March 2006
Six Red Hat Security Advisories:1 initscripts security update 2. squid security update 3. vixie-cron security update 4. Updated kernel packages available for Red Hat Enterprise Linux 3 Update 7 5. gnupg security update 6. flash-plugin security update
ID: 00213
Ref: 213
Date: 17 March 2006:14:00:11
Version: 1
Title: Six Red Hat Security Advisories:1 initscripts security update 2. squid security update 3. vixie-cron security update 4. Updated kernel packages available for Red Hat Enterprise Linux 3 Update 7 5. gnupg security update 6. flash-plugin security update
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
1.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: initscripts security update
Advisory ID: RHSA-2006:0015-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0015.html
Issue date: 2006-03-15
Updated on: 2006-03-15
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3629
- ---------------------------------------------------------------------
1. Summary:
Updated initscripts packages that fix a privilege escalation issue and
several bugs are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The initscripts package contains the basic system scripts used to boot your
Red Hat system, change runlevels, and shut the system down cleanly.
Initscripts also contains the scripts that activate and deactivate most
network interfaces.
A bug was found in the way initscripts handled various environment
variables when the /sbin/service command is run. It is possible for a local
user with permissions to execute /sbin/service via sudo to execute
arbitrary commands as the 'root' user. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3629 to this issue.
The following issues have also been fixed in this update:
* extraneous characters were logged on bootup.
* fsck would be attempted on filesystems marked with _netdev in rc.sysinit
before they were available.
Additionally, support for multi-core Itanium processors has been added to
redhat-support-check.
All users of initscripts should upgrade to these updated packages, which
contain backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
169403 - Automount of the emcpower device fails if fsck is enabled for the device in /etc/fstab.
171198 - Bogus messages in system log (/var/log/messages)
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/initscripts-7.31.30.EL-1.src.rpm
614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm
i386:
5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm
ia64:
00672ab9fc961f6efb44e43548216742 initscripts-7.31.30.EL-1.ia64.rpm
ppc:
b79c9567dde9791116264a738172a7ff initscripts-7.31.30.EL-1.ppc.rpm
s390:
082885c498ad9d3e421aa1b8306582fa initscripts-7.31.30.EL-1.s390.rpm
s390x:
c10f0c1607e4425bc603eba8d5a323ee initscripts-7.31.30.EL-1.s390x.rpm
x86_64:
0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/initscripts-7.31.30.EL-1.src.rpm
614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm
i386:
5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm
x86_64:
0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/initscripts-7.31.30.EL-1.src.rpm
614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm
i386:
5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm
ia64:
00672ab9fc961f6efb44e43548216742 initscripts-7.31.30.EL-1.ia64.rpm
x86_64:
0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/initscripts-7.31.30.EL-1.src.rpm
614de93f1381398420fab545a960a54c initscripts-7.31.30.EL-1.src.rpm
i386:
5f38fe789667b0c14cdeff55a9fdfb94 initscripts-7.31.30.EL-1.i386.rpm
ia64:
00672ab9fc961f6efb44e43548216742 initscripts-7.31.30.EL-1.ia64.rpm
x86_64:
0560f3487e88fe78b56163f9cb074d2e initscripts-7.31.30.EL-1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3629
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEGD8xXlSAg2UNWIIRAqeBAJ4ztMowLrq71aq8EVg6pybbHeXgcACfS7Sf
XbawltdkaftVvABXWxozdCM=
=bqq2
-----END PGP SIGNATURE-----
2.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: squid security update
Advisory ID: RHSA-2006:0045-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0045.html
Issue date: 2006-03-15
Updated on: 2006-03-15
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2917
- ---------------------------------------------------------------------
1. Summary:
Updated squid packages that fix a security vulnerability as well as
several bugs are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM
authentication requests. A remote attacker could send a specially crafted
NTLM authentication request which would cause the Squid server to crash.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-2917 to this issue.
Several bugs have also been addressed in this update:
* An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a
user visits a site which has a long DNS record.
* Some authentication helpers were missing needed setuid rights.
* Squid couldn't handle a reply from a HTTP server when the reply began
with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant.
* User-defined error pages were not kept when the squid package was upgraded.
All users of squid should upgrade to these updated packages, which contain
backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
127836 - Error pages should not be replaced by updates
150781 - Squid doesn't handle headers split across packets
163595 - Squid blocks page served by broken server
165367 - Squid dies with signal 6 and restarts and dies ...
169269 - Error in script /usr/lib/squid/wbinfo_group.pl
170397 - pam authentication fails
172693 - One translated Polish language error is missing preventing squid from startup
174029 - CVE-2005-2917 Squid malformed NTLM authentication DoS
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.16.src.rpm
7495d78efe6e732220f27575ca00c463 squid-2.5.STABLE3-6.3E.16.src.rpm
i386:
254c24755cca96dbbe6bc127431434bf squid-2.5.STABLE3-6.3E.16.i386.rpm
ia64:
3df47538a4e80892405bfc50d282d351 squid-2.5.STABLE3-6.3E.16.ia64.rpm
ppc:
ed751b16fc28691b81866f9e1bf0c90e squid-2.5.STABLE3-6.3E.16.ppc.rpm
s390:
f9dacfd1c7473deff4ef9b345cdfc1eb squid-2.5.STABLE3-6.3E.16.s390.rpm
s390x:
111ea1246d715f26199f9fd900c3bf9b squid-2.5.STABLE3-6.3E.16.s390x.rpm
x86_64:
11895d3215d44c7dbc5f32a162395389 squid-2.5.STABLE3-6.3E.16.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-6.3E.16.src.rpm
7495d78efe6e732220f27575ca00c463 squid-2.5.STABLE3-6.3E.16.src.rpm
i386:
254c24755cca96dbbe6bc127431434bf squid-2.5.STABLE3-6.3E.16.i386.rpm
x86_64:
11895d3215d44c7dbc5f32a162395389 squid-2.5.STABLE3-6.3E.16.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-6.3E.16.src.rpm
7495d78efe6e732220f27575ca00c463 squid-2.5.STABLE3-6.3E.16.src.rpm
i386:
254c24755cca96dbbe6bc127431434bf squid-2.5.STABLE3-6.3E.16.i386.rpm
ia64:
3df47538a4e80892405bfc50d282d351 squid-2.5.STABLE3-6.3E.16.ia64.rpm
x86_64:
11895d3215d44c7dbc5f32a162395389 squid-2.5.STABLE3-6.3E.16.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.16.src.rpm
7495d78efe6e732220f27575ca00c463 squid-2.5.STABLE3-6.3E.16.src.rpm
i386:
254c24755cca96dbbe6bc127431434bf squid-2.5.STABLE3-6.3E.16.i386.rpm
ia64:
3df47538a4e80892405bfc50d282d351 squid-2.5.STABLE3-6.3E.16.ia64.rpm
x86_64:
11895d3215d44c7dbc5f32a162395389 squid-2.5.STABLE3-6.3E.16.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEGD9JXlSAg2UNWIIRAvL8AKCm/NwaJgfvxc8GRaO+21/1hMpHtgCgwOrB
uQ3i+4+tvHVuHf1x3WePMv8=
=nX8q
-----END PGP SIGNATURE-----
3.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: vixie-cron security update
Advisory ID: RHSA-2006:0117-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0117.html
Issue date: 2006-03-15
Updated on: 2006-03-15
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-1038
- ---------------------------------------------------------------------
1. Summary:
An updated vixie-cron package that fixes a bug and security issue is now
available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
A bug was found in the way vixie-cron installs new crontab files. It is
possible for a local attacker to execute the crontab command in such a way
that they can view the contents of another user's crontab file. The Common
Vulnerabilities and Exposures project assigned the name CVE-2005-1038 to
this issue.
This update also fixes an issue where cron jobs could start before their
scheduled time.
All users of vixie-cron should upgrade to this updated package, which
contains backported patches and is not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
154424 - [RHEL-3] cronjobs start too early
162022 - CVE-2005-1038 vixie-cron information leak
178432 - prediction: vixie-cron-4.1's pam_unix session log messages will be most unpopular
178436 - network service interruption can cause initgroups() to delay cron job execution by more than one minute
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vixie-cron-4.1-10.EL3.src.rpm
1cd7a13aa04b203dcc6f7c30409c9246 vixie-cron-4.1-10.EL3.src.rpm
i386:
c282e07d0178f3330cf7fa617727c4ca vixie-cron-4.1-10.EL3.i386.rpm
ia64:
118831a4b64648ce557166c5379a5a7d vixie-cron-4.1-10.EL3.ia64.rpm
ppc:
c0fa18bc6a77a4eb24e762c16093f668 vixie-cron-4.1-10.EL3.ppc.rpm
s390:
812d722b0fa8a7c71f97adf24a00a9c6 vixie-cron-4.1-10.EL3.s390.rpm
s390x:
210220420e2fc1fd91409b6edafe0534 vixie-cron-4.1-10.EL3.s390x.rpm
x86_64:
9fd86935ce8f0019eaaa65977287648a vixie-cron-4.1-10.EL3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vixie-cron-4.1-10.EL3.src.rpm
1cd7a13aa04b203dcc6f7c30409c9246 vixie-cron-4.1-10.EL3.src.rpm
i386:
c282e07d0178f3330cf7fa617727c4ca vixie-cron-4.1-10.EL3.i386.rpm
x86_64:
9fd86935ce8f0019eaaa65977287648a vixie-cron-4.1-10.EL3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vixie-cron-4.1-10.EL3.src.rpm
1cd7a13aa04b203dcc6f7c30409c9246 vixie-cron-4.1-10.EL3.src.rpm
i386:
c282e07d0178f3330cf7fa617727c4ca vixie-cron-4.1-10.EL3.i386.rpm
ia64:
118831a4b64648ce557166c5379a5a7d vixie-cron-4.1-10.EL3.ia64.rpm
x86_64:
9fd86935ce8f0019eaaa65977287648a vixie-cron-4.1-10.EL3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vixie-cron-4.1-10.EL3.src.rpm
1cd7a13aa04b203dcc6f7c30409c9246 vixie-cron-4.1-10.EL3.src.rpm
i386:
c282e07d0178f3330cf7fa617727c4ca vixie-cron-4.1-10.EL3.i386.rpm
ia64:
118831a4b64648ce557166c5379a5a7d vixie-cron-4.1-10.EL3.ia64.rpm
x86_64:
9fd86935ce8f0019eaaa65977287648a vixie-cron-4.1-10.EL3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1038
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEGD9gXlSAg2UNWIIRAnq1AKCmdmJkwzbxYf6sjS8+YhG5qsR/sgCfSZOO
iFQ52MQ1zwfNSY6VawAoh0A=
=fDXL
-----END PGP SIGNATURE-----
4.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 7
Advisory ID: RHSA-2006:0144-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0144.html
Issue date: 2006-03-15
Updated on: 2006-03-15
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2006:0140
CVE Names: CVE-2005-2458 CVE-2005-2801 CVE-2005-3276
- ---------------------------------------------------------------------
1. Summary:
Updated kernel packages are now available as part of ongoing support and
maintenance of Red Hat Enterprise Linux version 3. This is the seventh
regular update.
This security advisory has been rated as having moderate security impact
by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
This is the seventh regular kernel update to Red Hat Enterprise Linux 3.
New features introduced by this update include:
- addition of the bnx2, dell_rbu, and megaraid_sas device drivers
- support for multi-core, multi-threaded Intel Itanium processors
- upgrade of the SATA subsystem to include ATAPI and SMART support
- optional tuning via the new numa_memory_allocator, arp_announce,
and printk_ratelimit sysctls
There were many bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement in
the reliability and scalability of Red Hat Enterprise Linux 3.
There were numerous driver updates and security fixes (elaborated below).
Other key areas affected by fixes in this update include the networking
subsystem, the VM subsystem, NPTL handling, autofs4, the USB subsystem,
CPU enumeration, and 32-bit-exec-mode handling on 64-bit architectures.
The following device drivers have been upgraded to new versions:
aacraid -------- 1.1.5-2412
bnx2 ----------- 1.4.30 (new)
dell_rbu ------- 2.1 (new)
e1000 ---------- 6.1.16-k3
emulex --------- 7.3.3
fusion --------- 2.06.16.02
ipmi ----------- 35.11
megaraid2 ------ v2.10.10.1
megaraid_sas --- 00.00.02.00 (new)
tg3 ------------ 3.43RH
The following security bugs were fixed in this update:
- a flaw in gzip/zlib handling internal to the kernel that allowed
a local user to cause a denial of service (crash)
(CVE-2005-2458,low)
- a flaw in ext3 EA/ACL handling of attribute sharing that allowed
a local user to gain privileges (CVE-2005-2801, moderate)
- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data
(CVE-2005-3276, low)
Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure that all previously released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
112004 - pppd receives error "Couldn't get channel number: bad address"
112066 - RHEL3 U5: Support for SATA features of ICH6R (for U3, AHCI only)
117067 - RHEL3 U3: ICH6 SATA support in ACHI mode
122256 - RHEL3 U6: SATA ATAPI support (HW)
125642 - kernel's Makefile not suited for long directory paths
128015 - RHEL3 U4: SATA AHCI (ICH6)
129265 - kernel panic when repeatedly accessing /proc/bus/usb/devices and hot-swapping usb device
130387 - Processes with Large memory requirment causes swap usage with free memory is present.
130489 - kernel kills db2 processes because of OOM error on RHEL Update2 and Update3
130712 - RHEL3 U7: Add SMART capabilities to libata.
131295 - Hugepages configured on kernel boot line causes x86_64 kernel boot to fail with OOM.
132547 - oops when "scsi add-single-device" sent to /proc/scsi/scsi using aic79xx
134506 - [RHEL3 U3] kernel BUG at exit.c:620!
136583 - LTC18371- [RHEL3 U4]cpu_sibling_map[] is incorrect on x445/x440
137101 - 'noht' does not work for ia32e
137344 - Cannot disable hyperthreading on x86_64 platform
137998 - autofs removes leading path components of /net mounts on timeout
138730 - LTC12369-In RHEL 3 U4 -- top command gave segmentation fault
142579 - Viper: install kernel panics on DP system with 4GB all on cpu#2
144033 - [RHEL3] poll() seems to ignore large timeout
145596 - SMART support in SATA driver
146663 - pl2303 kernel module doesn't work with 'Aten UC-232A'
147870 - O_DIRECT to sparse areas of files give incomplete writes
150559 - Can't install RHEL3 on system with Adaptec AAR 1210SA SATA controller (sata_sil - siimage problem)
152103 - RHEL3 U5: rhgb-client shows illegal instruction and fails.
152650 - aacraid driver in RHEL 3 U4 em64t causes kernel panic
154028 - megaraid2 driver causes panic if loaded for a second time
154385 - Crash on relocated automounts with --bind
156396 - System crash when dump or tar 64k blocksize to tape from raid
156397 - LTC13414-32-bit ping6 on 64-bit kernel not working
156645 - [RHEL3 U5] fails to boot installer on multiple platforms
156987 - FEAT: RHEL3 U5: need hint@pause in ia64 spinloops
156988 - FEAT RHEL3 U7 IPF - performance improvement for the system which CPEI occur continuously.
156999 - RHEL 3 U6: Support for cache identification through 'Deterministic Cache Parameters' [cpuid(4)]
157006 - [ CRM 488904 ] driver update for Adaptec 2410SA needed (1.1.5-2361 > 1.1.5-2371 or higher)
158819 - RHEL3 does not support USBDEVFS 32-bit ioctls on x86_64
158821 - Advanced server 3 ARP timeout messages
159326 - RSS limited to 1.8GB if process pinned to one CPU
159523 - [RHEL3] Does not boot on system with ACPI table crossing page boundary
159874 - [RHEL 3 U5] adding hotplug drive causes kernel panic
159977 - [RHEL3] vi --- files getting deleted
160009 - agpgart will not load for kernel 2.4.21-32 on tyan S2885 motherboard with AMD-8151 agp tunnel
160337 - Keyboard "jammed" during smp runlevel 5 boot on IBM HS20-8843 BladeServer
160539 - [RHEL3] hidden bomb of kmap_atomic/kunmap_atomic bug?
161056 - CVE-2005-2801 Lost ACLs on ext3
161160 - Reproducable panic in mdadm multipathing
161188 - Sometimes data/bss can be executable
161336 - xserver issue on blade center
161866 - Race condition accessing PCI config space
161875 - autofs doesn't remount if nfs server is unreachable at expire time
162065 - aacraid driver hangs if Adaptec 2230SLP array not optimal
162212 - st causes system hang and kernel panic when writing to tape on x86_64
162271 - Problem with b44: SIOCSIFFLAGS: Cannot allocate memory
162417 - (VM) Excessive swapping when free memory is ample
162683 - [RHEL3 and RHEL2.1] ps command core dump
162735 - LTC8356-LSB runtime testcase T.c_oflag_X failed [PATCH]
163176 - Endless loop printing traceback during kernel OOPs
163184 - Explain why the SCSI inquiry is not being returned from the sd for nearly 5 minutes
163239 - [RHEL3] change_page_attr may set _PAGE_NX for kernel code pages
163307 - LTC13178-panic on i5 - sys_ppc32.c 32 bit sys_recvmsg corrupting kernel data structures
163381 - RHEL3U5 x86-64 : xw9300 & numa=on swaps behaviour is unexpected
163901 - FEAT: RHEL3 U6: ia64 multi-core and multi-threading detection
163929 - [RHEL3] [x86_64/ia64] sys_time and sys_gettimeofday disagree
164206 - U5 beta encounters NMI watchdog on Celestica Quartet with 4 Opteron 875 dualcores
164304 - [RHEL3 U5] __wtd_down_from_wakeup not in EL3 ia64 tree
164438 - LTC12403-CMVC482920:I/O errors caused by eeh error injection-drive unavailable
164580 - NFS lockd deadlock
164795 - /usr/src/linux-2.4.21-32.EL/Documentation/networking/e100.txt contians bad info
164828 - RHEL 3 - request to add bnx2 driver
165006 - acct does not have Large File Support
165119 - FEAT RHEL3U7: Need Intel e1000 driver update for the Dell Ophir/Rimon based PCI-E NICs
165364 - SMP kernel does not honor boot parameter "noht"
165412 - [RHEL3] The system hangs when SysRq + c is pressed
165453 - Panic after ENXIO with usb-uhci
165475 - Problem removing a USB device
165680 - CVE-2005-2458 gzip/zlib flaws
165825 - Inquiry (sg) command hang after a write to tape with mptscsi driver
165989 - The msync(MS_SYNC) call should fail after cable pulled from scsi disk
166345 - HA NFS Cluster Problem
166363 - cciss disk dump hangs if module is ever unloaded/reloaded
166364 - Erratic behaviour when system fd limit reached
166578 - aacraid driver needs to be updated to support IBM ServeRAID 8i
166583 - aacraid driver needs to be updated to support IBM ServeRAID 8i
166600 - CRM619504: setrlimit RLIMIT_FSIZE limited to 32-bit values, even on 64-bit kernels
166669 - [RHEL3 U5] waitpid() returns unexpected ECHILD
167674 - RHEL3: need updated forcedeth.o driver?
167800 - CRM648268: kernel reporting init process cutime as very large negative value
167942 - FEAT RHEL3 U7: Need 'bnx2' driver inclusion to support Broadcom 5708C B0 NIC and 5708S BO LOM
168226 - FEAT RHEL3 U7: LSI megaraid_sas driver
168293 - Potential netconsole regression in transmit path
168315 - LTC17567-Fields 'system_potential_processor' and 'partition_max_entiteled_capacity' fields are missing from lparcfg file
168358 - FEAT RHEL3 U7: ipmi driver speedup patch
168359 - FEAT RHEL3 U7: ipmi_poweroff driver update for Dell <8G servers
168390 - Large O_DIRECT write will hang system (MPT fusion)
168392 - kill -6 of multi-threaded application takes 30 minutes to finish
168474 - FEAT RHEL3-U7: Support for HT1000 IDE chipset needed
168541 - RHEL3 U7: x86_64: Remove unique APIC/IO-APIC ID check
168581 - RH EL 3 U7: add support for Broadcom 5714 and 5715C NICs
168597 - FEAT RHEL3 U7: add dell_rbu driver for Dell BIOS updates
168603 - FEAT RHEL3 U7: Need TG3 update to support Broadcom 5721 C1 stepping
168681 - kernel BUG at page_alloc.c:391!
168780 - CVE-2005-3276 sys_get_thread_area minor info leak
168795 - RHEL3U7: ipmi driver fix for PE2650
168896 - LSI MegaRAID RHEL3 Feature - Updated SCSI driver submission
169230 - nfs client: handle long symlinks properly
169294 - [RHEL3 U6] __copy_user/memcpy causes random kernel panic on IA-64 systems
169393 - CRM# 685278 scsi scan not seeing all luns when one lun removed
169511 - [RHEL3] 'getpriority/setpriority' broken with PRIO_USER, who=0
169662 - [RHEL3 U5] Performance problem while extracting tarballs on Fujitsu Siemens Computing D1409, Adaptec S30 array, connected to an aacraid controller.
169992 - LTC18779-Lost dirty bit in kernel memory managment [PATCH]
170429 - RHEL-3: 'physical id' field in /proc/cpuinfo incorrect on AMD-64 hosts
170440 - [RHEL3 U5] Kernel crashing, multiple panics in aacraid driver
170446 - [RHEL3 U7] netdump hangs in processing of CPU stop after diskdump failed.
170529 - LTC17955-82222: Support for Serverworks chipset HT2000 Ethernet Driver (BCM5700 & TG3)
170561 - Broadcom 5706/5708 support
170633 - System Stops responding with "queue 6 full" messages
171129 - RedHat / XW9300 / system panic when logout from GNOME with USB mouse
171377 - LTC18818-pfault interupt race
172233 - rename(2) onto an empty directory fails on NFS file systems
172334 - Invalid message 'Aieee!!! Remote IRR still set after unlock'
172664 - Updated header file with modified author permissions
173280 - New icache prune export
174005 - Update Emulex lpfc driver for RHEL 3
175017 - Assertion failed! idx >= ARRAY_SIZE(xfer_mode_str),libata-core.c,ata_dev_set_mode,line=1673
175154 - [RHEL3 U6] IOs hang in __wait_on_buffer when segments > 170
175211 - Multicast domain membership doesn't follow bonding failover
175365 - LTC19816-Cannot see a concho adapter on U7 kernel
175624 - [RHEL3 U7 PATCH] LSI PCI Express chips to operate properly
175625 - [RHEL3 U7] x86-64: Can't boot with 16 logical processors
175767 - Installer appears to hang when loading mptbase module
176264 - x366 NMI error logged in infinite loop - [crm#769552] Possible regression U7 beta
177023 - CRM 724200: when an active USB serial port device is removed, the system panics and locks up.
177573 - autofs doesn't attempt to remount failed mount points
177691 - negative dentry caching causes long delay when dentry becomes valid
179168 - RHEL3U7Beta-32: Booting/Installing with SATA ATAPI Optical panics
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-40.EL.src.rpm
e2e271472a3605dcef9f8b48ddb7cfe9 kernel-2.4.21-40.EL.src.rpm
i386:
14e451648c26efc912a3480708afee6f kernel-2.4.21-40.EL.athlon.rpm
67b81d592f5f1d9118c0b4aa98747c90 kernel-2.4.21-40.EL.i686.rpm
cfed1327615c0e1456824b605c9b3469 kernel-BOOT-2.4.21-40.EL.i386.rpm
408e8ce5096ab61b75207e32085345f7 kernel-doc-2.4.21-40.EL.i386.rpm
31d4f639796879e49778e1bd01410a44 kernel-hugemem-2.4.21-40.EL.i686.rpm
719d373fed84087a92493140cd1456f2 kernel-hugemem-unsupported-2.4.21-40.EL.i686.rpm
e550c1f5343851f18e1e5d7123b16926 kernel-smp-2.4.21-40.EL.athlon.rpm
8060d4e95fa2b7d5978ac482a8494046 kernel-smp-2.4.21-40.EL.i686.rpm
7a1eba47dadfb769ab5dd21e87544dcb kernel-smp-unsupported-2.4.21-40.EL.athlon.rpm
2f169daf9e95f6f602415d50a24befb9 kernel-smp-unsupported-2.4.21-40.EL.i686.rpm
07436903a9cc39b8efc50be1e4abd2b5 kernel-source-2.4.21-40.EL.i386.rpm
40c1b82a9b3666833ef51f842adce559 kernel-unsupported-2.4.21-40.EL.athlon.rpm
23e18c3df38f90ea739e96b575c66a2a kernel-unsupported-2.4.21-40.EL.i686.rpm
ia64:
33b14be75af35da7f94a563221eacc38 kernel-2.4.21-40.EL.ia64.rpm
2b2bc1f22c92a4fe7f71e3968d813b78 kernel-doc-2.4.21-40.EL.ia64.rpm
49362afb80039e121aebe71eb5241324 kernel-source-2.4.21-40.EL.ia64.rpm
ccbc19bdd003091f169a81785f4a4c9f kernel-unsupported-2.4.21-40.EL.ia64.rpm
ppc:
0c884c5fe5e68a6cca7c3e231c76acf1 kernel-2.4.21-40.EL.ppc64iseries.rpm
727ba8f6af1e68e5273de1ac5d3a9171 kernel-2.4.21-40.EL.ppc64pseries.rpm
db8ff98e0171858cc05844054b41acdb kernel-doc-2.4.21-40.EL.ppc64.rpm
4ce9594cc5ed4d04377dbab4c5311ab8 kernel-source-2.4.21-40.EL.ppc64.rpm
61160a740f2cb4524a7158c88ec3cfd6 kernel-unsupported-2.4.21-40.EL.ppc64iseries.rpm
10ad4f084a88852c7ffec55f1f3bc070 kernel-unsupported-2.4.21-40.EL.ppc64pseries.rpm
s390:
0e7dba799a5ed476da0da336e7625e16 kernel-2.4.21-40.EL.s390.rpm
dc94a3fdb3835f8048809f555c890610 kernel-doc-2.4.21-40.EL.s390.rpm
5e6eb60def92b2868e8239c792e48494 kernel-source-2.4.21-40.EL.s390.rpm
f9fa02a27db6f9965e4a0ba5f47ea649 kernel-unsupported-2.4.21-40.EL.s390.rpm
s390x:
b50d69f24f9a62f849166f1ccd13ca9b kernel-2.4.21-40.EL.s390x.rpm
37d3e304a14f3d242d9039a322540cc7 kernel-doc-2.4.21-40.EL.s390x.rpm
a86d006944328ae7e367a9a8c2ef3047 kernel-source-2.4.21-40.EL.s390x.rpm
b0421eb10246317025cde9f58615a81b kernel-unsupported-2.4.21-40.EL.s390x.rpm
x86_64:
01537d12eb0a242c0cf0ff267bcd5510 kernel-2.4.21-40.EL.ia32e.rpm
a1f13fd01729150df9d9a9d9aeac2e1c kernel-2.4.21-40.EL.x86_64.rpm
f5dc5548051bb90856f9307254234124 kernel-doc-2.4.21-40.EL.x86_64.rpm
1e4526ceb8f3d7f24628e1de2aaea3d5 kernel-smp-2.4.21-40.EL.x86_64.rpm
d2973934a286be55ff03aa79b1af75aa kernel-smp-unsupported-2.4.21-40.EL.x86_64.rpm
a6035139fb318a72cea565cd6e2202e0 kernel-source-2.4.21-40.EL.x86_64.rpm
ca0ca2170dc264dfbadf10f069075ac7 kernel-unsupported-2.4.21-40.EL.ia32e.rpm
3291254144c2a125e2ee84d6e20e02a8 kernel-unsupported-2.4.21-40.EL.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-40.EL.src.rpm
e2e271472a3605dcef9f8b48ddb7cfe9 kernel-2.4.21-40.EL.src.rpm
i386:
14e451648c26efc912a3480708afee6f kernel-2.4.21-40.EL.athlon.rpm
67b81d592f5f1d9118c0b4aa98747c90 kernel-2.4.21-40.EL.i686.rpm
cfed1327615c0e1456824b605c9b3469 kernel-BOOT-2.4.21-40.EL.i386.rpm
408e8ce5096ab61b75207e32085345f7 kernel-doc-2.4.21-40.EL.i386.rpm
31d4f639796879e49778e1bd01410a44 kernel-hugemem-2.4.21-40.EL.i686.rpm
719d373fed84087a92493140cd1456f2 kernel-hugemem-unsupported-2.4.21-40.EL.i686.rpm
e550c1f5343851f18e1e5d7123b16926 kernel-smp-2.4.21-40.EL.athlon.rpm
8060d4e95fa2b7d5978ac482a8494046 kernel-smp-2.4.21-40.EL.i686.rpm
7a1eba47dadfb769ab5dd21e87544dcb kernel-smp-unsupported-2.4.21-40.EL.athlon.rpm
2f169daf9e95f6f602415d50a24befb9 kernel-smp-unsupported-2.4.21-40.EL.i686.rpm
07436903a9cc39b8efc50be1e4abd2b5 kernel-source-2.4.21-40.EL.i386.rpm
40c1b82a9b3666833ef51f842adce559 kernel-unsupported-2.4.21-40.EL.athlon.rpm
23e18c3df38f90ea739e96b575c66a2a kernel-unsupported-2.4.21-40.EL.i686.rpm
x86_64:
01537d12eb0a242c0cf0ff267bcd5510 kernel-2.4.21-40.EL.ia32e.rpm
a1f13fd01729150df9d9a9d9aeac2e1c kernel-2.4.21-40.EL.x86_64.rpm
f5dc5548051bb90856f9307254234124 kernel-doc-2.4.21-40.EL.x86_64.rpm
1e4526ceb8f3d7f24628e1de2aaea3d5 kernel-smp-2.4.21-40.EL.x86_64.rpm
d2973934a286be55ff03aa79b1af75aa kernel-smp-unsupported-2.4.21-40.EL.x86_64.rpm
a6035139fb318a72cea565cd6e2202e0 kernel-source-2.4.21-40.EL.x86_64.rpm
ca0ca2170dc264dfbadf10f069075ac7 kernel-unsupported-2.4.21-40.EL.ia32e.rpm
3291254144c2a125e2ee84d6e20e02a8 kernel-unsupported-2.4.21-40.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-40.EL.src.rpm
e2e271472a3605dcef9f8b48ddb7cfe9 kernel-2.4.21-40.EL.src.rpm
i386:
14e451648c26efc912a3480708afee6f kernel-2.4.21-40.EL.athlon.rpm
67b81d592f5f1d9118c0b4aa98747c90 kernel-2.4.21-40.EL.i686.rpm
cfed1327615c0e1456824b605c9b3469 kernel-BOOT-2.4.21-40.EL.i386.rpm
408e8ce5096ab61b75207e32085345f7 kernel-doc-2.4.21-40.EL.i386.rpm
31d4f639796879e49778e1bd01410a44 kernel-hugemem-2.4.21-40.EL.i686.rpm
719d373fed84087a92493140cd1456f2 kernel-hugemem-unsupported-2.4.21-40.EL.i686.rpm
e550c1f5343851f18e1e5d7123b16926 kernel-smp-2.4.21-40.EL.athlon.rpm
8060d4e95fa2b7d5978ac482a8494046 kernel-smp-2.4.21-40.EL.i686.rpm
7a1eba47dadfb769ab5dd21e87544dcb kernel-smp-unsupported-2.4.21-40.EL.athlon.rpm
2f169daf9e95f6f602415d50a24befb9 kernel-smp-unsupported-2.4.21-40.EL.i686.rpm
07436903a9cc39b8efc50be1e4abd2b5 kernel-source-2.4.21-40.EL.i386.rpm
40c1b82a9b3666833ef51f842adce559 kernel-unsupported-2.4.21-40.EL.athlon.rpm
23e18c3df38f90ea739e96b575c66a2a kernel-unsupported-2.4.21-40.EL.i686.rpm
ia64:
33b14be75af35da7f94a563221eacc38 kernel-2.4.21-40.EL.ia64.rpm
2b2bc1f22c92a4fe7f71e3968d813b78 kernel-doc-2.4.21-40.EL.ia64.rpm
49362afb80039e121aebe71eb5241324 kernel-source-2.4.21-40.EL.ia64.rpm
ccbc19bdd003091f169a81785f4a4c9f kernel-unsupported-2.4.21-40.EL.ia64.rpm
x86_64:
01537d12eb0a242c0cf0ff267bcd5510 kernel-2.4.21-40.EL.ia32e.rpm
a1f13fd01729150df9d9a9d9aeac2e1c kernel-2.4.21-40.EL.x86_64.rpm
f5dc5548051bb90856f9307254234124 kernel-doc-2.4.21-40.EL.x86_64.rpm
1e4526ceb8f3d7f24628e1de2aaea3d5 kernel-smp-2.4.21-40.EL.x86_64.rpm
d2973934a286be55ff03aa79b1af75aa kernel-smp-unsupported-2.4.21-40.EL.x86_64.rpm
a6035139fb318a72cea565cd6e2202e0 kernel-source-2.4.21-40.EL.x86_64.rpm
ca0ca2170dc264dfbadf10f069075ac7 kernel-unsupported-2.4.21-40.EL.ia32e.rpm
3291254144c2a125e2ee84d6e20e02a8 kernel-unsupported-2.4.21-40.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-40.EL.src.rpm
e2e271472a3605dcef9f8b48ddb7cfe9 kernel-2.4.21-40.EL.src.rpm
i386:
14e451648c26efc912a3480708afee6f kernel-2.4.21-40.EL.athlon.rpm
67b81d592f5f1d9118c0b4aa98747c90 kernel-2.4.21-40.EL.i686.rpm
cfed1327615c0e1456824b605c9b3469 kernel-BOOT-2.4.21-40.EL.i386.rpm
408e8ce5096ab61b75207e32085345f7 kernel-doc-2.4.21-40.EL.i386.rpm
31d4f639796879e49778e1bd01410a44 kernel-hugemem-2.4.21-40.EL.i686.rpm
719d373fed84087a92493140cd1456f2 kernel-hugemem-unsupported-2.4.21-40.EL.i686.rpm
e550c1f5343851f18e1e5d7123b16926 kernel-smp-2.4.21-40.EL.athlon.rpm
8060d4e95fa2b7d5978ac482a8494046 kernel-smp-2.4.21-40.EL.i686.rpm
7a1eba47dadfb769ab5dd21e87544dcb kernel-smp-unsupported-2.4.21-40.EL.athlon.rpm
2f169daf9e95f6f602415d50a24befb9 kernel-smp-unsupported-2.4.21-40.EL.i686.rpm
07436903a9cc39b8efc50be1e4abd2b5 kernel-source-2.4.21-40.EL.i386.rpm
40c1b82a9b3666833ef51f842adce559 kernel-unsupported-2.4.21-40.EL.athlon.rpm
23e18c3df38f90ea739e96b575c66a2a kernel-unsupported-2.4.21-40.EL.i686.rpm
ia64:
33b14be75af35da7f94a563221eacc38 kernel-2.4.21-40.EL.ia64.rpm
2b2bc1f22c92a4fe7f71e3968d813b78 kernel-doc-2.4.21-40.EL.ia64.rpm
49362afb80039e121aebe71eb5241324 kernel-source-2.4.21-40.EL.ia64.rpm
ccbc19bdd003091f169a81785f4a4c9f kernel-unsupported-2.4.21-40.EL.ia64.rpm
x86_64:
01537d12eb0a242c0cf0ff267bcd5510 kernel-2.4.21-40.EL.ia32e.rpm
a1f13fd01729150df9d9a9d9aeac2e1c kernel-2.4.21-40.EL.x86_64.rpm
f5dc5548051bb90856f9307254234124 kernel-doc-2.4.21-40.EL.x86_64.rpm
1e4526ceb8f3d7f24628e1de2aaea3d5 kernel-smp-2.4.21-40.EL.x86_64.rpm
d2973934a286be55ff03aa79b1af75aa kernel-smp-unsupported-2.4.21-40.EL.x86_64.rpm
a6035139fb318a72cea565cd6e2202e0 kernel-source-2.4.21-40.EL.x86_64.rpm
ca0ca2170dc264dfbadf10f069075ac7 kernel-unsupported-2.4.21-40.EL.ia32e.rpm
3291254144c2a125e2ee84d6e20e02a8 kernel-unsupported-2.4.21-40.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEGD98XlSAg2UNWIIRAnCtAJ92nprFMX7/knn8sE4akRvKGYynWACdGdLd
CuaPF26rKGr6ur8Sa5GEJA8=
=UkP+
-----END PGP SIGNATURE-----
5.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: gnupg security update
Advisory ID: RHSA-2006:0266-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0266.html
Issue date: 2006-03-15
Updated on: 2006-03-15
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0049 CVE-2006-0455
- ---------------------------------------------------------------------
1. Summary:
An updated GnuPG package that fixes signature verification flaws as well as
minor bugs is now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
GnuPG is a utility for encrypting data and creating digital signatures.
Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically
signed data with detached signatures. It is possible for an attacker to
construct a cryptographically signed message which could appear to come
from a third party. When a victim processes a GnuPG message with a
malformed detached signature, GnuPG ignores the malformed signature,
processes and outputs the signed data, and exits with status 0, just as it
would if the signature had been valid. In this case, GnuPG's exit status
would not indicate that no signature verification had taken place. This
issue would primarily be of concern when processing GnuPG results via an
automated script. The Common Vulnerabilities and Exposures project assigned
the name CVE-2006-0455 to this issue.
Tavis Ormandy also discovered a bug in the way GnuPG verifies
cryptographically signed data with inline signatures. It is possible for an
attacker to inject unsigned data into a signed message in such a way that
when a victim processes the message to recover the data, the unsigned data
is output along with the signed data, gaining the appearance of having been
signed. This issue is mitigated in the GnuPG shipped with Red Hat
Enterprise Linux as the --ignore-crc-error option must be passed to the gpg
executable for this attack to be successful. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0049 to this issue.
Please note that neither of these issues affect the way RPM or up2date
verify RPM package files, nor is RPM vulnerable to either of these issues.
All users of GnuPG are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
167392 - initial gpg run doesn't create .gnupg/secring.gpg
179506 - RHEL3, gnupg-1.2.1-10, gpg: Creates corrupt files (probably 2GB problem)
183484 - CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
184556 - CVE-2006-0049 Gnupg incorrect malformed message verification
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-16.src.rpm
d15956e38c9d217ac93f5ed0cd5ce4f3 gnupg-1.0.7-16.src.rpm
i386:
cfcc3babbfc6f972dabbbac06e685f7d gnupg-1.0.7-16.i386.rpm
ia64:
8c1dddef36a9e45e9ae1444b82e28bea gnupg-1.0.7-16.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-16.src.rpm
d15956e38c9d217ac93f5ed0cd5ce4f3 gnupg-1.0.7-16.src.rpm
ia64:
8c1dddef36a9e45e9ae1444b82e28bea gnupg-1.0.7-16.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-16.src.rpm
d15956e38c9d217ac93f5ed0cd5ce4f3 gnupg-1.0.7-16.src.rpm
i386:
cfcc3babbfc6f972dabbbac06e685f7d gnupg-1.0.7-16.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-16.src.rpm
d15956e38c9d217ac93f5ed0cd5ce4f3 gnupg-1.0.7-16.src.rpm
i386:
cfcc3babbfc6f972dabbbac06e685f7d gnupg-1.0.7-16.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-15.src.rpm
e37b4079cb0dc795de0019b14a363f2a gnupg-1.2.1-15.src.rpm
i386:
8ef6ad0316bec8ede544c25cf7e30717 gnupg-1.2.1-15.i386.rpm
ia64:
594517a016b7bc7bee68cbca40bd9ead gnupg-1.2.1-15.ia64.rpm
ppc:
ac5d223e4a840999eecb87bc2626f7f1 gnupg-1.2.1-15.ppc.rpm
s390:
5bfa85eae3fda393ca1a80ef12107221 gnupg-1.2.1-15.s390.rpm
s390x:
a83363632fb9f9e77db7593f878c0136 gnupg-1.2.1-15.s390x.rpm
x86_64:
0ec4f9ce23dc41ca9a0e17c40ba3fbd4 gnupg-1.2.1-15.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-15.src.rpm
e37b4079cb0dc795de0019b14a363f2a gnupg-1.2.1-15.src.rpm
i386:
8ef6ad0316bec8ede544c25cf7e30717 gnupg-1.2.1-15.i386.rpm
x86_64:
0ec4f9ce23dc41ca9a0e17c40ba3fbd4 gnupg-1.2.1-15.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-15.src.rpm
e37b4079cb0dc795de0019b14a363f2a gnupg-1.2.1-15.src.rpm
i386:
8ef6ad0316bec8ede544c25cf7e30717 gnupg-1.2.1-15.i386.rpm
ia64:
594517a016b7bc7bee68cbca40bd9ead gnupg-1.2.1-15.ia64.rpm
x86_64:
0ec4f9ce23dc41ca9a0e17c40ba3fbd4 gnupg-1.2.1-15.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-15.src.rpm
e37b4079cb0dc795de0019b14a363f2a gnupg-1.2.1-15.src.rpm
i386:
8ef6ad0316bec8ede544c25cf7e30717 gnupg-1.2.1-15.i386.rpm
ia64:
594517a016b7bc7bee68cbca40bd9ead gnupg-1.2.1-15.ia64.rpm
x86_64:
0ec4f9ce23dc41ca9a0e17c40ba3fbd4 gnupg-1.2.1-15.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-3.src.rpm
174cd0720920c12354f2240722df75f9 gnupg-1.2.6-3.src.rpm
i386:
355d8f416080f4630fde887d970aa5aa gnupg-1.2.6-3.i386.rpm
ia64:
d414315f567d1e29f59e0b39b94e067e gnupg-1.2.6-3.ia64.rpm
ppc:
8b2400f89d1a5238988fd5d55cbc6ac6 gnupg-1.2.6-3.ppc.rpm
s390:
e6cc5d8bb6055da2bd328261485b1097 gnupg-1.2.6-3.s390.rpm
s390x:
ec581afb36353fb531634cb835f4f3e1 gnupg-1.2.6-3.s390x.rpm
x86_64:
a9b6b5a4051daa5cf86aa7a3279e54a4 gnupg-1.2.6-3.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-3.src.rpm
174cd0720920c12354f2240722df75f9 gnupg-1.2.6-3.src.rpm
i386:
355d8f416080f4630fde887d970aa5aa gnupg-1.2.6-3.i386.rpm
x86_64:
a9b6b5a4051daa5cf86aa7a3279e54a4 gnupg-1.2.6-3.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-3.src.rpm
174cd0720920c12354f2240722df75f9 gnupg-1.2.6-3.src.rpm
i386:
355d8f416080f4630fde887d970aa5aa gnupg-1.2.6-3.i386.rpm
ia64:
d414315f567d1e29f59e0b39b94e067e gnupg-1.2.6-3.ia64.rpm
x86_64:
a9b6b5a4051daa5cf86aa7a3279e54a4 gnupg-1.2.6-3.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-3.src.rpm
174cd0720920c12354f2240722df75f9 gnupg-1.2.6-3.src.rpm
i386:
355d8f416080f4630fde887d970aa5aa gnupg-1.2.6-3.i386.rpm
ia64:
d414315f567d1e29f59e0b39b94e067e gnupg-1.2.6-3.ia64.rpm
x86_64:
a9b6b5a4051daa5cf86aa7a3279e54a4 gnupg-1.2.6-3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD4DBQFEGENdXlSAg2UNWIIRAssBAKC0zRXbXjWhXASla1sgVsDVgoYSHACY2i+6
6X/60Ude/N50IK7CFRbV/A==
=xL9M
-----END PGP SIGNATURE-----
6.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2006:0268-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0268.html
Issue date: 2006-03-15
Updated on: 2006-03-15
Product: Red Hat Enterprise Linux Extras
CVE Names: CVE-2006-0024
- ---------------------------------------------------------------------
1. Summary:
An updated Macromedia Flash Player package that fixes a security issue is now
available.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Desktop version 3 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386
3. Problem description:
The flash-plugin package contains a Mozilla-compatible Macromedia Flash
Player browser plug-in.
Security issues were discovered in the Macromedia Flash Player. It may
be possible to execute arbitrary code on a victim's machine if the victim
opens a malicious Macromedia Flash file. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0024 to this issue.
Users of Macromedia Flash Player should upgrade to this updated package,
which contains version 7.0.64 and is not vulnerable to this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
185499 - CVE-2006-0024 flash-plugin flaw
6. RPMs required:
Red Hat Enterprise Linux AS version 3 Extras:
i386:
dc8d94542bbeb30050b601a741fa9c45 flash-plugin-7.0.63-1.EL3.i386.rpm
Red Hat Desktop version 3 Extras:
i386:
dc8d94542bbeb30050b601a741fa9c45 flash-plugin-7.0.63-1.EL3.i386.rpm
Red Hat Enterprise Linux ES version 3 Extras:
i386:
dc8d94542bbeb30050b601a741fa9c45 flash-plugin-7.0.63-1.EL3.i386.rpm
Red Hat Enterprise Linux WS version 3 Extras:
i386:
dc8d94542bbeb30050b601a741fa9c45 flash-plugin-7.0.63-1.EL3.i386.rpm
Red Hat Enterprise Linux AS version 4 Extras:
i386:
b2cd5f809df031f360ba45c7a61a0846 flash-plugin-7.0.63-1.EL4.i386.rpm
Red Hat Desktop version 4 Extras:
i386:
b2cd5f809df031f360ba45c7a61a0846 flash-plugin-7.0.63-1.EL4.i386.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386:
b2cd5f809df031f360ba45c7a61a0846 flash-plugin-7.0.63-1.EL4.i386.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386:
b2cd5f809df031f360ba45c7a61a0846 flash-plugin-7.0.63-1.EL4.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEGJmPXlSAg2UNWIIRAgQ8AJ9creVF4iqZK/1/PJQL44no3gARNACfTvNU
meDu1zCLIOOi0Y5EaWPgGyg=
=Ra0x
-----END PGP SIGNATURE-----