Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2006 > Four Red Hat Security Advisories

January 2006

Four Red Hat Security Advisories

ID: 00035
Ref: 35/2006
Date: 12 January 2006:14:04:00
Version: 1
Title: Four Red Hat Security Advisories
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====

Four Red Hat Security Advisories:

1. RHSA-2006:0156-01 - Moderate: ethereal security update

2. RHSA-2006:0157-01 - Low: struts security update for Red Hat Application Server

3. RHSA-2006:0163-01 - Important: cups security update

4. RHSA-2006:0177-01 - Important: gpdf security update


Detail
======

1. Ethereal is a program for monitoring network traffic.
Two denial of service bugs were found in Ethereal's IRC and GTP protocol
dissectors. Ethereal could crash or stop responding if it reads a malformed
IRC or GTP packet off the network. The Common Vulnerabilities and Exposures
project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585
to these issues.

2. Red Hat Application Server packages provide a J2EE Application Server and
Web container as well as the underlying Java stack.
A cross-site scripting flaw was found in the way Struts displays error
pages. It may be possible for an attacker to construct a specially crafted
URL which could fool a victim into believing they are viewing a trusted
site. The Common Vulnerabilities and Exposures project assigned the
name CVE-2005-3745 to this issue. Please note that this issue does not
affect Struts running on Tomcat or JOnAS, which is our supported usage of
Struts.

3. Chris Evans discovered several flaws in the way CUPS processes PDF files.
An attacker could construct a carefully crafted PDF file that could cause
CUPS to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

4. Chris Evans discovered several flaws in the way gpdf processes PDF files.
An attacker could construct a carefully crafted PDF file that could cause
gpdf to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.




1.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: ethereal security update
Advisory ID: RHSA-2006:0156-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0156.html
Issue date: 2006-01-11
Updated on: 2006-01-11
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3313 CVE-2005-3651 CVE-2005-4585
- - ---------------------------------------------------------------------

1. Summary:

Updated Ethereal packages that fix various security vulnerabilities are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ethereal is a program for monitoring network traffic.

Two denial of service bugs were found in Ethereal's IRC and GTP protocol
dissectors. Ethereal could crash or stop responding if it reads a malformed
IRC or GTP packet off the network. The Common Vulnerabilities and Exposures
project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585
to these issues.

A buffer overflow bug was found in Ethereal's OSPF protocol dissector.
Ethereal could crash or execute arbitrary code if it reads a malformed OSPF
packet off the network. (CVE-2005-3651)

Users of ethereal should upgrade to these updated packages containing
version 0.10.14, which is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

172297 - CVE-2005-3313 Ethereal IRC dissector DoS
176828 - CVE-2005-4585 ethereal GTP dissector could go into an infinite loop
176940 - CVE-2005-3651 ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm
4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm

i386:
7794170456fbeab2dbfd8ec88d39205d ethereal-0.10.14-1.AS21.1.i386.rpm
67ecf4dd9da92b6848b995aad0642728 ethereal-gnome-0.10.14-1.AS21.1.i386.rpm

ia64:
c287f5503da87ad57e1db89a0014d689 ethereal-0.10.14-1.AS21.1.ia64.rpm
e1d2432782ecb2eb35210a5f2be0ec8c ethereal-gnome-0.10.14-1.AS21.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm
4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm

ia64:
c287f5503da87ad57e1db89a0014d689 ethereal-0.10.14-1.AS21.1.ia64.rpm
e1d2432782ecb2eb35210a5f2be0ec8c ethereal-gnome-0.10.14-1.AS21.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm
4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm

i386:
7794170456fbeab2dbfd8ec88d39205d ethereal-0.10.14-1.AS21.1.i386.rpm
67ecf4dd9da92b6848b995aad0642728 ethereal-gnome-0.10.14-1.AS21.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm
4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm

i386:
7794170456fbeab2dbfd8ec88d39205d ethereal-0.10.14-1.AS21.1.i386.rpm
67ecf4dd9da92b6848b995aad0642728 ethereal-gnome-0.10.14-1.AS21.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm
39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm

i386:
40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm
afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm

ia64:
63977373e9d98d13cb75dac4962fefc9 ethereal-0.10.14-1.EL3.1.ia64.rpm
efe71a4e580b7b703dc87471c5c6e355 ethereal-gnome-0.10.14-1.EL3.1.ia64.rpm

ppc:
dfeec0c159be47543abe32390eb2d09a ethereal-0.10.14-1.EL3.1.ppc.rpm
121bbd3be544c134aba49667a9f6ead2 ethereal-gnome-0.10.14-1.EL3.1.ppc.rpm

s390:
e7c6d045fbea3bbe9c65797a1ae3fc00 ethereal-0.10.14-1.EL3.1.s390.rpm
0be9ecb11c20c16c8708cfc09f3410e8 ethereal-gnome-0.10.14-1.EL3.1.s390.rpm

s390x:
f02be249bbed814e6091f555dcbe635c ethereal-0.10.14-1.EL3.1.s390x.rpm
9cedecf133ba1fa8ecd83f4b7b8edbb7 ethereal-gnome-0.10.14-1.EL3.1.s390x.rpm

x86_64:
fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm
40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm
39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm

i386:
40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm
afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm

x86_64:
fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm
40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm
39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm

i386:
40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm
afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm

ia64:
63977373e9d98d13cb75dac4962fefc9 ethereal-0.10.14-1.EL3.1.ia64.rpm
efe71a4e580b7b703dc87471c5c6e355 ethereal-gnome-0.10.14-1.EL3.1.ia64.rpm

x86_64:
fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm
40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm
39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm

i386:
40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm
afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm

ia64:
63977373e9d98d13cb75dac4962fefc9 ethereal-0.10.14-1.EL3.1.ia64.rpm
efe71a4e580b7b703dc87471c5c6e355 ethereal-gnome-0.10.14-1.EL3.1.ia64.rpm

x86_64:
fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm
40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm
1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm

i386:
567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm
e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm

ia64:
ad148b47b59706177363e2da9103dadf ethereal-0.10.14-1.EL4.1.ia64.rpm
88106e89034e8730f64f3575d85027d7 ethereal-gnome-0.10.14-1.EL4.1.ia64.rpm

ppc:
df062bc49b4f9987eafdbd0899d55a7b ethereal-0.10.14-1.EL4.1.ppc.rpm
68af5ece8e2ff6416bf9c48bc019bc29 ethereal-gnome-0.10.14-1.EL4.1.ppc.rpm

s390:
096e854dd82d5abbb4f9de970be4648e ethereal-0.10.14-1.EL4.1.s390.rpm
1f29e3ad814097f8af88f765b98c3651 ethereal-gnome-0.10.14-1.EL4.1.s390.rpm

s390x:
63106df08a49dd61b5002975a543ce00 ethereal-0.10.14-1.EL4.1.s390x.rpm
2eb2657f1166321538e637bd1048d5dd ethereal-gnome-0.10.14-1.EL4.1.s390x.rpm

x86_64:
cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm
897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm
1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm

i386:
567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm
e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm

x86_64:
cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm
897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm
1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm

i386:
567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm
e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm

ia64:
ad148b47b59706177363e2da9103dadf ethereal-0.10.14-1.EL4.1.ia64.rpm
88106e89034e8730f64f3575d85027d7 ethereal-gnome-0.10.14-1.EL4.1.ia64.rpm

x86_64:
cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm
897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm
1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm

i386:
567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm
e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm

ia64:
ad148b47b59706177363e2da9103dadf ethereal-0.10.14-1.EL4.1.ia64.rpm
88106e89034e8730f64f3575d85027d7 ethereal-gnome-0.10.14-1.EL4.1.ia64.rpm

x86_64:
cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm
897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4585

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDxVkMXlSAg2UNWIIRAnyqAJ0ahslMmBZ1oTW6e79VdhTC4Sn3KACgndCJ
36ciTAxHnV7JgTohK9yDbws=
=3bno
- -----END PGP SIGNATURE-----


2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: struts security update for Red Hat Application Server
Advisory ID: RHSA-2006:0157-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0157.html
Issue date: 2006-01-11
Updated on: 2006-01-11
Product: Red Hat Application Server
CVE Names: CVE-2005-3745
- - ---------------------------------------------------------------------

1. Summary:

Updated Red Hat Application Server components are now available including a
security update for Struts.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Server 3AS - noarch
Red Hat Application Server 3ES - noarch
Red Hat Application Server 3WS - noarch

3. Problem description:

Red Hat Application Server packages provide a J2EE Application Server and
Web container as well as the underlying Java stack.

A cross-site scripting flaw was found in the way Struts displays error
pages. It may be possible for an attacker to construct a specially crafted
URL which could fool a victim into believing they are viewing a trusted
site. The Common Vulnerabilities and Exposures project assigned the
name CVE-2005-3745 to this issue. Please note that this issue does not
affect Struts running on Tomcat or JOnAS, which is our supported usage of
Struts.

All users of Red Hat Application Server should upgrade to these updated
packages, which contain Struts version 1.2.8 which is not vulnerable to
this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

173929 - CVE-2005-3745 struts cross site scripting flaw


6. RPMs required:

Red Hat Application Server 3AS:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm
46933f732577bc526befdeea7bac8104 jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.src.rpm
155997f9d1c9e4bc5aa5925fc4c32c09 struts-1.2.8-1jpp_2rh.src.rpm

noarch:
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm
f98c1b067974f6be016c01b0ab6295a0 jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm
32401dec1ab787c56760145a033a4d7c jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.noarch.rpm
19ff36e45ff2aee9fab9e6aa06a8f46b struts-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm
80b709089a6c65cc926df4d64695777e struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-manual-1.2.8-1jpp_2rh.noarch.rpm
96e87e5eed99be4173961e8a805004c2 struts-manual-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm
9f50fcbd73cc59fdb65383bd9f3c28ef struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm

Red Hat Application Server 3ES:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm
46933f732577bc526befdeea7bac8104 jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.src.rpm
155997f9d1c9e4bc5aa5925fc4c32c09 struts-1.2.8-1jpp_2rh.src.rpm

noarch:
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm
f98c1b067974f6be016c01b0ab6295a0 jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm
32401dec1ab787c56760145a033a4d7c jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.noarch.rpm
19ff36e45ff2aee9fab9e6aa06a8f46b struts-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm
80b709089a6c65cc926df4d64695777e struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-manual-1.2.8-1jpp_2rh.noarch.rpm
96e87e5eed99be4173961e8a805004c2 struts-manual-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm
9f50fcbd73cc59fdb65383bd9f3c28ef struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm

Red Hat Application Server 3WS:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm
46933f732577bc526befdeea7bac8104 jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.src.rpm
155997f9d1c9e4bc5aa5925fc4c32c09 struts-1.2.8-1jpp_2rh.src.rpm

noarch:
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm
f98c1b067974f6be016c01b0ab6295a0 jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm
32401dec1ab787c56760145a033a4d7c jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.noarch.rpm
19ff36e45ff2aee9fab9e6aa06a8f46b struts-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm
80b709089a6c65cc926df4d64695777e struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-manual-1.2.8-1jpp_2rh.noarch.rpm
96e87e5eed99be4173961e8a805004c2 struts-manual-1.2.8-1jpp_2rh.noarch.rpm
ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm
9f50fcbd73cc59fdb65383bd9f3c28ef struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3745

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDxVlLXlSAg2UNWIIRAqmrAKC+1tnj98alqz84hEmPDTEYD1uPgQCeJbW3
8jVbO8dYQyf1vZPBWVW/R9E=
=p/4j
- -----END PGP SIGNATURE-----


3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: cups security update
Advisory ID: RHSA-2006:0163-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0163.html
Issue date: 2006-01-11
Updated on: 2006-01-11
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
- - ---------------------------------------------------------------------

1. Summary:

Updated CUPS packages that fix multiple security issues are now available
for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Chris Evans discovered several flaws in the way CUPS processes PDF files.
An attacker could construct a carefully crafted PDF file that could cause
CUPS to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

All users of CUPS should upgrade to these updated packages, which contain
backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

176868 - CVE-2005-3624 Additional xpdf issues (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627)


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4 cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a cups-libs-1.1.17-13.3.36.ia64.rpm

ppc:
5a4e94ee0635aeecde6fd5821756ee79 cups-1.1.17-13.3.36.ppc.rpm
226daa41eee9ffd08eeef0bf491a52ff cups-devel-1.1.17-13.3.36.ppc.rpm
40c64baf0608675b09ea29f6d902ba2b cups-libs-1.1.17-13.3.36.ppc.rpm
cd8b0bf11b8c124bfa2c0fc8b9cf0e9a cups-libs-1.1.17-13.3.36.ppc64.rpm

s390:
e77aa4796c41a2c86bef1d72418966d4 cups-1.1.17-13.3.36.s390.rpm
7c0dbe644ee80a0633ee4948c8a50731 cups-devel-1.1.17-13.3.36.s390.rpm
e79f1d7c9f227abe7e169b9f36413649 cups-libs-1.1.17-13.3.36.s390.rpm

s390x:
45b8e2ce603684e47652b25c01b378b3 cups-1.1.17-13.3.36.s390x.rpm
0400366b7aba8e68492400615327d44e cups-devel-1.1.17-13.3.36.s390x.rpm
e79f1d7c9f227abe7e169b9f36413649 cups-libs-1.1.17-13.3.36.s390.rpm
5186688847172a22a80299d2a3348743 cups-libs-1.1.17-13.3.36.s390x.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4 cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a cups-libs-1.1.17-13.3.36.ia64.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm
77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm

i386:
2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm
01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm

ia64:
46f51337b8713e3c67f9422533efe2a4 cups-1.1.17-13.3.36.ia64.rpm
e5595b2fd0bddc5a4953b2f9f68bdc9b cups-devel-1.1.17-13.3.36.ia64.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm
babae5177429d1a234c9136e1d29ae6a cups-libs-1.1.17-13.3.36.ia64.rpm

x86_64:
d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm
9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm
45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm
98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45 cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144 cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6 cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

ppc:
365cdc0fee7940dc64a11dd80b031732 cups-1.1.22-0.rc1.9.10.ppc.rpm
78af3544a09b2a0add718085564fd769 cups-devel-1.1.22-0.rc1.9.10.ppc.rpm
b7e4289ea25721a2da48e8c200583a7b cups-libs-1.1.22-0.rc1.9.10.ppc.rpm
cb3943932ad20c8921d34bc4df25a13f cups-libs-1.1.22-0.rc1.9.10.ppc64.rpm

s390:
fece6e3a8d35ea9fcc250e2aecca7751 cups-1.1.22-0.rc1.9.10.s390.rpm
e44f3f4a8e3711140370b4f642a09f51 cups-devel-1.1.22-0.rc1.9.10.s390.rpm
7a6f1339ecdd39cc4f0ed922eecd5bf2 cups-libs-1.1.22-0.rc1.9.10.s390.rpm

s390x:
82048dc33e6d779ef535d6ae04c609ff cups-1.1.22-0.rc1.9.10.s390x.rpm
584b5c05dcbcd8ea846c9ade4a74deb9 cups-devel-1.1.22-0.rc1.9.10.s390x.rpm
7a6f1339ecdd39cc4f0ed922eecd5bf2 cups-libs-1.1.22-0.rc1.9.10.s390.rpm
ca920b2447143d360df069310a57c29d cups-libs-1.1.22-0.rc1.9.10.s390x.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45 cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144 cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6 cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm
1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm

i386:
9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm
c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm

ia64:
55302be9ad0a0e28e824cb16ffe09c45 cups-1.1.22-0.rc1.9.10.ia64.rpm
a4ef44c63ef32e9bb20c4f1a1f6e2144 cups-devel-1.1.22-0.rc1.9.10.ia64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm
b68a252468fe7cb579801034dfd5daf6 cups-libs-1.1.22-0.rc1.9.10.ia64.rpm

x86_64:
ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm
78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm
9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm
2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDxVl8XlSAg2UNWIIRAqn6AJ9mzY82lwnJFbcyasSfn7jnfVQIfACgh/CL
2eQCmPCOJSgLjrE3GIIfsHM=
=otbM
- -----END PGP SIGNATURE-----


4.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: gpdf security update
Advisory ID: RHSA-2006:0177-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0177.html
Issue date: 2006-01-11
Updated on: 2006-01-11
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
- - ---------------------------------------------------------------------

1. Summary:

An updated gpdf package that fixes several security issues is now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

gpdf is a GNOME based viewer for Portable Document Format (PDF) files.

Chris Evans discovered several flaws in the way gpdf processes PDF files.
An attacker could construct a carefully crafted PDF file that could cause
gpdf to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names CVE-2005-3624,
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

Users of gpdf should upgrade to this updated package, which contains a
backported patch to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

176865 - [RHEL4] CVE-2005-3624 Additional xpdf issues (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627)


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm
d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm

i386:
1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm

ia64:
511bf1f06967c657101aaf1dc23e275c gpdf-2.8.2-7.4.ia64.rpm

ppc:
ab9ee41d5702747b9fa73aa0bafbd99a gpdf-2.8.2-7.4.ppc.rpm

s390:
deaab6eb19520a0bfad487a985b04dbf gpdf-2.8.2-7.4.s390.rpm

s390x:
7ef372149da122cad87cea1a87f165fe gpdf-2.8.2-7.4.s390x.rpm

x86_64:
4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm
d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm

i386:
1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm

x86_64:
4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm
d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm

i386:
1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm

ia64:
511bf1f06967c657101aaf1dc23e275c gpdf-2.8.2-7.4.ia64.rpm

x86_64:
4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm
d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm

i386:
1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm

ia64:
511bf1f06967c657101aaf1dc23e275c gpdf-2.8.2-7.4.ia64.rpm

x86_64:
4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDxVmxXlSAg2UNWIIRApBkAJ9acdASGPloyOUIcLGAiGpDpC/rNQCfanMp
Y1dRH3IbEFi0LU7xsUZqBNg=
=SKBB
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |