Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > December 2005 > Nine Red Hat Security Advisories

December 2005

Nine Red Hat Security Advisories

ID: 01122
Ref: 1054/2005
Date: 21 December 2005:13:21:20
Version: 1
Title: Nine Red Hat Security Advisories
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====

Nine Red Hat Security Advisories:

1. RHSA-2005:840-02 - Important: xpdf security update

2. RHSA-2005:843-01 - Moderate: netpbm security update

3. RHSA-2005:864-01 - Important: udev security update

4. RHSA-2005:867-01 - Important: gpdf security update

5. RHSA-2005:868-01 - Important: kdegraphics security update

6. RHSA-2005:875-01 - Moderate: curl security update

7. RHSA-2005:878-01 - Important: cups security update

8. RHSA-2005:880-01 - Moderate: perl security update

9. RHSA-2005:881-01 - Moderate: perl security update


Detail
======

1. Several flaws were discovered in Xpdf. An attacker could construct a
carefully crafted PDF file that could cause Xpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.

2. A stack based buffer overflow bug was found in the way netpbm converts
Portable Anymap (PNM) files into Portable Network Graphics (PNG). A
specially crafted PNM file could allow an attacker to execute arbitrary
code by attempting to convert a PNM file to a PNG file when using pnmtopng
with the '-text' option. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3632 to this issue.

3. Richard Cunningham discovered a flaw in the way udev sets permissions on
various files in /dev/input. It may be possible for an authenticated
attacker to gather sensitive data entered by a user at the console, such as
passwords. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3631 to this issue.

4. Several flaws were discovered in gpdf. An attacker could construct a
carefully crafted PDF file that could cause gpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.

5. Several flaws were discovered in kpdf. An attacker could construct a
carefully crafted PDF file that could cause kpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.

6. Stefan Esser discovered an off-by-one bug in curl. It may be possible to
execute arbitrary code on a user's machine if the user can be tricked into
executing curl with a carefully crafted URL. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-4077 to this issue.

7. Several flaws were discovered in the way CUPS processes PDF files. An
attacker could construct a carefully crafted PDF file that could cause CUPS
to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3191,
CVE-2005-3192, and CVE-2005-3193 to these issues.

8. An integer overflow bug was found in Perl's format string processor. It is
possible for an attacker to cause perl to crash or execute arbitrary code
if the attacker is able to process a malicious format string. This issue
is only exploitable through a script which passes arbitrary untrusted
strings to the format string processor. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3962 to this issue.

9. An integer overflow bug was found in Perl's format string processor. It is
possible for an attacker to cause perl to crash or execute arbitrary code
if the attacker is able to process a malicious format string. This issue
is only exploitable through a script wich passes arbitrary untrusted
strings to the format string processor. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3962 to this issue.



1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: xpdf security update
Advisory ID: RHSA-2005:840-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-840.html
Issue date: 2005-12-06
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
- - ---------------------------------------------------------------------

1. Summary:

An updated xpdf package that fixes several security issues is now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

[Updated 20 Dec 2005]
The initial fix for these issues was incomplete. The packages have been
updated with a more complete fix.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The xpdf package is an X Window System-based viewer for Portable Document
Format (PDF) files.

Several flaws were discovered in Xpdf. An attacker could construct a
carefully crafted PDF file that could cause Xpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.

Users of Xpdf should upgrade to this updated package, which contains a
backported patch to resolve these issues.

Red Hat would like to thank Derek B. Noonburg for reporting this issue and
providing a patch.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

173888 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192)


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpdf-0.92-17.src.rpm
62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm

i386:
a35ec0b6b7dc5b0e3da4ef9693bb4f10 xpdf-0.92-17.i386.rpm

ia64:
35b35e3afa2988670448cbb11416f295 xpdf-0.92-17.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xpdf-0.92-17.src.rpm
62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm

ia64:
35b35e3afa2988670448cbb11416f295 xpdf-0.92-17.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xpdf-0.92-17.src.rpm
62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm

i386:
a35ec0b6b7dc5b0e3da4ef9693bb4f10 xpdf-0.92-17.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xpdf-0.92-17.src.rpm
62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm

i386:
a35ec0b6b7dc5b0e3da4ef9693bb4f10 xpdf-0.92-17.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-9.8.src.rpm
d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm

i386:
5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm

ia64:
a8a44a7875d791e4a41ebc523b2a4160 xpdf-2.02-9.8.ia64.rpm

ppc:
2f0bb7d6a85d9887b9a6f8baa48c1914 xpdf-2.02-9.8.ppc.rpm

s390:
bbcffd95a3f13dd2b007d4719a7baf10 xpdf-2.02-9.8.s390.rpm

s390x:
ec00da6cceeace46c20c8396564c7bc9 xpdf-2.02-9.8.s390x.rpm

x86_64:
710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-9.8.src.rpm
d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm

i386:
5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm

x86_64:
710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-9.8.src.rpm
d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm

i386:
5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm

ia64:
a8a44a7875d791e4a41ebc523b2a4160 xpdf-2.02-9.8.ia64.rpm

x86_64:
710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-9.8.src.rpm
d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm

i386:
5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm

ia64:
a8a44a7875d791e4a41ebc523b2a4160 xpdf-2.02-9.8.ia64.rpm

x86_64:
710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-11.10.src.rpm
d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm

i386:
79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm

ia64:
b058289401c54ace50b57dae59b86fa0 xpdf-3.00-11.10.ia64.rpm

ppc:
128da0cd0f68b2953c131369f2028939 xpdf-3.00-11.10.ppc.rpm

s390:
134f14919b8015aa392a0eab434d4d88 xpdf-3.00-11.10.s390.rpm

s390x:
1647a4a8b76bbe27b2c4dc30d47ee7b8 xpdf-3.00-11.10.s390x.rpm

x86_64:
05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-11.10.src.rpm
d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm

i386:
79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm

x86_64:
05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-11.10.src.rpm
d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm

i386:
79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm

ia64:
b058289401c54ace50b57dae59b86fa0 xpdf-3.00-11.10.ia64.rpm

x86_64:
05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-11.10.src.rpm
d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm

i386:
79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm

ia64:
b058289401c54ace50b57dae59b86fa0 xpdf-3.00-11.10.ia64.rpm

x86_64:
05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqD2hXlSAg2UNWIIRAuFcAJ9Lp/qOLd3JxaRxa6RnyvALaPU7+wCcDPQm
gApIKycM0ct7E2yto7I5tNM=
=eSTZ
- -----END PGP SIGNATURE-----


2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: netpbm security update
Advisory ID: RHSA-2005:843-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-843.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3632 CVE-2005-3662
- - ---------------------------------------------------------------------

1. Summary:

Updated netpbm packages that fix two security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The netpbm package contains a library of functions that support programs
for handling various graphics file formats.

A stack based buffer overflow bug was found in the way netpbm converts
Portable Anymap (PNM) files into Portable Network Graphics (PNG). A
specially crafted PNM file could allow an attacker to execute arbitrary
code by attempting to convert a PNM file to a PNG file when using pnmtopng
with the '-text' option. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3632 to this issue.

An "off by one" bug was found in the way netpbm converts Portable Anymap
(PNM) files into Portable Network Graphics (PNG). If a victim attempts to
convert a specially crafted 256 color PNM file to a PNG file, then it can
cause the pnmtopng utility to crash. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-3662 to this issue.

All users of netpbm should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

173342 - CVE-2005-3662 netpbm off by one error
173344 - CVE-2005-3632 Netpbm buffer overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

i386:
360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm
c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm
6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm

ia64:
c014f290d818568f0d58605aa3b143dd netpbm-9.24-9.AS21.6.ia64.rpm
ddddb9b88c82496eccab50ffc0173fc4 netpbm-devel-9.24-9.AS21.6.ia64.rpm
b11ae66486d6d362984ba99ab972b4b3 netpbm-progs-9.24-9.AS21.6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

ia64:
c014f290d818568f0d58605aa3b143dd netpbm-9.24-9.AS21.6.ia64.rpm
ddddb9b88c82496eccab50ffc0173fc4 netpbm-devel-9.24-9.AS21.6.ia64.rpm
b11ae66486d6d362984ba99ab972b4b3 netpbm-progs-9.24-9.AS21.6.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

i386:
360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm
c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm
6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

i386:
360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm
c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm
6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

ia64:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm
d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm
277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm

ppc:
b2a3cd86dbd9927b0ba1b6189886bcb5 netpbm-9.24-11.30.4.ppc.rpm
cab079cbf11baf472ce9b7d775dc897c netpbm-9.24-11.30.4.ppc64.rpm
37a16559b3e387d60c6095812dfa64a6 netpbm-devel-9.24-11.30.4.ppc.rpm
ff27be9c5b2075bf3ca9e27e0fe14383 netpbm-progs-9.24-11.30.4.ppc.rpm

s390:
2beab978ada99868ab0e9cc3180af5e2 netpbm-9.24-11.30.4.s390.rpm
b8de7d98668ff912c0c1f80bcb06de56 netpbm-devel-9.24-11.30.4.s390.rpm
b8907a301fef7ec9b53dc39cce290099 netpbm-progs-9.24-11.30.4.s390.rpm

s390x:
2beab978ada99868ab0e9cc3180af5e2 netpbm-9.24-11.30.4.s390.rpm
1da23fee520b2afe4f598f14afffe7b2 netpbm-9.24-11.30.4.s390x.rpm
dec2d8f223ebd2bf912bc6b3af987e42 netpbm-devel-9.24-11.30.4.s390x.rpm
8edfb12940f8ff15ab8e5043ed41b8bc netpbm-progs-9.24-11.30.4.s390x.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

ia64:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm
d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm
277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

ia64:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm
d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm
277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqB/hXlSAg2UNWIIRAgc+AJ0bjqkC48Nafghjh+oeIiWlHtDJ4wCfVRr2
AJhyAG7cNTBLyQzxts6KzuY=
=4OR+
- -----END PGP SIGNATURE-----


3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: udev security update
Advisory ID: RHSA-2005:864-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-864.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3631
- - ---------------------------------------------------------------------

1. Summary:

Updated udev packages that fix a security issue are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The udev package contains an implementation of devfs in userspace using
sysfs and /sbin/hotplug.

Richard Cunningham discovered a flaw in the way udev sets permissions on
various files in /dev/input. It may be possible for an authenticated
attacker to gather sensitive data entered by a user at the console, such as
passwords. The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3631 to this issue.

All users of udev should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

174845 - CVE-2005-3631 /dev/input/* incorrect permissions


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm
479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm

i386:
0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm

ia64:
117b4faf0ff4c5204b27f84da509e5eb udev-039-10.10.EL4.3.ia64.rpm

ppc:
e80ead84ea6e72323006f5f1cdcde4f1 udev-039-10.10.EL4.3.ppc.rpm

s390:
bf2a4abfe19dd9d37296e002d8308f74 udev-039-10.10.EL4.3.s390.rpm

s390x:
60b1c19d6b0c198054032c943368e633 udev-039-10.10.EL4.3.s390x.rpm

x86_64:
2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm
479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm

i386:
0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm

x86_64:
2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm
479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm

i386:
0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm

ia64:
117b4faf0ff4c5204b27f84da509e5eb udev-039-10.10.EL4.3.ia64.rpm

x86_64:
2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm
479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm

i386:
0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm

ia64:
117b4faf0ff4c5204b27f84da509e5eb udev-039-10.10.EL4.3.ia64.rpm

x86_64:
2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3631

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCCvXlSAg2UNWIIRAigZAJ9K2rGNCa6VkcvF2vs5pGe3J7khcwCfYmAX
NF7I3mQ5i9BTYm1D9R0UUCs=
=9r5j
- -----END PGP SIGNATURE-----


4.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: gpdf security update
Advisory ID: RHSA-2005:867-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-867.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
- - ---------------------------------------------------------------------

1. Summary:

An updated gpdf package that fixes several security issues is now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The gpdf package is a GNOME based viewer for Portable Document Format
(PDF) files.

Several flaws were discovered in gpdf. An attacker could construct a
carefully crafted PDF file that could cause gpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.

Users of gpdf should upgrade to this updated package, which contains a
backported patch to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

175100 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192)


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm
b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm

i386:
a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm

ia64:
d429fc7fef00acef1468cddd11d2bbea gpdf-2.8.2-7.3.ia64.rpm

ppc:
af418aad8b7c3b556359d41b42860745 gpdf-2.8.2-7.3.ppc.rpm

s390:
dc073f271f99420aea8d2bf7a3fc13a4 gpdf-2.8.2-7.3.s390.rpm

s390x:
3978d2d5f302b2313f6a06162dffdc20 gpdf-2.8.2-7.3.s390x.rpm

x86_64:
e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm
b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm

i386:
a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm

x86_64:
e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm
b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm

i386:
a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm

ia64:
d429fc7fef00acef1468cddd11d2bbea gpdf-2.8.2-7.3.ia64.rpm

x86_64:
e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm
b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm

i386:
a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm

ia64:
d429fc7fef00acef1468cddd11d2bbea gpdf-2.8.2-7.3.ia64.rpm

x86_64:
e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCDHXlSAg2UNWIIRApynAJ9nt+b/3/h5qyf+1sVMMvFq08pn0QCgui0T
70JHzFYMlday2f7El0UuEQ8=
=PPty
- -----END PGP SIGNATURE-----


5.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: kdegraphics security update
Advisory ID: RHSA-2005:868-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-868.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
- - ---------------------------------------------------------------------

1. Summary:

Updated kdegraphics packages that resolve several security issues in kpdf
are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a pdf file viewer.

Several flaws were discovered in kpdf. An attacker could construct a
carefully crafted PDF file that could cause kpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and
CVE-2005-3193 to these issues.

Users of kpdf should upgrade to these updated packages, which contain a
backported patch to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

175105 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192)


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm
d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm

i386:
216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm
6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm

ia64:
7859a256f616e79311a5faf64227bfdf kdegraphics-3.3.1-3.6.ia64.rpm
7f4312d4a79011edd8694f3b19106e78 kdegraphics-devel-3.3.1-3.6.ia64.rpm

ppc:
0beeafa85a6715a4040b7355bd21fda5 kdegraphics-3.3.1-3.6.ppc.rpm
4b4880c8edd72320b0fe475cb245a8e2 kdegraphics-devel-3.3.1-3.6.ppc.rpm

s390:
64bfbe394e5988987ab7d1784361e39a kdegraphics-3.3.1-3.6.s390.rpm
557cc641cf9c85e0dc44335b747e8970 kdegraphics-devel-3.3.1-3.6.s390.rpm

s390x:
cf7f965ab80723da2775442c931590d8 kdegraphics-3.3.1-3.6.s390x.rpm
b475339a5a98ddda8abf6f1b3838b5c0 kdegraphics-devel-3.3.1-3.6.s390x.rpm

x86_64:
b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm
358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm
d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm

i386:
216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm
6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm

x86_64:
b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm
358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm
d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm

i386:
216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm
6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm

ia64:
7859a256f616e79311a5faf64227bfdf kdegraphics-3.3.1-3.6.ia64.rpm
7f4312d4a79011edd8694f3b19106e78 kdegraphics-devel-3.3.1-3.6.ia64.rpm

x86_64:
b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm
358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm
d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm

i386:
216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm
6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm

ia64:
7859a256f616e79311a5faf64227bfdf kdegraphics-3.3.1-3.6.ia64.rpm
7f4312d4a79011edd8694f3b19106e78 kdegraphics-devel-3.3.1-3.6.ia64.rpm

x86_64:
b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm
358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCECXlSAg2UNWIIRAjE+AJ9LngBmern3q+WIU6KEmNn6NdIQzgCgjEd/
fo5pTSXVGAQPpznm0bgNd7U=
=tQeM
- -----END PGP SIGNATURE-----


6.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: curl security update
Advisory ID: RHSA-2005:875-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-875.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-4077
- - ---------------------------------------------------------------------

1. Summary:

Updated curl packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols.

Stefan Esser discovered an off-by-one bug in curl. It may be possible to
execute arbitrary code on a user's machine if the user can be tricked into
executing curl with a carefully crafted URL. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-4077 to this issue.

All users of curl are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

175266 - CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm
83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm

i386:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm

ia64:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
db6a1983890b2d4b9c087047703ffbfa curl-7.12.1-8.rhel4.ia64.rpm
c1ee175858e2694554850a6074e05a78 curl-devel-7.12.1-8.rhel4.ia64.rpm

ppc:
c102b9482bfea7ed549468cbd527643a curl-7.12.1-8.rhel4.ppc.rpm
5dca0663e9cea384f6c4b07d2b2c819e curl-7.12.1-8.rhel4.ppc64.rpm
1d695a5ff574dfb7e04ad1f71eed6334 curl-devel-7.12.1-8.rhel4.ppc.rpm

s390:
71d21e63880d3f4f620e5bb7c2aa7786 curl-7.12.1-8.rhel4.s390.rpm
95b81b8528ed3f77e72ba904b3438f6c curl-devel-7.12.1-8.rhel4.s390.rpm

s390x:
71d21e63880d3f4f620e5bb7c2aa7786 curl-7.12.1-8.rhel4.s390.rpm
2975ba72bc7b028a73cb8f34c4e02c7c curl-7.12.1-8.rhel4.s390x.rpm
e1f25c48b701ba616cf9cc8f340107f4 curl-devel-7.12.1-8.rhel4.s390x.rpm

x86_64:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm
257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm
83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm

i386:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm

x86_64:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm
257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm
83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm

i386:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm

ia64:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
db6a1983890b2d4b9c087047703ffbfa curl-7.12.1-8.rhel4.ia64.rpm
c1ee175858e2694554850a6074e05a78 curl-devel-7.12.1-8.rhel4.ia64.rpm

x86_64:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm
257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm
83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm

i386:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm

ia64:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
db6a1983890b2d4b9c087047703ffbfa curl-7.12.1-8.rhel4.ia64.rpm
c1ee175858e2694554850a6074e05a78 curl-devel-7.12.1-8.rhel4.ia64.rpm

x86_64:
8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm
cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm
257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCEgXlSAg2UNWIIRAnL2AJ0au7M8t7kLNAiN35uoOkG9/JecCwCeOuRH
wp99YbwLnuDepBeiq0ULGOc=
=omxg
- -----END PGP SIGNATURE-----


7.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: cups security update
Advisory ID: RHSA-2005:878-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-878.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
- - ---------------------------------------------------------------------

1. Summary:

Updated CUPS packages that fix multiple security issues are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Several flaws were discovered in the way CUPS processes PDF files. An
attacker could construct a carefully crafted PDF file that could cause CUPS
to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3191,
CVE-2005-3192, and CVE-2005-3193 to these issues.

All users of CUPS should upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

175645 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192)


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm
5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm

i386:
6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm
8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm

ia64:
2b5227adaa4067c3ae00123b111ec202 cups-1.1.17-13.3.34.ia64.rpm
bc4eb43419e0914d27ae7e28272fbc62 cups-devel-1.1.17-13.3.34.ia64.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm
4130b86879fd4560b8ce7425415f50de cups-libs-1.1.17-13.3.34.ia64.rpm

ppc:
36b424532fa9e47ec5464d2ce3ddee9c cups-1.1.17-13.3.34.ppc.rpm
6dd01d61c3a8245ce2f9b4aa93a404f6 cups-devel-1.1.17-13.3.34.ppc.rpm
95798e222ce9388ca26d52306d91bf79 cups-libs-1.1.17-13.3.34.ppc.rpm
4119d70822a8b14b70d0693adcc24a84 cups-libs-1.1.17-13.3.34.ppc64.rpm

s390:
50cb26f6a50c17e5832e1b2729429920 cups-1.1.17-13.3.34.s390.rpm
9285ffc9691aae167241b80cd191cf4b cups-devel-1.1.17-13.3.34.s390.rpm
3a97374955e71eb48fd249fd67ec07a4 cups-libs-1.1.17-13.3.34.s390.rpm

s390x:
848068e7af6be3c449ec8727ffc4c096 cups-1.1.17-13.3.34.s390x.rpm
d286c2a1183a0e51abbf1d5190b8ec16 cups-devel-1.1.17-13.3.34.s390x.rpm
3a97374955e71eb48fd249fd67ec07a4 cups-libs-1.1.17-13.3.34.s390.rpm
d88f8c43f5e4037a0a2d0abb328b54a5 cups-libs-1.1.17-13.3.34.s390x.rpm

