Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2005 > Three Red Hat Security Advisories: 1. RHSA-2005:416-01 - kdbg security update 2. RHSA-2005:480-01 - ImageMagick security update 3. RHSA-2005:481-01 - openssh security update

June 2005

Three Red Hat Security Advisories: 1. RHSA-2005:416-01 - kdbg security update 2. RHSA-2005:480-01 - ImageMagick security update 3. RHSA-2005:481-01 - openssh security update

ID: 00461
Ref: 427/2005
Date: 03 June 2005:14:52:44
Version: 1
Title: Three Red Hat Security Advisories: 1. RHSA-2005:416-01 - kdbg security update 2. RHSA-2005:480-01 - ImageMagick security update 3. RHSA-2005:481-01 - openssh security update
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====

Three Red Hat Security Advisories:

1. RHSA-2005:416-01 - kdbg security update

2. RHSA-2005:480-01 - ImageMagick security update

3. RHSA-2005:481-01 - openssh security update

Detail
======

1. Kdbg is a K Desktop Environment (KDE) GUI for gdb, the GNU debugger.
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file.
If a program is located in a world-writable location, it is possible for a
local user to inject malicious commands. These commands are then executed
with the permission of any user that runs Kdbg. The Common Vulnerabilities
and Exposures project assigned the name CAN-2003-0644 to this issue.

2. ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.
A denial of service bug was found in the way ImageMagick parses XWD files.
A user or program executing ImageMagick to process a malicious XWD file can
cause ImageMagick to enter an infinite loop causing a denial of service
condition. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1739 to this issue.

3. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH
replaces rlogin and rsh, and provides secure encrypted communications
between two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over a secure channel. Public
key authentication can be used for "passwordless" access to servers.




1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: kdbg security update
Advisory ID: RHSA-2005:416-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-416.html
Issue date: 2005-06-02
Updated on: 2005-06-02
Product: Red Hat Enterprise Linux
CVE Names: CAN-2003-0644
- - ---------------------------------------------------------------------

1. Summary:

An updated kdbg package that fixes a minor security issue is now available
for Red Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Kdbg is a K Desktop Environment (KDE) GUI for gdb, the GNU debugger.

Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file.
If a program is located in a world-writable location, it is possible for a
local user to inject malicious commands. These commands are then executed
with the permission of any user that runs Kdbg. The Common Vulnerabilities
and Exposures project assigned the name CAN-2003-0644 to this issue.

Users of Kdbg should upgrade to this updated package, which contains a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155917 - CAN-2003-0644 kdbg arbitrary command execution


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959 kdbg-1.2.1-7.src.rpm

i386:
42febfeae98126086022d45f5ac91815 kdbg-1.2.1-7.i386.rpm

ia64:
3b96bfde38afa4aa861cfce88288a32f kdbg-1.2.1-7.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959 kdbg-1.2.1-7.src.rpm

ia64:
3b96bfde38afa4aa861cfce88288a32f kdbg-1.2.1-7.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959 kdbg-1.2.1-7.src.rpm

i386:
42febfeae98126086022d45f5ac91815 kdbg-1.2.1-7.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdbg-1.2.1-7.src.rpm
cf1154f5fb61b845d9293bb78fefb959 kdbg-1.2.1-7.src.rpm

i386:
42febfeae98126086022d45f5ac91815 kdbg-1.2.1-7.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0644

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCnxjLXlSAg2UNWIIRAo/JAJsEmyXfo7uFgz6NBkAK4zmO+C4g0gCgiuuq
rHIG69y+YCYxsPVZvEbmBks=
=kgSx
- -----END PGP SIGNATURE-----


- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: ImageMagick security update
Advisory ID: RHSA-2005:480-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-480.html
Issue date: 2005-06-02
Updated on: 2005-06-02
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1739
- - ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix a denial of service issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

A denial of service bug was found in the way ImageMagick parses XWD files.
A user or program executing ImageMagick to process a malicious XWD file can
cause ImageMagick to enter an infinite loop causing a denial of service
condition. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1739 to this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

158790 - CAN-2005-1739 ImageMagick XWD denial of service


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471 ImageMagick-5.3.8-11.src.rpm

i386:
29d857ce50489007b6bedae13392e927 ImageMagick-5.3.8-11.i386.rpm
9e6f53faf20dd43f7ea4e516a388a7b1 ImageMagick-c++-5.3.8-11.i386.rpm
e8d10978dbe5572e22d95072873d2bb2 ImageMagick-c++-devel-5.3.8-11.i386.rpm
8de1d81248b114305386e8304745b3f4 ImageMagick-devel-5.3.8-11.i386.rpm
256ac3928b8dfd8c9d4468daa25ebac2 ImageMagick-perl-5.3.8-11.i386.rpm

ia64:
8fd2071f961e5875ff3f42757bac699a ImageMagick-5.3.8-11.ia64.rpm
4185da8445f0e7a957af55f173086c98 ImageMagick-c++-5.3.8-11.ia64.rpm
2e8548851252ed751bb5dfda02d1a50f ImageMagick-c++-devel-5.3.8-11.ia64.rpm
67b963d92f5e39bd92a6b81d90158e42 ImageMagick-devel-5.3.8-11.ia64.rpm
c61b0475efcfd3b3e3820d8fbb37cff5 ImageMagick-perl-5.3.8-11.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471 ImageMagick-5.3.8-11.src.rpm

ia64:
8fd2071f961e5875ff3f42757bac699a ImageMagick-5.3.8-11.ia64.rpm
4185da8445f0e7a957af55f173086c98 ImageMagick-c++-5.3.8-11.ia64.rpm
2e8548851252ed751bb5dfda02d1a50f ImageMagick-c++-devel-5.3.8-11.ia64.rpm
67b963d92f5e39bd92a6b81d90158e42 ImageMagick-devel-5.3.8-11.ia64.rpm
c61b0475efcfd3b3e3820d8fbb37cff5 ImageMagick-perl-5.3.8-11.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471 ImageMagick-5.3.8-11.src.rpm

i386:
29d857ce50489007b6bedae13392e927 ImageMagick-5.3.8-11.i386.rpm
9e6f53faf20dd43f7ea4e516a388a7b1 ImageMagick-c++-5.3.8-11.i386.rpm
e8d10978dbe5572e22d95072873d2bb2 ImageMagick-c++-devel-5.3.8-11.i386.rpm
8de1d81248b114305386e8304745b3f4 ImageMagick-devel-5.3.8-11.i386.rpm
256ac3928b8dfd8c9d4468daa25ebac2 ImageMagick-perl-5.3.8-11.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-11.src.rpm
4f2d06916d4d66facff4fdf9ade14471 ImageMagick-5.3.8-11.src.rpm

i386:
29d857ce50489007b6bedae13392e927 ImageMagick-5.3.8-11.i386.rpm
9e6f53faf20dd43f7ea4e516a388a7b1 ImageMagick-c++-5.3.8-11.i386.rpm
e8d10978dbe5572e22d95072873d2bb2 ImageMagick-c++-devel-5.3.8-11.i386.rpm
8de1d81248b114305386e8304745b3f4 ImageMagick-devel-5.3.8-11.i386.rpm
256ac3928b8dfd8c9d4468daa25ebac2 ImageMagick-perl-5.3.8-11.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224 ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae ImageMagick-perl-5.5.6-15.i386.rpm

ia64:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
9e1fb3492b2f6514ef748e82a085324e ImageMagick-5.5.6-15.ia64.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
d53274a25d6cd84016290bf43464bbb2 ImageMagick-c++-5.5.6-15.ia64.rpm
33028fce7a907b47cec4a020ecae011a ImageMagick-c++-devel-5.5.6-15.ia64.rpm
ec13348ceaf8471859db013954fddb31 ImageMagick-devel-5.5.6-15.ia64.rpm
aa715e8d12ef850cb4872d75b1c531b5 ImageMagick-perl-5.5.6-15.ia64.rpm

ppc:
4123cd210c940b4fd2e54efea2c77f08 ImageMagick-5.5.6-15.ppc.rpm
682bea473db9f29edc663f72aa248384 ImageMagick-5.5.6-15.ppc64.rpm
3fcf9b0c4aed0f44f6aba501aaad98dc ImageMagick-c++-5.5.6-15.ppc.rpm
14927a82fdfc9d871c9394e7e7a7b536 ImageMagick-c++-5.5.6-15.ppc64.rpm
fca2c1b33f09b57215357cb6fea70e54 ImageMagick-c++-devel-5.5.6-15.ppc.rpm
8a77423c8a04f7620901ddd35d331735 ImageMagick-devel-5.5.6-15.ppc.rpm
49fd071ebcd94bfe8574c9b36cf43adf ImageMagick-perl-5.5.6-15.ppc.rpm

s390:
76b91832f75673b8a497cdac91bd31e9 ImageMagick-5.5.6-15.s390.rpm
5f6dd4a035cc8179b9b012e5a0237626 ImageMagick-c++-5.5.6-15.s390.rpm
97b01bf6e66b318b7d0fa89bebb65778 ImageMagick-c++-devel-5.5.6-15.s390.rpm
0b42f1af88f0eb3b5dc3b839cb1d10f2 ImageMagick-devel-5.5.6-15.s390.rpm
cb9f08a24d35dd047b0f7d8af367db75 ImageMagick-perl-5.5.6-15.s390.rpm

s390x:
76b91832f75673b8a497cdac91bd31e9 ImageMagick-5.5.6-15.s390.rpm
563ee35a0e86ac5a63d47f592f4c799d ImageMagick-5.5.6-15.s390x.rpm
5f6dd4a035cc8179b9b012e5a0237626 ImageMagick-c++-5.5.6-15.s390.rpm
c19dd2c5ab2a49e2503be784090f836d ImageMagick-c++-5.5.6-15.s390x.rpm
0bd4e2b14e307a46b605f0fa5983065c ImageMagick-c++-devel-5.5.6-15.s390x.rpm
853a1b45e0b05e47234f1fb513ddd0aa ImageMagick-devel-5.5.6-15.s390x.rpm
715542ebf0d949292d7faa276f30268f ImageMagick-perl-5.5.6-15.s390x.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90 ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3 ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13 ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209 ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224 ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae ImageMagick-perl-5.5.6-15.i386.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90 ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3 ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13 ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209 ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224 ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae ImageMagick-perl-5.5.6-15.i386.rpm

ia64:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
9e1fb3492b2f6514ef748e82a085324e ImageMagick-5.5.6-15.ia64.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
d53274a25d6cd84016290bf43464bbb2 ImageMagick-c++-5.5.6-15.ia64.rpm
33028fce7a907b47cec4a020ecae011a ImageMagick-c++-devel-5.5.6-15.ia64.rpm
ec13348ceaf8471859db013954fddb31 ImageMagick-devel-5.5.6-15.ia64.rpm
aa715e8d12ef850cb4872d75b1c531b5 ImageMagick-perl-5.5.6-15.ia64.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90 ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3 ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13 ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209 ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-15.src.rpm
301a00021776d4f188605742c94f0b8a ImageMagick-5.5.6-15.src.rpm

i386:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
569a2203828ff2b16e1c0eb92f965224 ImageMagick-c++-devel-5.5.6-15.i386.rpm
7cc96a34a668fd7f314d95735cb71fee ImageMagick-devel-5.5.6-15.i386.rpm
4979f4c11e059bc12af2b2d3690da3ae ImageMagick-perl-5.5.6-15.i386.rpm

ia64:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
9e1fb3492b2f6514ef748e82a085324e ImageMagick-5.5.6-15.ia64.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
d53274a25d6cd84016290bf43464bbb2 ImageMagick-c++-5.5.6-15.ia64.rpm
33028fce7a907b47cec4a020ecae011a ImageMagick-c++-devel-5.5.6-15.ia64.rpm
ec13348ceaf8471859db013954fddb31 ImageMagick-devel-5.5.6-15.ia64.rpm
aa715e8d12ef850cb4872d75b1c531b5 ImageMagick-perl-5.5.6-15.ia64.rpm

x86_64:
5d68f451ac707bb254d337ab21a0a849 ImageMagick-5.5.6-15.i386.rpm
cd0fcfc5e003565c49b5def166664d90 ImageMagick-5.5.6-15.x86_64.rpm
584e18c73cb563e01c9633a37d512b72 ImageMagick-c++-5.5.6-15.i386.rpm
827b38ad955db88ad39cfabe8e8b130d ImageMagick-c++-5.5.6-15.x86_64.rpm
63cdf617d48fea4a5c612419ed3a6cd3 ImageMagick-c++-devel-5.5.6-15.x86_64.rpm
3e88d96fd6b457b87a9a09df3fdd7f13 ImageMagick-devel-5.5.6-15.x86_64.rpm
11f52905f429e2493e5d7a8389b1f209 ImageMagick-perl-5.5.6-15.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1 ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1 ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0 ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171 ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d ImageMagick-perl-6.0.7.1-12.i386.rpm

ia64:
83a28bb6abd133f44e38dc8d4ea4b7fe ImageMagick-6.0.7.1-12.ia64.rpm
fde375f425caf2ec5af75dfe2f5bb9b1 ImageMagick-c++-6.0.7.1-12.ia64.rpm
b35fefe5b3a71078d50b6ffe9ea5c539 ImageMagick-c++-devel-6.0.7.1-12.ia64.rpm
6c6445c9e53aa34fa80805635e04b0e1 ImageMagick-devel-6.0.7.1-12.ia64.rpm
1110d8e9a6132231e0ae2507869f5304 ImageMagick-perl-6.0.7.1-12.ia64.rpm

ppc:
d189a4469dd2f90b9d35bbe60f3d083f ImageMagick-6.0.7.1-12.ppc.rpm
715a5a06ab9af792a05c532a1f553b87 ImageMagick-c++-6.0.7.1-12.ppc.rpm
5ea378a0e882a45ef8002de48267e679 ImageMagick-c++-devel-6.0.7.1-12.ppc.rpm
6ec0e5ec15dcf1fe47039df0b82d077e ImageMagick-devel-6.0.7.1-12.ppc.rpm
f37bef0ed88111d62b8b4d2d4af7d860 ImageMagick-perl-6.0.7.1-12.ppc.rpm

s390:
c7d2e6f1fcffacb6d96e7b57341297e5 ImageMagick-6.0.7.1-12.s390.rpm
2a1766ff8c2bccf8b5937880c5db2670 ImageMagick-c++-6.0.7.1-12.s390.rpm
e6cbe9c671906490cbeaf13d8f393deb ImageMagick-c++-devel-6.0.7.1-12.s390.rpm
f7002ffc41bbb99132e0c86d13542988 ImageMagick-devel-6.0.7.1-12.s390.rpm
943ab37d8e1a3663499680239d55ee2b ImageMagick-perl-6.0.7.1-12.s390.rpm

s390x:
f0edbdfc756f3a2ecbe36832e620060e ImageMagick-6.0.7.1-12.s390x.rpm
e42f66e8f8e8d91b502f9add05e8a8b5 ImageMagick-c++-6.0.7.1-12.s390x.rpm
0a6786a71220438aecc74852f5408ab7 ImageMagick-c++-devel-6.0.7.1-12.s390x.rpm
cebe4e002919267a25893ad73f0c6c9d ImageMagick-devel-6.0.7.1-12.s390x.rpm
fe56e7517a0ec368aa767da61b2feacc ImageMagick-perl-6.0.7.1-12.s390x.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7 ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3 ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467 ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143 ImageMagick-perl-6.0.7.1-12.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1 ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1 ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0 ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171 ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d ImageMagick-perl-6.0.7.1-12.i386.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7 ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3 ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467 ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143 ImageMagick-perl-6.0.7.1-12.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1 ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1 ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0 ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171 ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d ImageMagick-perl-6.0.7.1-12.i386.rpm

ia64:
83a28bb6abd133f44e38dc8d4ea4b7fe ImageMagick-6.0.7.1-12.ia64.rpm
fde375f425caf2ec5af75dfe2f5bb9b1 ImageMagick-c++-6.0.7.1-12.ia64.rpm
b35fefe5b3a71078d50b6ffe9ea5c539 ImageMagick-c++-devel-6.0.7.1-12.ia64.rpm
6c6445c9e53aa34fa80805635e04b0e1 ImageMagick-devel-6.0.7.1-12.ia64.rpm
1110d8e9a6132231e0ae2507869f5304 ImageMagick-perl-6.0.7.1-12.ia64.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7 ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3 ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467 ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143 ImageMagick-perl-6.0.7.1-12.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-12.src.rpm
dbfdf1b8f554a3671f11cb9497ee5efb ImageMagick-6.0.7.1-12.src.rpm

i386:
9479e5e189f0f9403702d6516ba5dee1 ImageMagick-6.0.7.1-12.i386.rpm
4db8775cee4ff065e4fee07228d237b1 ImageMagick-c++-6.0.7.1-12.i386.rpm
f9b71076bd9d36ce8bda18806ae737d0 ImageMagick-c++-devel-6.0.7.1-12.i386.rpm
253948f11e5a9043fb0a2effc5f17171 ImageMagick-devel-6.0.7.1-12.i386.rpm
f8808d1b5827b6a2600707b542e67e8d ImageMagick-perl-6.0.7.1-12.i386.rpm

ia64:
83a28bb6abd133f44e38dc8d4ea4b7fe ImageMagick-6.0.7.1-12.ia64.rpm
fde375f425caf2ec5af75dfe2f5bb9b1 ImageMagick-c++-6.0.7.1-12.ia64.rpm
b35fefe5b3a71078d50b6ffe9ea5c539 ImageMagick-c++-devel-6.0.7.1-12.ia64.rpm
6c6445c9e53aa34fa80805635e04b0e1 ImageMagick-devel-6.0.7.1-12.ia64.rpm
1110d8e9a6132231e0ae2507869f5304 ImageMagick-perl-6.0.7.1-12.ia64.rpm

x86_64:
f350cd555b71f5933a790dd22fcc6d5f ImageMagick-6.0.7.1-12.x86_64.rpm
faec2cdd70fbd7ed939105615a8192b7 ImageMagick-c++-6.0.7.1-12.x86_64.rpm
b4bc15c8a2486da9d8ae15e4160ee0d3 ImageMagick-c++-devel-6.0.7.1-12.x86_64.rpm
a51a362d59ed899f863e2e765353a467 ImageMagick-devel-6.0.7.1-12.x86_64.rpm
4bee6531da546b17a42182b52d33a143 ImageMagick-perl-6.0.7.1-12.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1739

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCnxjyXlSAg2UNWIIRAoyJAJ4xqKovVH4mkP7Hd7QH2s+1BMN9EwCgmqbP
mNb/Mso6m8hPLhjXb24uPlk=
=4YbZ
- -----END PGP SIGNATURE-----


- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: openssh security update
Advisory ID: RHSA-2005:481-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-481.html
Issue date: 2005-06-02
Updated on: 2005-06-02
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0175
- - ---------------------------------------------------------------------

1. Summary:

Updated openssh packages that fix a potential security vulnerability and
various other bugs are now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH
replaces rlogin and rsh, and provides secure encrypted communications
between two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over a secure channel. Public
key authentication can be used for "passwordless" access to servers.

The scp protocol allows a server to instruct a client to write to arbitrary
files outside of the current directory. This could potentially cause a
security issue if a user uses scp to copy files from a malicious server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0175 to this issue.

These updated packages also correct the following bug:

On systems in which direct ssh access for the root user was disabled by
configuration (setting "PermitRootLogin no"), attempts to guess the root
password could be judged as sucessful or unsucessful by observing a delay.

Users of openssh should upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146881 - CAN-2004-0175 malicious ssh server can cause scp to write to arbitrary files
146882 - SSH allows attacker to divine root password


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0 openssh-3.1p1-18.src.rpm

i386:
f9a4ad5d4502a22246188c193300b05e openssh-3.1p1-18.i386.rpm
f55b10b912864dd554ed4907e62da0a5 openssh-askpass-3.1p1-18.i386.rpm
eadfcea8a8dec401a5df795bec13c6cd openssh-askpass-gnome-3.1p1-18.i386.rpm
afe0e8f5dceaa347cbde08277f17c3d2 openssh-clients-3.1p1-18.i386.rpm
b11eb4ff417d5c52e07b6dcc911cffab openssh-server-3.1p1-18.i386.rpm

ia64:
41edd025b8c1085e0bfe7c0a3a922151 openssh-3.1p1-18.ia64.rpm
f07ea6b9c163aa0a10d9f192d60e5432 openssh-askpass-3.1p1-18.ia64.rpm
84e4947066a71f613b29320c82d2a862 openssh-askpass-gnome-3.1p1-18.ia64.rpm
09351afec720211c67a4694c848dde3d openssh-clients-3.1p1-18.ia64.rpm
0e0035471647317e577c92c7a8445123 openssh-server-3.1p1-18.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0 openssh-3.1p1-18.src.rpm

ia64:
41edd025b8c1085e0bfe7c0a3a922151 openssh-3.1p1-18.ia64.rpm
f07ea6b9c163aa0a10d9f192d60e5432 openssh-askpass-3.1p1-18.ia64.rpm
84e4947066a71f613b29320c82d2a862 openssh-askpass-gnome-3.1p1-18.ia64.rpm
09351afec720211c67a4694c848dde3d openssh-clients-3.1p1-18.ia64.rpm
0e0035471647317e577c92c7a8445123 openssh-server-3.1p1-18.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0 openssh-3.1p1-18.src.rpm

i386:
f9a4ad5d4502a22246188c193300b05e openssh-3.1p1-18.i386.rpm
f55b10b912864dd554ed4907e62da0a5 openssh-askpass-3.1p1-18.i386.rpm
eadfcea8a8dec401a5df795bec13c6cd openssh-askpass-gnome-3.1p1-18.i386.rpm
afe0e8f5dceaa347cbde08277f17c3d2 openssh-clients-3.1p1-18.i386.rpm
b11eb4ff417d5c52e07b6dcc911cffab openssh-server-3.1p1-18.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssh-3.1p1-18.src.rpm
cbfd591f56a699edc21db98ddbe7f4f0 openssh-3.1p1-18.src.rpm

i386:
f9a4ad5d4502a22246188c193300b05e openssh-3.1p1-18.i386.rpm
f55b10b912864dd554ed4907e62da0a5 openssh-askpass-3.1p1-18.i386.rpm
eadfcea8a8dec401a5df795bec13c6cd openssh-askpass-gnome-3.1p1-18.i386.rpm
afe0e8f5dceaa347cbde08277f17c3d2 openssh-clients-3.1p1-18.i386.rpm
b11eb4ff417d5c52e07b6dcc911cffab openssh-server-3.1p1-18.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCnxkjXlSAg2UNWIIRAgDLAJkBmsJ0k+UDtERrh10mgoXibyrFMACgkyEl
U9GtcvygxNO0uKY2A2+FUQI=
=9LGM
- -----END PGP SIGNATURE-----


- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |