May 2005
Eight Fedora Legacy Update Advisories
ID: 00409
Ref: 378a/2005
Date: 13 May 2005:15:24:19
Version: 1
Title: Eight Fedora Legacy Update Advisories
Abstract:
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora
Title
=====
Eight Fedora Legacy Update Advisories:
1. FLSA:152763 - Updated qt packages fixes security issues
2. FLSA:152768 - Updated ruby package fixes security issues
3. FLSA:152804 - Updated openmotif packages fix image vulnerability
4. FLSA:152856 - Updated sudo packages fix security issue
5. FLSA:152871 - Updated nfs-utils package fixes security issue
6. FLSA:152912 - Updated imap packages fix security issues
7. FLSA:154988 - Updated openoffice.org packages fix security issues
8. FLSA:155508 - Updated cvs package fixes security issues
Detail
======
1. During a security audit, Chris Evans discovered a heap overflow in the
BMP image decoder in Qt versions prior to 3.3.3. An attacker could
create a carefully crafted BMP file in such a way that it would cause an
application linked with Qt to crash or possibly execute arbitrary code
when the file was opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to
this issue.
2. A flaw was discovered in the CGI module of Ruby. If empty data is sent
by the POST method to the CGI script which requires MIME type
multipart/form-data, it can get stuck in a loop. A remote attacker could
trigger this flaw and cause a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0983 to this issue.
3. During a source code audit, Chris Evans and others discovered several
stack overflow flaws and an integer overflow flaw in the libXpm library
used to decode XPM (X PixMap) images. A vulnerable version of this
library was found within OpenMotif. An attacker could create a carefully
crafted XPM file which would cause an application to crash or
potentially execute arbitrary code if opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues.
4. A flaw in exists in sudo's environment sanitizing prior to sudo version
1.6.8p2 that could allow a malicious user with permission to run a shell
script that utilized the bash shell to run arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1051 to this issue.
5. SGI reported that the statd daemon did not properly handle the SIGPIPE
signal. A misconfigured or malicious peer could cause statd to crash,
leading to a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1014 to this
issue.
6. A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0297
to this issue.
7. Secunia Research reported an issue with the handling of temporary
files. A malicious local user could use this flaw to access the contents
of another user's open documents. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to
this issue.
8. A buffer overflow bug was found in the way the CVS client processes version
and author information. If a user can be tricked into connecting to a
malicious CVS server, an attacker could execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0753 to this issue.
1.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated qt packages fixes security issues
Advisory ID: FLSA:152763
Issue date: 2005-05-12
Product: Red Hat Linux
Keywords: Bugfix
CVE Names: CAN-2004-0691 CAN-2004-0692 CAN-2004-0693
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated qt packages that fix security issues in several of the image
decoders are now available.
Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
3. Problem description:
During a security audit, Chris Evans discovered a heap overflow in the
BMP image decoder in Qt versions prior to 3.3.3. An attacker could
create a carefully crafted BMP file in such a way that it would cause an
application linked with Qt to crash or possibly execute arbitrary code
when the file was opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0691 to
this issue.
Additionally, various flaws were discovered in the GIF, XPM, and JPEG
decoders in Qt versions prior to 3.3.3. An attacker could create
carefully crafted image files in such a way that it could cause an
application linked against Qt to crash when the file was opened by a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues.
Users of Qt should update to these updated packages which contain
backported patches and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152763
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/qt2-2.3.1-4.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/qt-3.0.5-7.16.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-2.3.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-designer-2.3.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-devel-2.3.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-static-2.3.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt2-Xt-2.3.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-3.0.5-7.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-designer-3.0.5-7.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-devel-3.0.5-7.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-MySQL-3.0.5-7.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-ODBC-3.0.5-7.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-PostgreSQL-3.0.5-7.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-static-3.0.5-7.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/qt-Xt-3.0.5-7.16.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/qt2-2.3.1-14.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/qt-3.1.1-8.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-2.3.1-14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-designer-2.3.1-14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-devel-2.3.1-14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-static-2.3.1-14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt2-Xt-2.3.1-14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt-3.1.1-8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt-designer-3.1.1-8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt-devel-3.1.1-8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt-MySQL-3.1.1-8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt-ODBC-3.1.1-8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt-PostgreSQL-3.1.1-8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/qt-Xt-3.1.1-8.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
31dd5bcfd8477e31b15e0cdc52830a23024ada53
redhat/7.3/updates/i386/qt2-2.3.1-4.legacy.i386.rpm
666926b1e02da9edcf44d025fee98326c86cd62d
redhat/7.3/updates/i386/qt2-designer-2.3.1-4.legacy.i386.rpm
f8abe3a856df3b6f6328e3a097b47d0e5f2c270e
redhat/7.3/updates/i386/qt2-devel-2.3.1-4.legacy.i386.rpm
7916b1d34f01c8f30d0f99485e2a2d3882fa85fd
redhat/7.3/updates/i386/qt2-static-2.3.1-4.legacy.i386.rpm
9c9876dc717734169f27e0eaa4daeb2ab70ff61f
redhat/7.3/updates/i386/qt2-Xt-2.3.1-4.legacy.i386.rpm
45de88207a2ed8fcc9f6b9e25e38b7ecd2c3c543
redhat/7.3/updates/i386/qt-3.0.5-7.16.legacy.i386.rpm
f93cc80d6ef57b73c6be11cd055e5f7158b102fa
redhat/7.3/updates/i386/qt-designer-3.0.5-7.16.legacy.i386.rpm
b8301c059ecb90c497812f082e226cb504505ff2
redhat/7.3/updates/i386/qt-devel-3.0.5-7.16.legacy.i386.rpm
d2168c04a5ad203d85b61217351f702a93b937e2
redhat/7.3/updates/i386/qt-MySQL-3.0.5-7.16.legacy.i386.rpm
0ec08637df7a76b3512ecebc8705776770b797eb
redhat/7.3/updates/i386/qt-ODBC-3.0.5-7.16.legacy.i386.rpm
3374709a77752ffb1db8f4f4e82e67af58745007
redhat/7.3/updates/i386/qt-PostgreSQL-3.0.5-7.16.legacy.i386.rpm
f717c6632e65f2f18d99a76d19716e4c1f39445e
redhat/7.3/updates/i386/qt-static-3.0.5-7.16.legacy.i386.rpm
a90a2ae47135a28830fb099dd9acdcfd1f83e199
redhat/7.3/updates/i386/qt-Xt-3.0.5-7.16.legacy.i386.rpm
c9c98eff73d7fe6147ffa72baba764cdbfdd0d93
redhat/7.3/updates/SRPMS/qt2-2.3.1-4.legacy.src.rpm
884033926f37ed56e60a750a9ad394436f8b9b4a
redhat/7.3/updates/SRPMS/qt-3.0.5-7.16.legacy.src.rpm
db6801606256ca8a27eb53737981194e0a1ea01c
redhat/9/updates/i386/qt2-2.3.1-14.legacy.i386.rpm
7f1718735932279b4a8a7ff480cda6186f4e0b52
redhat/9/updates/i386/qt2-designer-2.3.1-14.legacy.i386.rpm
39fec48edde4bec460fba6781c19551a2454d52e
redhat/9/updates/i386/qt2-devel-2.3.1-14.legacy.i386.rpm
4aeee3f5f2db49275838920f4980b24f074aa1dc
redhat/9/updates/i386/qt2-static-2.3.1-14.legacy.i386.rpm
a8c42841b7d5184f4668890bd04aa68c62fc23cb
redhat/9/updates/i386/qt2-Xt-2.3.1-14.legacy.i386.rpm
18f51017809f1a78289b3b1756c6944ef0c1ca71
redhat/9/updates/i386/qt-3.1.1-8.legacy.i386.rpm
c275220a14e1d3f67494eda9674b112dd1925aa7
redhat/9/updates/i386/qt-designer-3.1.1-8.legacy.i386.rpm
4c90b5e9ffdc7c572c0cf4474cda40c46f07c5c0
redhat/9/updates/i386/qt-devel-3.1.1-8.legacy.i386.rpm
bb50a60d29c5b97a5033839f900781c1d7fa6af6
redhat/9/updates/i386/qt-MySQL-3.1.1-8.legacy.i386.rpm
7f79b8bcad7a045614ac3f6cd34af6c2ee365cce
redhat/9/updates/i386/qt-ODBC-3.1.1-8.legacy.i386.rpm
2fa4db773641f4f0d67fddd2479a6d992e847825
redhat/9/updates/i386/qt-PostgreSQL-3.1.1-8.legacy.i386.rpm
9537f1669fce9e3a9d9836e892e850315b7ecf39
redhat/9/updates/i386/qt-Xt-3.1.1-8.legacy.i386.rpm
a3ad6d0143139b7fa537cdcf7c121ce120d0bd92
redhat/9/updates/SRPMS/qt2-2.3.1-14.legacy.src.rpm
a5bd53a0a7be64720c4a70510344a5bd5ae5c64b
redhat/9/updates/SRPMS/qt-3.1.1-8.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
2.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated ruby package fixes security issues
Advisory ID: FLSA:152768
Issue date: 2005-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0755 CAN-2004-0983
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
An updated ruby package that fixes security issues is now available.
Ruby is an interpreted scripting language for object-oriented
programming.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
A flaw was discovered in the CGI module of Ruby. If empty data is sent
by the POST method to the CGI script which requires MIME type
multipart/form-data, it can get stuck in a loop. A remote attacker could
trigger this flaw and cause a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0983 to this issue.
Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0755 to this issue.
Users are advised to upgrade to this erratum package, which contains
backported patches fixing these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152768
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ruby-1.6.7-5.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/irb-1.6.7-5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-1.6.7-5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-devel-1.6.7-5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-docs-1.6.7-5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-libs-1.6.7-5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-1.6.7-5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/irb-1.6.8-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-1.6.8-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/ruby-1.8.0-5.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/irb-1.8.0-5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-1.8.0-5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-devel-1.8.0-5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-docs-1.8.0-5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-libs-1.8.0-5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-mode-1.8.0-5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
20229f10316a40bf968cfd79e54326d9853d62fa
redhat/7.3/updates/i386/irb-1.6.7-5.legacy.i386.rpm
9221938904eb3752f6f662793590d0fd485717a3
redhat/7.3/updates/i386/ruby-1.6.7-5.legacy.i386.rpm
e75c9fb30e5cc1ce70cc626269ee694bdc4ea192
redhat/7.3/updates/i386/ruby-devel-1.6.7-5.legacy.i386.rpm
2f0efc45d8fc54bc2dd1be177c104e09f0869e5a
redhat/7.3/updates/i386/ruby-docs-1.6.7-5.legacy.i386.rpm
f57720143f0c3cc0414f35bac468d2a43a4f4ba5
redhat/7.3/updates/i386/ruby-libs-1.6.7-5.legacy.i386.rpm
c54372b3e92143c6a485a1eaec28e88084feda1c
redhat/7.3/updates/i386/ruby-mode-1.6.7-5.legacy.i386.rpm
074cef5949a3d172808a482a8ce0854c2f57dae9
redhat/7.3/updates/i386/ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm
268350eb562c748eff321f7a60d4e8b2b35a75b4
redhat/7.3/updates/i386/ruby-tcltk-1.6.7-5.legacy.i386.rpm
27418dc877d16766d22fc1906ce15b9937d2d631
redhat/7.3/updates/SRPMS/ruby-1.6.7-5.legacy.src.rpm
2bdad0706f49449491a7e48158d8d2e5796fc043
redhat/9/updates/i386/irb-1.6.8-6.2.legacy.i386.rpm
3ff73cc2715e1e05b89c793a990d632a6e2d5ebc
redhat/9/updates/i386/ruby-1.6.8-6.2.legacy.i386.rpm
4d9d86ee0b1393cd4d081404fb8905d0b58af1ec
redhat/9/updates/i386/ruby-devel-1.6.8-6.2.legacy.i386.rpm
f8c4d14d8bbc90e974824eb355f7031d6d988fbb
redhat/9/updates/i386/ruby-docs-1.6.8-6.2.legacy.i386.rpm
679649deebf9ffcfbeadadf0797aa4becf19e61e
redhat/9/updates/i386/ruby-libs-1.6.8-6.2.legacy.i386.rpm
dda4147c16cbbb684a96e41393d2d2e9d162718d
redhat/9/updates/i386/ruby-mode-1.6.8-6.2.legacy.i386.rpm
6146235cd606bbcccf6b5a0cfe3548aeccf06fa8
redhat/9/updates/i386/ruby-tcltk-1.6.8-6.2.legacy.i386.rpm
42a4bbd8fb1938e18fd74bb6681f161bdf563048
redhat/9/updates/SRPMS/ruby-1.6.8-6.2.legacy.src.rpm
04c2365f7f3e81d6301cea8202b6da93049d8830
fedora/1/updates/i386/irb-1.8.0-5.legacy.i386.rpm
f316e376df3ec8ef4d36492f1059fc830116579a
fedora/1/updates/i386/ruby-1.8.0-5.legacy.i386.rpm
99152c9afef3260c395d98918f6dce80cdde6b33
fedora/1/updates/i386/ruby-devel-1.8.0-5.legacy.i386.rpm
db7227360fff6dd7bfa038732267296867bfc100
fedora/1/updates/i386/ruby-docs-1.8.0-5.legacy.i386.rpm
a1cdd38cd7899553856b474ab8a83430be7c0416
fedora/1/updates/i386/ruby-libs-1.8.0-5.legacy.i386.rpm
ee5fb8899a19891ad523a0eedaa2b91ce9e99bd4
fedora/1/updates/i386/ruby-mode-1.8.0-5.legacy.i386.rpm
b04a2aab214b5acdcc244efd13953dca51255d64
fedora/1/updates/i386/ruby-tcltk-1.8.0-5.legacy.i386.rpm
e0776a0929040910b9059993a26ada0008f641c6
fedora/1/updates/SRPMS/ruby-1.8.0-5.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0983
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
3.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated openmotif packages fix image vulnerability
Advisory ID: FLSA:152804
Issue date: 2005-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0687 CAN-2004-0688 CAN-2004-0914
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated openmotif packages that fix flaws in the Xpm image library are
now available.
OpenMotif provides libraries which implement the Motif industry standard
graphical user interface.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
During a source code audit, Chris Evans and others discovered several
stack overflow flaws and an integer overflow flaw in the libXpm library
used to decode XPM (X PixMap) images. A vulnerable version of this
library was found within OpenMotif. An attacker could create a carefully
crafted XPM file which would cause an application to crash or
potentially execute arbitrary code if opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues.
Users of OpenMotif are advised to upgrade to these erratum packages,
which contain backported security patches to the embedded libXpm
library.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152804
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openmotif21-2.1.30-1.2.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openmotif-2.2.2-5.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openmotif21-2.1.30-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openmotif-2.2.2-5.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openmotif-devel-2.2.2-5.2.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif21-2.1.30-8.0.9.2.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif-2.2.2-14.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif21-2.1.30-8.0.9.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-2.2.2-14.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-devel-2.2.2-14.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif21-2.1.30-8.2.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openmotif-2.2.2-16.1.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif21-2.1.30-8.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-2.2.2-16.1.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openmotif-devel-2.2.2-16.1.2.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
fdb330d0eb404befeab472a98001c7a3e9a3a285
redhat/7.3/updates/i386/openmotif21-2.1.30-1.2.legacy.i386.rpm
069006be17df36fb8bdd4f3144922f2a82b3f255
redhat/7.3/updates/i386/openmotif-2.2.2-5.2.legacy.i386.rpm
a687cebff8a3bd4083953a127acc4c5aa47abd56
redhat/7.3/updates/i386/openmotif-devel-2.2.2-5.2.legacy.i386.rpm
015a88a9538a818261d0841a56d77be8135d80a9
redhat/7.3/updates/SRPMS/openmotif21-2.1.30-1.2.legacy.src.rpm
b21a945dc27b5a485f31acf2f9c30deb2fc4eddd
redhat/7.3/updates/SRPMS/openmotif-2.2.2-5.2.legacy.src.rpm
e215ee7469ba2087b03d92754703089fea7d3daf
redhat/9/updates/i386/openmotif21-2.1.30-8.0.9.2.legacy.i386.rpm
685a0ac8194730e6ccd4f56ae375052beca011b8
redhat/9/updates/i386/openmotif-2.2.2-14.2.legacy.i386.rpm
55805c44030bd081907ef461a9d752c16ec66907
redhat/9/updates/i386/openmotif-devel-2.2.2-14.2.legacy.i386.rpm
4ac7fe6bbc1c51cc954349fa7fb9428184d0da79
redhat/9/updates/SRPMS/openmotif21-2.1.30-8.0.9.2.legacy.src.rpm
4e4a5d7c2554a082075bbd7990aaa2c289cc74df
redhat/9/updates/SRPMS/openmotif-2.2.2-14.2.legacy.src.rpm
4b3d11f17b6997670140d6b39086050ea77928bc
fedora/1/updates/i386/openmotif21-2.1.30-8.2.legacy.i386.rpm
1e7c9aa8fa59add13c049193bfcadc6cf9f18613
fedora/1/updates/i386/openmotif-2.2.2-16.1.2.legacy.i386.rpm
14b5b94cad04f7d08e287651be552ff37adb38f8
fedora/1/updates/i386/openmotif-devel-2.2.2-16.1.2.legacy.i386.rpm
45fb3379e2a7c981bc5f7a43395bf793ba1135ac
fedora/1/updates/SRPMS/openmotif21-2.1.30-8.2.legacy.src.rpm
301a695b034118ceee64f92b0778a08919871374
fedora/1/updates/SRPMS/openmotif-2.2.2-16.1.2.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
4.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated sudo packages fix security issue
Advisory ID: FLSA:152856
Issue date: 2005-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-1051
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated sudo packages that fix a security issue are now available.
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
A flaw in exists in sudo's environment sanitizing prior to sudo version
1.6.8p2 that could allow a malicious user with permission to run a shell
script that utilized the bash shell to run arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1051 to this issue.
Users of sudo are advised to upgrade to these errata packages, which
contain a patch correcting this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152856
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sudo-1.6.5p2-2.2.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sudo-1.6.6-3.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/sudo-1.6.6-3.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sudo-1.6.7p5-2.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/sudo-1.6.7p5-2.2.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
19c703b635c9e4299d39b60d9cd16d750a4f6d89
redhat/7.3/updates/i386/sudo-1.6.5p2-2.2.legacy.i386.rpm
9225335d8ca64ca7e1cb1fd98a09a9821ab9b0d8
redhat/7.3/updates/SRPMS/sudo-1.6.5p2-2.2.legacy.src.rpm
73e1ce58ba8f6c211da4271d8f7a792aa01acba2
redhat/9/updates/i386/sudo-1.6.6-3.2.legacy.i386.rpm
4a9c1de46d43694ec94688cfc021ade0dc0b1678
redhat/9/updates/SRPMS/sudo-1.6.6-3.2.legacy.src.rpm
a990c5c070acd9ae8c50181487f2f9cdacb38378
fedora/1/updates/i386/sudo-1.6.7p5-2.2.legacy.i386.rpm
fe6b14daf1f5190e7d39625d6048bb415ba8851c
fedora/1/updates/SRPMS/sudo-1.6.7p5-2.2.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1051
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
5.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated nfs-utils package fixes security issue
Advisory ID: FLSA:152871
Issue date: 2005-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-1014
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
An updated nfs-utils package that fixes a security issue is now
available.
The nfs-utils package provides a daemon for the kernel NFS server and
related tools, providing a much higher level of performance than the
traditional Linux NFS server used by most users.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
SGI reported that the statd daemon did not properly handle the SIGPIPE
signal. A misconfigured or malicious peer could cause statd to crash,
leading to a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1014 to this
issue.
All users of nfs-utils should upgrade to this updated package, which
resolves this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152871
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
8c5abe86dcf8c54d71fdb7431df159405fed830b
redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm
e6ed500f9a027f882410942eeba7807a02e7684a
redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm
4b5a41715061a0d4e04d2b7310657ccf9cb1a3cb
redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm
37e2bb721b47e569bd9e6ee922532f9d9e8dcde3
redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm
8720cd5101f6d989e2f0695a54049561644ccd93
fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm
7320e145578c605b50ab7dcfb46ff4c152b0487c
fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
6.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated imap packages fix security issues
Advisory ID: FLSA:152912
Issue date: 2005-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2003-0297 CAN-2005-0198
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated imap packages that fix security issues are now available.
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description:
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0297
to this issue.
A logic error in the CRAM-MD5 code in the University of Washington IMAP
(UW-IMAP) server was discovered. When Challenge-Response Authentication
Mechanism with MD5 (CRAM-MD5) is enabled, UW-IMAP does not properly enforce
all the required conditions for successful authentication, which could
allow remote attackers to authenticate as arbitrary users. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0198 to this issue.
Users of imap are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152912
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/imap-2001a-10.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/imap-2001a-10.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/imap-devel-2001a-10.1.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/imap-2001a-18.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/imap-2001a-18.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/imap-devel-2001a-18.1.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/imap-2002d-3.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/imap-2002d-3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/imap-devel-2002d-3.1.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
3dac230d4b4ed898d1adaf3e58ce5b13e80159dc
redhat/7.3/updates/i386/imap-2001a-10.1.legacy.i386.rpm
766f42e2292693d1b0500dc151823d13382595c5
redhat/7.3/updates/i386/imap-devel-2001a-10.1.legacy.i386.rpm
787996b44c48692932c345e72d32b4460576570e
redhat/7.3/updates/SRPMS/imap-2001a-10.1.legacy.src.rpm
f4998e31f0121b54e6b618007a6c1a7ff8a08182
redhat/9/updates/i386/imap-2001a-18.1.legacy.i386.rpm
d99cd4c0c0c83328a309c0263682dfbaa4e752ed
redhat/9/updates/i386/imap-devel-2001a-18.1.legacy.i386.rpm
6f8cac716e78dfcfe307dc5b4db6c604e2f47049
redhat/9/updates/SRPMS/imap-2001a-18.1.legacy.src.rpm
69ef237bbd50fc425e00be7093d3de1ddd919de1
fedora/1/updates/i386/imap-2002d-3.1.legacy.i386.rpm
028d73692c13e4182788605987d246629e24df07
fedora/1/updates/i386/imap-devel-2002d-3.1.legacy.i386.rpm
732db7ca229fc939456a2db14ae65c46f2fd7586
fedora/1/updates/SRPMS/imap-2002d-3.1.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0198
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
7.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated openoffice.org packages fix security issues
Advisory ID: FLSA:154988
Issue date: 2005-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0752 CAN-2005-0941
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
Updated openoffice.org packages that fix two security issues are now
available.
OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation
manager, formula editor, and drawing program.
2. Relevant releases/architectures:
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
3. Problem description:
Secunia Research reported an issue with the handling of temporary
files. A malicious local user could use this flaw to access the contents
of another user's open documents. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to
this issue.
A heap based buffer overflow bug was found in the OpenOffice.org DOC
file processor. An attacker could create a carefully crafted DOC file in
such a way that it could cause OpenOffice.org to execute arbitrary code
when the file was opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to
this issue.
All users of OpenOffice.org are advised to upgrade to these updated
packages which contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154989
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154988
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742
6. RPMs required:
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-1.0.2-11.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
8b3935db6ed8864aa0839971c272eacd4cb46963
redhat/9/updates/i386/openoffice-1.0.2-11.2.legacy.i386.rpm
b3bbc948ec2c261fe0b44bc5f6ffd0d38243c241
redhat/9/updates/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm
fc5a82e620de2fd69f3327382a44c6159c73087d
redhat/9/updates/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm
b71dd5e5630c2967e78d4e9339075d736b6b6773
redhat/9/updates/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm
e93f1b81c245b1d5168256b24aa8c82f6dacb2da
fedora/1/updates/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm
1adaa0cf3764aaef0cd8a9597d24f217ee547d0a
fedora/1/updates/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm
2ebd3693673e0320c2d6407696949cf0fef2b9b3
fedora/1/updates/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm
d9ca1a29721ad845db6de1a01c6096163e54078d
fedora/1/updates/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm
a28d80af75d648060587326ef3872a240e339b87
fedora/2/updates/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm
ff7f301dfedbb042810991928ec59aee83c2b12e
fedora/2/updates/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm
ed14c1e035b9a1fa44b1c16812bae81894d74828
fedora/2/updates/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm
06e156914d032b19deb05c27da73fd6901b45fe5
fedora/2/updates/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm
a003e78128a72b0d297d0fdb5faf5e1793cd02e6
fedora/2/updates/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
8.
- ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated cvs package fixes security issues
Advisory ID: FLSA:155508
Issue date: 2005-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2005-0753
- ---------------------------------------------------------------------
- ---------------------------------------------------------------------
1. Topic:
An updated cvs package that fixes security bugs is now available.
CVS (Concurrent Version System) is a version control system.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
3. Problem description:
A buffer overflow bug was found in the way the CVS client processes version
and author information. If a user can be tricked into connecting to a
malicious CVS server, an attacker could execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0753 to this issue.
All users of cvs should upgrade to this updated package, which includes a
backported patch to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155508
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cvs-1.11.1p1-17.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cvs-1.11.1p1-17.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cvs-1.11.2-25.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/cvs-1.11.2-25.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cvs-1.11.17-1.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/cvs-1.11.17-1.2.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/cvs-1.11.17-2.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/cvs-1.11.17-2.2.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
- ---------------------------------------------------------------------
44748e23bd996cce24d4ee94f8d690d54c9f02bd
redhat/7.3/updates/i386/cvs-1.11.1p1-17.legacy.i386.rpm
742788f35e8aaaa5ea2914cc30138f81ca733720
redhat/7.3/updates/SRPMS/cvs-1.11.1p1-17.legacy.src.rpm
388ff1fb3678bbe9f548dd0de3b4c34a6b96edd0
redhat/9/updates/i386/cvs-1.11.2-25.legacy.i386.rpm
cbe6667d386716c93de98f33f6a0e52ab4b2224f
redhat/9/updates/SRPMS/cvs-1.11.2-25.legacy.src.rpm
e88e07e612ef9a98760d7621feb62676c18744c2
fedora/1/updates/i386/cvs-1.11.17-1.2.legacy.i386.rpm
83f4ea1da32946f9d77dd0fc70ea8d8b651b15d3
fedora/1/updates/SRPMS/cvs-1.11.17-1.2.legacy.src.rpm
e939ea46087822a17a68b6997ffd47df6cbe60bd
fedora/2/updates/i386/cvs-1.11.17-2.2.legacy.i386.rpm
b5fc3ff86a90d18e9515fe151e1915878c2aabf6
fedora/2/updates/SRPMS/cvs-1.11.17-2.2.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
9. Contact:
The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org