x86_64:
101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm
44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm
be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm
5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm

i386:
6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm
8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm

x86_64:
101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm
44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm
be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm
5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm

i386:
6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm
8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm

ia64:
2b5227adaa4067c3ae00123b111ec202 cups-1.1.17-13.3.34.ia64.rpm
bc4eb43419e0914d27ae7e28272fbc62 cups-devel-1.1.17-13.3.34.ia64.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm
4130b86879fd4560b8ce7425415f50de cups-libs-1.1.17-13.3.34.ia64.rpm

x86_64:
101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm
44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm
be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm
5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm

i386:
6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm
8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm

ia64:
2b5227adaa4067c3ae00123b111ec202 cups-1.1.17-13.3.34.ia64.rpm
bc4eb43419e0914d27ae7e28272fbc62 cups-devel-1.1.17-13.3.34.ia64.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm
4130b86879fd4560b8ce7425415f50de cups-libs-1.1.17-13.3.34.ia64.rpm

x86_64:
101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm
44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm
881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm
be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm
d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm

i386:
f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm
75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm

ia64:
fce05f1785514904e476428c143cacbf cups-1.1.22-0.rc1.9.9.ia64.rpm
ebf3ca248025a33cbb432f3f51dac1f3 cups-devel-1.1.22-0.rc1.9.9.ia64.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm
d673d6538e126c4374be81bf513000f2 cups-libs-1.1.22-0.rc1.9.9.ia64.rpm

ppc:
01c56000521d94ec20114c5d2fc9352a cups-1.1.22-0.rc1.9.9.ppc.rpm
5feab7e486e2044e721dcfe189564367 cups-devel-1.1.22-0.rc1.9.9.ppc.rpm
eaf2422032dc92e48bcd8edaefe2bd30 cups-libs-1.1.22-0.rc1.9.9.ppc.rpm
f826ff1b99dd00a120123eda6bcc3890 cups-libs-1.1.22-0.rc1.9.9.ppc64.rpm

s390:
f5ba40ec0ca7ec1e299ba2e83a54418a cups-1.1.22-0.rc1.9.9.s390.rpm
fc53e26073e8c43f3bef1b35f23ec242 cups-devel-1.1.22-0.rc1.9.9.s390.rpm
59f346d414766d86c69fc8ef135b2ce8 cups-libs-1.1.22-0.rc1.9.9.s390.rpm

s390x:
1cd6f5df3663a21dce64c3a84d96f2ed cups-1.1.22-0.rc1.9.9.s390x.rpm
16c8b331fd9484161427aa3f2bca5bfe cups-devel-1.1.22-0.rc1.9.9.s390x.rpm
59f346d414766d86c69fc8ef135b2ce8 cups-libs-1.1.22-0.rc1.9.9.s390.rpm
d14b17dee1958bf7dcd105f1997b515b cups-libs-1.1.22-0.rc1.9.9.s390x.rpm

x86_64:
8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm
1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm
0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm
d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm

i386:
f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm
75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm

x86_64:
8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm
1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm
0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm
d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm

i386:
f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm
75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm

ia64:
fce05f1785514904e476428c143cacbf cups-1.1.22-0.rc1.9.9.ia64.rpm
ebf3ca248025a33cbb432f3f51dac1f3 cups-devel-1.1.22-0.rc1.9.9.ia64.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm
d673d6538e126c4374be81bf513000f2 cups-libs-1.1.22-0.rc1.9.9.ia64.rpm

x86_64:
8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm
1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm
0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm
d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm

i386:
f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm
75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm

ia64:
fce05f1785514904e476428c143cacbf cups-1.1.22-0.rc1.9.9.ia64.rpm
ebf3ca248025a33cbb432f3f51dac1f3 cups-devel-1.1.22-0.rc1.9.9.ia64.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm
d673d6538e126c4374be81bf513000f2 cups-libs-1.1.22-0.rc1.9.9.ia64.rpm

x86_64:
8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm
1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm
4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm
0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCFBXlSAg2UNWIIRAtQZAJ0S9fuOETzgC8P1thEnk7L+PGG2IwCfeRIJ
MSfcuhoHq7Rhw6Otbjcm2sQ=
=SxR3
- -----END PGP SIGNATURE-----


8.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: perl security update
Advisory ID: RHSA-2005:880-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-880.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3962
- - ---------------------------------------------------------------------

1. Summary:

Updated Perl packages that fix security issues and bugs are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

An integer overflow bug was found in Perl's format string processor. It is
possible for an attacker to cause perl to crash or execute arbitrary code
if the attacker is able to process a malicious format string. This issue
is only exploitable through a script which passes arbitrary untrusted
strings to the format string processor. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3962 to this issue.

Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues as well as fixes for
several bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

170088 - bits/resource.ph has syntax errors
171111 - (libperl) could not run system-config-printer
172327 - getgrnam() crashes with "Out of memory" if /etc/group contains long lines
174683 - CVE-2005-3962 Perl integer overflow issue
175104 - MakeMaker::MM_Unix doesn't honor LD_RUN_PATH requirements
175129 - missing C standard headers


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

ia64:
bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm
70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm

ppc:
9865ec5607eb3ef32a39d1ba5969d34a perl-5.8.5-24.RHEL4.ppc.rpm
62c2ce1ff78671de1fca6bb34fc29fc5 perl-suidperl-5.8.5-24.RHEL4.ppc.rpm

s390:
b62ef568796c54ef8e0d8defb3931f41 perl-5.8.5-24.RHEL4.s390.rpm
e3fe98dd7c5b19aefc38597bab186327 perl-suidperl-5.8.5-24.RHEL4.s390.rpm

s390x:
b76f72b60b736d4c143bf8cbb435c789 perl-5.8.5-24.RHEL4.s390x.rpm
c55fbbc676950f192923a526fa0c2177 perl-suidperl-5.8.5-24.RHEL4.s390x.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

ia64:
bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm
70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

ia64:
bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm
70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCFnXlSAg2UNWIIRAlmEAJ9WwF1K5PXv6gboYPhhjxFz0ZOyCACeLcYR
AJEcdbkFKKYfo/JGrjFkTeE=
=R4d5
- -----END PGP SIGNATURE-----


9.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: perl security update
Advisory ID: RHSA-2005:881-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-881.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2004-0976 CVE-2005-0448 CVE-2005-3962
- - ---------------------------------------------------------------------

1. Summary:

Updated Perl packages that fix security issues and bugs are now available
for Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

An integer overflow bug was found in Perl's format string processor. It is
possible for an attacker to cause perl to crash or execute arbitrary code
if the attacker is able to process a malicious format string. This issue
is only exploitable through a script wich passes arbitrary untrusted
strings to the format string processor. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3962 to this issue.

Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module
removed directory trees. If a local user has write permissions to a
subdirectory within the tree being removed by File::Path::rmtree, it is
possible for them to create setuid binary files. (CVE-2005-0448)

Solar Designer discovered several temporary file bugs in various Perl
modules. A local attacker could overwrite or create files as the user
running a Perl script that uses a vulnerable module. (CVE-2004-0976)

Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues as well as fixes for
several bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

123176 - [RFE] Need new perl rpm release that fixes threaded memory leak
135975 - Perl's 'study' function breaks regexp matching
136325 - CVE-2004-0976 temporary file vulnerabilities in Perl
137075 - Apparent utf8 bug in Perl's join()
145215 - garbage after split()
147946 - Man::Pod does not return true
161053 - CVE-2005-0448 perl File::Path.pm rmtree race condition
165078 - Broken POSIX in perl-5.8.0
166732 - 'split'/'index' problem for utf8
172160 - perl bug # 22372: SIGSEGV in sv_chop()
172256 - bits/resource.ph has syntax errors
172317 - (libperl) could not run system-config-printer
174717 - CVE-2005-3962 Perl integer overflow issue
175135 - Cannot set undef timeout in perl 5.8.0 IO::Socket


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-5.8.0-90.4.src.rpm
732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm

i386:
78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm
69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm
92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm
e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm
b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm

ia64:
f3493073826f80edbfee6d980af7cc6a perl-5.8.0-90.4.ia64.rpm
c6dd319875d4b081955919c9f8b3eeba perl-CGI-2.89-90.4.ia64.rpm
69b76323d8bc7f3f5b40763d4260c476 perl-CPAN-1.61-90.4.ia64.rpm
4031db198bf03d9410400124ef185dff perl-DB_File-1.806-90.4.ia64.rpm
7d14344fa92c85506b713c4b3551f19f perl-suidperl-5.8.0-90.4.ia64.rpm

ppc:
20663b13234fad4e533a042c2ea2e078 perl-5.8.0-90.4.ppc.rpm
2a16d5691e90218ac70a810a436274e1 perl-CGI-2.89-90.4.ppc.rpm
61992925635d3b993bd303076b692e0e perl-CPAN-1.61-90.4.ppc.rpm
4c8895c132b00d975df57ae618a8fd4a perl-DB_File-1.806-90.4.ppc.rpm
12c9bb78fa07b099d0bfc20900479c0a perl-suidperl-5.8.0-90.4.ppc.rpm

s390:
b59b220721d5a0824d67b4e7647ea735 perl-5.8.0-90.4.s390.rpm
6b6d19548c4c078dc64cf5060421109e perl-CGI-2.89-90.4.s390.rpm
b51489ce07d5061c77f4ff14e872062b perl-CPAN-1.61-90.4.s390.rpm
185358bca8789230b8ab17cb2f591092 perl-DB_File-1.806-90.4.s390.rpm
c733e89e94050bd25aef942c388ecfab perl-suidperl-5.8.0-90.4.s390.rpm

s390x:
22004167b7eb049df997b40db9d0166a perl-5.8.0-90.4.s390x.rpm
bbc8d4d03248abb40557624e43ed3d3a perl-CGI-2.89-90.4.s390x.rpm
99bdc9bbeb27e4c346afd02302723164 perl-CPAN-1.61-90.4.s390x.rpm
a9a0b5d9ff574a410c02caeac367df2c perl-DB_File-1.806-90.4.s390x.rpm
70b6d64902faeec8f6c14ecb50acc2e7 perl-suidperl-5.8.0-90.4.s390x.rpm

x86_64:
e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm
b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm
328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm
8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm
dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-5.8.0-90.4.src.rpm
732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm

i386:
78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm
69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm
92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm
e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm
b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm

x86_64:
e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm
b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm
328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm
8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm
dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-5.8.0-90.4.src.rpm
732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm

i386:
78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm
69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm
92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm
e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm
b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm

ia64:
f3493073826f80edbfee6d980af7cc6a perl-5.8.0-90.4.ia64.rpm
c6dd319875d4b081955919c9f8b3eeba perl-CGI-2.89-90.4.ia64.rpm
69b76323d8bc7f3f5b40763d4260c476 perl-CPAN-1.61-90.4.ia64.rpm
4031db198bf03d9410400124ef185dff perl-DB_File-1.806-90.4.ia64.rpm
7d14344fa92c85506b713c4b3551f19f perl-suidperl-5.8.0-90.4.ia64.rpm

x86_64:
e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm
b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm
328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm
8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm
dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-5.8.0-90.4.src.rpm
732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm

i386:
78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm
69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm
92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm
e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm
b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm

ia64:
f3493073826f80edbfee6d980af7cc6a perl-5.8.0-90.4.ia64.rpm
c6dd319875d4b081955919c9f8b3eeba perl-CGI-2.89-90.4.ia64.rpm
69b76323d8bc7f3f5b40763d4260c476 perl-CPAN-1.61-90.4.ia64.rpm
4031db198bf03d9410400124ef185dff perl-DB_File-1.806-90.4.ia64.rpm
7d14344fa92c85506b713c4b3551f19f perl-suidperl-5.8.0-90.4.ia64.rpm

x86_64:
e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm
b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm
328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm
8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm
dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCGKXlSAg2UNWIIRAt4SAJ0amZOkoJFSZfTdE/BhtxEKsC0UtgCgoYG9
mV85tGZo0sTtIOqqF9//IcI=
=Z4la
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |