.rpm
211363ee1e02f3aa10f54fbecd8c1ba1 kernel-unsupported-2.4.21-27.0.4.EL.s390.rpm

s390x:
e3f5671361bfa5ffd86d7b3d90053fcb kernel-2.4.21-27.0.4.EL.s390x.rpm
af836330d8aa58c823e64028445cc307 kernel-doc-2.4.21-27.0.4.EL.s390x.rpm
c7ab3b59c9eae8dc861162a7b57ce8cb kernel-source-2.4.21-27.0.4.EL.s390x.rpm
5950fb528167eba2d3eed49f3a7f5aef kernel-unsupported-2.4.21-27.0.4.EL.s390x.rpm

x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm

i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm

x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm

i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm

ia64:
9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm
fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm
b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm
0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm

x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm
9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm

i386:
9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm
d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm
9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm
325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm
27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm
2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm
752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm
9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm
a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm
da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm
a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm
736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm
2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm

ia64:
9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm
fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm
b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm
0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm

x86_64:
e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm
c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm
c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm
85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm
54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm
546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm
a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCaVylXlSAg2UNWIIRAtf1AKCBrAL8uJcSporWKi1HlY3svx660wCdElAx
KnT/L+YYjAnSQjqOuTkrwMM=
=FHMg
- -----END PGP SIGNATURE-----

*************************************************************************

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: openoffice.org security update
Advisory ID: RHSA-2005:375-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-375.html
Issue date: 2005-04-25
Updated on: 2005-04-25
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0941
- - ---------------------------------------------------------------------

1. Summary:

Updated openoffice.org packages are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Problem description:

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

A heap based buffer overflow bug was found in the OpenOffice.org DOC file
processor. An attacker could create a carefully crafted DOC file in such a
way that it could cause OpenOffice.org to execute arbitrary code when the
file was opened by a victim. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue.

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported fixes for these issues.

3. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

4. Bug IDs fixed (http://bugzilla.redhat.com/):

154540 - CAN-2005-0941 openoffice.org heap overflow

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

ppc:
9f9b16a868bac28eea5ae035a41da178 openoffice.org-1.1.2-24.6.0.EL4.ppc.rpm
0bb909a3756f7256d5016cb4e8135906 openoffice.org-i18n-1.1.2-24.6.0.EL4.ppc.rpm
92b028f02db5c193274486119c9ec763 openoffice.org-kde-1.1.2-24.6.0.EL4.ppc.rpm
02e37584c158d993c83d72dfbdc4f265 openoffice.org-libs-1.1.2-24.6.0.EL4.ppc.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://www.openoffice.org/issues/show_bug.cgi?id=46388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941

7. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCbiyRXlSAg2UNWIIRAhCrAJ98oomDbYJuLBFTCnB/Z+gjLGvk6ACfeyUU
mJVsB6vFuMJXtO0vMlGDZVM=
=whpf
- -----END PGP SIGNATURE-----

*************************************************************************

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: sharutils security update
Advisory ID: RHSA-2005:377-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-377.html
Issue date: 2005-04-26
Updated on: 2005-04-26
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1772 CAN-2004-1773 CAN-2005-0990
- - ---------------------------------------------------------------------

1. Summary:

An updated sharutils package is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Problem description:

The sharutils package contains a set of tools for encoding and decoding
packages of files in binary or text format.

A stack based overflow bug was found in the way shar handles the -o option.
If a user can be tricked into running a specially crafted command, it could
lead to arbitrary code execution. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1772 to this issue.
Please note that this issue does not affect Red Hat Enterprise Linux 4.

Two buffer overflow bugs were found in sharutils. If an attacker can place
a malicious 'wc' command on a victim's machine, or trick a victim into
running a specially crafted command, it could lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1773 to this issue.

A bug was found in the way unshar creates temporary files. A local user
could use symlinks to overwrite arbitrary files the victim running unshar
has write access to. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0990 to this issue.

All users of sharutils should upgrade to this updated package, which
includes backported fixes to correct these issues.

3. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

4. Bug IDs fixed (http://bugzilla.redhat.com/):

152571 - CAN-2004-1772 buffer overflow with -o option
152573 - CAN-2004-1773 Buffer overflows in unshar
154049 - CAN-2005-0990 insecure temp file usage

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm
4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm

i386:
a11c9f7ce6ec7e339554f88dd586ca53 sharutils-4.2.1-8.9.x.i386.rpm

ia64:
c80d5a08b52b452b2c11cb7b0dffc59b sharutils-4.2.1-8.9.x.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm
4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm

ia64:
c80d5a08b52b452b2c11cb7b0dffc59b sharutils-4.2.1-8.9.x.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm
4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm

i386:
a11c9f7ce6ec7e339554f88dd586ca53 sharutils-4.2.1-8.9.x.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm
4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm

i386:
a11c9f7ce6ec7e339554f88dd586ca53 sharutils-4.2.1-8.9.x.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm
06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm

i386:
3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm

ia64:
caa4872797cbb61cbb3d86c9bc6b9c17 sharutils-4.2.1-16.2.ia64.rpm

ppc:
cf2564b18459cea9958c373396894ecc sharutils-4.2.1-16.2.ppc.rpm

s390:
ee6bb67d0ea5d5d79539437f78f1128f sharutils-4.2.1-16.2.s390.rpm

s390x:
89114c0f739d46695fa787f3227a960c sharutils-4.2.1-16.2.s390x.rpm

x86_64:
337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm
06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm

i386:
3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm

x86_64:
337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm
06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm

i386:
3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm

ia64:
caa4872797cbb61cbb3d86c9bc6b9c17 sharutils-4.2.1-16.2.ia64.rpm

x86_64:
337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm
06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm

i386:
3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm

ia64:
caa4872797cbb61cbb3d86c9bc6b9c17 sharutils-4.2.1-16.2.ia64.rpm

x86_64:
337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm
fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm

i386:
5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm

ia64:
14609e1cd1f1d403ad562a27ff7090d0 sharutils-4.2.1-22.2.ia64.rpm

ppc:
83ae1ab7519ccd7905256da2319e006e sharutils-4.2.1-22.2.ppc.rpm

s390:
f81531770bdd340cf5bd39ebed7c211b sharutils-4.2.1-22.2.s390.rpm

s390x:
c68d22a3a01ad42d71b7d34b35a49896 sharutils-4.2.1-22.2.s390x.rpm

x86_64:
96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm
fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm

i386:
5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm

x86_64:
96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm
fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm

i386:
5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm

ia64:
14609e1cd1f1d403ad562a27ff7090d0 sharutils-4.2.1-22.2.ia64.rpm

x86_64:
96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm
fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm

i386:
5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm

ia64:
14609e1cd1f1d403ad562a27ff7090d0 sharutils-4.2.1-22.2.ia64.rpm

x86_64:
96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0990

7. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCbm0aXlSAg2UNWIIRAhVWAJ9xTC4f40bMYVQdZvmlGrMnyhmk8ACgkYMK
ASGHNlSYMJTLroyU0wJnWTs=
=DIk3
- -----END PGP SIGNATURE-----

*********************************************************************************

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: Mozilla security update
Advisory ID: RHSA-2005:386-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-386.html
Issue date: 2005-04-26
Updated on: 2005-04-26
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155
CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160
- - ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix various security bugs are now available.

This update has been rated as having Important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

Vladimir V. Perepelitsa discovered a bug in the way Mozilla handles
anonymous functions during regular expression string replacement. It is
possible for a malicious web page to capture a random block of browser
memory. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0989 to this issue.

Doron Rosenberg discovered a bug in the way Mozilla displays pop-up
windows. If a user choses to open a pop-up window whose URL is malicious
javascript, the script will be executed with elevated privileges.
(CAN-2005-1153)

A bug was found in the way Mozilla handles the javascript global scope for
a window. It is possible for a malicious web page to define a global
variable known to be used by a different site, allowing malicious code to
be executed in the context of the site. (CAN-2005-1154)

Michael Krax discovered a bug in the way Mozilla handles favicon links. A
malicious web page can programatically define a favicon link tag as
javascript, executing arbitrary javascript with elevated privileges.
(CAN-2005-1155)

Michael Krax discovered a bug in the way Mozilla installed search plugins.
If a user chooses to install a search plugin from a malicious site, the new
plugin could silently overwrite an existing plugin. This could allow the
malicious plugin to execute arbitrary code and stealm sensitive
information. (CAN-2005-1156 CAN-2005-1157)

A bug was found in the way Mozilla validated several XPInstall related
javascript objects. A malicious web page could pass other objects to the
XPInstall objects, resulting in the javascript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)

A bug was found in the way the Mozilla privileged UI code handled DOM nodes
from the content window. A malicious web page could install malicious
javascript code or steal data requiring a user to do commonplace actions
such as clicking a link or opening the context menu. (CAN-2005-1160)

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.7 to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155116 - CAN-2005-0989 Multiple Mozilla issues.

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

ia64:
879ace0b626043b40c64ee432b65a1ce mozilla-1.7.7-1.4.2.ia64.rpm
b107181b1344950ca7f8eeec3f7413f0 mozilla-chat-1.7.7-1.4.2.ia64.rpm
6d5ee8986f6708e0970c1f2999b115dd mozilla-devel-1.7.7-1.4.2.ia64.rpm
f36c2fd2e09c764826985e19800f2faa mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm
c572e94851b5d7967c87a95f36f28121 mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm
c716f1cd119f40feeb65824b23457a41 mozilla-mail-1.7.7-1.4.2.ia64.rpm
7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-1.7.7-1.4.2.ia64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
8522dad1e43a45e01f58842144054acf mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm
3556a68874546cbb0d301b2e35e9e408 mozilla-nss-1.7.7-1.4.2.ia64.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
315657d672cfe76deff0c273f90fad7b mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm

ppc:
83febc0de6be95993a8f2a20a4da766d devhelp-0.9.2-2.4.4.ppc.rpm
4fae1686f825c45f850844ba3eedc436 devhelp-devel-0.9.2-2.4.4.ppc.rpm
185ad4618a37c6f0a28fedc1a3fd4fca mozilla-1.7.7-1.4.2.ppc.rpm
cbd01988ddf10d1b64489c0f9438bc9e mozilla-chat-1.7.7-1.4.2.ppc.rpm
0df3012f2b054c8e28a58869e200f42b mozilla-devel-1.7.7-1.4.2.ppc.rpm
b36deec224434efaec23cdede98cf033 mozilla-dom-inspector-1.7.7-1.4.2.ppc.rpm
bfd3115b95377cbe9265de5ba4e9b2f0 mozilla-js-debugger-1.7.7-1.4.2.ppc.rpm
f38f0f839c37ca4e1504c2ffcbc89e7c mozilla-mail-1.7.7-1.4.2.ppc.rpm
6ca3295a379b74ffd0cecbefa2305ac7 mozilla-nspr-1.7.7-1.4.2.ppc.rpm
6655969d489d6e945e37509bf990d36a mozilla-nspr-devel-1.7.7-1.4.2.ppc.rpm
98408d351610f164e25caeb67d6ea397 mozilla-nss-1.7.7-1.4.2.ppc.rpm
3eed1ab3067cb0c442ac693659f1d453 mozilla-nss-devel-1.7.7-1.4.2.ppc.rpm

s390:
176568f100bb9fd5cccea8e531da7554 mozilla-1.7.7-1.4.2.s390.rpm
af346c0b75489ccd4ae14fafabcae21c mozilla-chat-1.7.7-1.4.2.s390.rpm
a2b756a77abfee23e33d13bc283b44c8 mozilla-devel-1.7.7-1.4.2.s390.rpm
da4dcb638c31eac7088d7d2c2050927d mozilla-dom-inspector-1.7.7-1.4.2.s390.rpm
133de3cb57ee5c5c1fa55efee2925a34 mozilla-js-debugger-1.7.7-1.4.2.s390.rpm
1a020cfc73ae380071df2a9489532185 mozilla-mail-1.7.7-1.4.2.s390.rpm
6204280717c19ff5b3c7f5ca10c9530d mozilla-nspr-1.7.7-1.4.2.s390.rpm
8bf028b245724a87538c367b7e585476 mozilla-nspr-devel-1.7.7-1.4.2.s390.rpm
8d7d5b3041e258dde55f47052353b805 mozilla-nss-1.7.7-1.4.2.s390.rpm
64391fb75ee314525943abf91984aa8d mozilla-nss-devel-1.7.7-1.4.2.s390.rpm

s390x:
ca922a863e155f505f71468df8bae910 mozilla-1.7.7-1.4.2.s390x.rpm
f1c78c914b025d809a832d54e7988eb5 mozilla-chat-1.7.7-1.4.2.s390x.rpm
736841a23e0f81798b8a9c76c19319a9 mozilla-devel-1.7.7-1.4.2.s390x.rpm
d05d9931e6c014cc816d888d438ec33b mozilla-dom-inspector-1.7.7-1.4.2.s390x.rpm
1b38c56b25dce8bbd88811f207ea70ce mozilla-js-debugger-1.7.7-1.4.2.s390x.rpm
b06b66e2e36f0eb34d978876def9a092 mozilla-mail-1.7.7-1.4.2.s390x.rpm
7a5be88ee8f5a823e031e9a1971f48a5 mozilla-nspr-1.7.7-1.4.2.s390x.rpm
6204280717c19ff5b3c7f5ca10c9530d mozilla-nspr-1.7.7-1.4.2.s390.rpm
bd32d6207ab69057e492967040f975b2 mozilla-nspr-devel-1.7.7-1.4.2.s390x.rpm
cf19c4913c6037df61cdfef5f5e7adef mozilla-nss-1.7.7-1.4.2.s390x.rpm
8d7d5b3041e258dde55f47052353b805 mozilla-nss-1.7.7-1.4.2.s390.rpm
6c88346250dc1e8c6efa19c827178bb3 mozilla-nss-devel-1.7.7-1.4.2.s390x.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

ia64:
879ace0b626043b40c64ee432b65a1ce mozilla-1.7.7-1.4.2.ia64.rpm
b107181b1344950ca7f8eeec3f7413f0 mozilla-chat-1.7.7-1.4.2.ia64.rpm
6d5ee8986f6708e0970c1f2999b115dd mozilla-devel-1.7.7-1.4.2.ia64.rpm
f36c2fd2e09c764826985e19800f2faa mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm
c572e94851b5d7967c87a95f36f28121 mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm
c716f1cd119f40feeb65824b23457a41 mozilla-mail-1.7.7-1.4.2.ia64.rpm
7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-1.7.7-1.4.2.ia64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
8522dad1e43a45e01f58842144054acf mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm
3556a68874546cbb0d301b2e35e9e408 mozilla-nss-1.7.7-1.4.2.ia64.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
315657d672cfe76deff0c273f90fad7b mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm
81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm
9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm

i386:
b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm
46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm
eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm
d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm
f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm
b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm
4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm
fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm

ia64:
879ace0b626043b40c64ee432b65a1ce mozilla-1.7.7-1.4.2.ia64.rpm
b107181b1344950ca7f8eeec3f7413f0 mozilla-chat-1.7.7-1.4.2.ia64.rpm
6d5ee8986f6708e0970c1f2999b115dd mozilla-devel-1.7.7-1.4.2.ia64.rpm
f36c2fd2e09c764826985e19800f2faa mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm
c572e94851b5d7967c87a95f36f28121 mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm
c716f1cd119f40feeb65824b23457a41 mozilla-mail-1.7.7-1.4.2.ia64.rpm
7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-1.7.7-1.4.2.ia64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
8522dad1e43a45e01f58842144054acf mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm
3556a68874546cbb0d301b2e35e9e408 mozilla-nss-1.7.7-1.4.2.ia64.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
315657d672cfe76deff0c273f90fad7b mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm

x86_64:
0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm
047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm
d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm
cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm
269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm
2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm
7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm
67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm
62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm
01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm
e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm
ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm
fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm
3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCbm0/XlSAg2UNWIIRAmtDAJ0fLb9Q+JnUCqWz+WlJUphCSyIsEQCdHP+T
kJDRXj1VvFYaZlqQBBzNjQI=
=GVid
- -----END PGP SIGNATURE-----

********************************************************************************

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: cvs security update
Advisory ID: RHSA-2005:387-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-387.html
Issue date: 2005-04-25
Updated on: 2005-04-25
Product: Red Hat Enterprise Linux
Keywords: cvs buffer overflow
CVE Names: CAN-2005-0753
- - ---------------------------------------------------------------------

1. Summary:

An updated cvs package that fixes security bugs is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

CVS (Concurrent Version System) is a version control system.

A buffer overflow bug was found in the way the CVS client processes version
and author information. If a user can be tricked into connecting to a
malicious CVS server, an attacker could execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0753 to this issue.

Additionally, a bug was found in which CVS freed an invalid pointer.
However, this issue does not appear to be exploitable.

All users of cvs should upgrade to this updated package, which includes a
backported patch to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155029 - CAN-2005-0753 multiple issues in cvs

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm
6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm

i386:
6f4b84ce418a777eb6644f6ad4d76616 cvs-1.11.1p1-18.i386.rpm

ia64:
ca0194a275975e9a576e5c643974941d cvs-1.11.1p1-18.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm
6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm

ia64:
ca0194a275975e9a576e5c643974941d cvs-1.11.1p1-18.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm
6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm

i386:
6f4b84ce418a777eb6644f6ad4d76616 cvs-1.11.1p1-18.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm
6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm

i386:
6f4b84ce418a777eb6644f6ad4d76616 cvs-1.11.1p1-18.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cvs-1.11.2-27.src.rpm
3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm

i386:
5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm

ia64:
bb679e26359e12c711f31cb05446b798 cvs-1.11.2-27.ia64.rpm

ppc:
3bc90cad047c47fa5d53f54f694fd166 cvs-1.11.2-27.ppc.rpm

s390:
5f223edfd769dcd3a3c0867304652c16 cvs-1.11.2-27.s390.rpm

s390x:
66cf36f6e41c39b05304fbc188294df5 cvs-1.11.2-27.s390x.rpm

x86_64:
ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cvs-1.11.2-27.src.rpm
3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm

i386:
5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm

x86_64:
ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cvs-1.11.2-27.src.rpm
3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm

i386:
5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm

ia64:
bb679e26359e12c711f31cb05446b798 cvs-1.11.2-27.ia64.rpm

x86_64:
ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cvs-1.11.2-27.src.rpm
3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm

i386:
5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm

ia64:
bb679e26359e12c711f31cb05446b798 cvs-1.11.2-27.ia64.rpm

x86_64:
ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm
0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm

i386:
a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm

ia64:
a556e359ecca71df7211becc5189a06f cvs-1.11.17-7.RHEL4.ia64.rpm

ppc:
9cdf66a2735a32470680a55c36b4c464 cvs-1.11.17-7.RHEL4.ppc.rpm

s390:
569a6322133afdcb7242c18ed17244b3 cvs-1.11.17-7.RHEL4.s390.rpm

s390x:
c15b1c06582ff0986208955eb8dcfad7 cvs-1.11.17-7.RHEL4.s390x.rpm

x86_64:
c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm
0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm

i386:
a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm

x86_64:
c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm
0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm

i386:
a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm

ia64:
a556e359ecca71df7211becc5189a06f cvs-1.11.17-7.RHEL4.ia64.rpm

x86_64:
c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm
0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm

i386:
a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm

ia64:
a556e359ecca71df7211becc5189a06f cvs-1.11.17-7.RHEL4.ia64.rpm

x86_64:
c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCbiydXlSAg2UNWIIRAlIrAJ96EGABEUCc1sKJGjufLHw5M8p/nACeMobM
qKkypLZPUOJW7y0C3L+azxg=
=5Bkc
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |