July 2006
Four Red Hat Security Advisories
ID: 00494
Ref: 477/2006
Date: 20 July 2006:13:44:27
Version: 1
Title: Four Red Hat Security Advisories
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====
Four Red Hat Security Advisories:
1. RHSA-2006:0500-01 - Moderate: freetype security update
2. RHSA-2006:0571-01 - Moderate: gnupg security update
3. RHSA-2006:0597-01 - Moderate: libwmf security update
4. RHSA-2006:0598-01 - Moderate: gimp security update
Detail
======
1. Chris Evans discovered several integer underflow and overflow flaws in the
FreeType font engine. If a user loads a carefully crafted font file with a
program linked against FreeType, it could cause the application to crash or
execute arbitrary code as the user. While it is uncommon for a user to
explicitly load a font file, there are several application file formats
which contain embedded fonts that are parsed by FreeType.
2. GnuPG is a utility for encrypting data and creating digital signatures.
An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened.
3. Libwmf is a library for reading and converting Windows MetaFile vector
graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick.
An integer overflow flaw was discovered in libwmf. An attacker could
create a carefully crafted WMF flaw that could execute arbitrary code if
opened by a victim.
4. The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.
Henning Makholm discovered a buffer overflow bug in The GIMP XCF file
loader. An attacker could create a carefully crafted image that could
execute arbitrary code if opened by a victim.
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: freetype security update
Advisory ID: RHSA-2006:0500-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0500.html
Issue date: 2006-07-18
Updated on: 2006-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0747 CVE-2006-1861 CVE-2006-2661
CVE-2006-3467
- - ---------------------------------------------------------------------
1. Summary:
Updated freetype packages that fix several security flaws are now available
for Red Hat Enterprise Linux.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
FreeType is a free, high-quality, and portable font engine.
Chris Evans discovered several integer underflow and overflow flaws in the
FreeType font engine. If a user loads a carefully crafted font file with a
program linked against FreeType, it could cause the application to crash or
execute arbitrary code as the user. While it is uncommon for a user to
explicitly load a font file, there are several application file formats
which contain embedded fonts that are parsed by FreeType. (CVE-2006-0747,
CVE-2006-1861, CVE-2006-3467)
A NULL pointer dereference flaw was found in the FreeType font engine. An
application linked against FreeType can crash upon loading a malformed font
file. (CVE-2006-2661)
Users of FreeType should upgrade to these updated packages, which contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
183676 - CVE-2006-0747 Freetype integer underflow (CVE-2006-2661)
190593 - CVE-2006-1861 freetype multiple integer overflows (CVE-2006-3467)
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/freetype-2.0.3-8.rhel2_1.2.src.rpm
9c3d03656cc51a72e2753a0e27c4b474 freetype-2.0.3-8.rhel2_1.2.src.rpm
i386:
407cfe8163092692652a64baf217074e freetype-2.0.3-8.rhel2_1.2.i386.rpm
5724f665a6b32fd026b7b338d888e57b freetype-devel-2.0.3-8.rhel2_1.2.i386.rpm
a9a323b730d32b1fbcb8f619cec0b4a5 freetype-utils-2.0.3-8.rhel2_1.2.i386.rpm
ia64:
1cc6902e487dc3d94948e6fe0a91f2a7 freetype-2.0.3-8.rhel2_1.2.ia64.rpm
4d2e15bc0f6c0c2849b3826ab13f5c38 freetype-devel-2.0.3-8.rhel2_1.2.ia64.rpm
8b9c3c8ea308328251bcec9d9cd4ee33 freetype-utils-2.0.3-8.rhel2_1.2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/freetype-2.0.3-8.rhel2_1.2.src.rpm
9c3d03656cc51a72e2753a0e27c4b474 freetype-2.0.3-8.rhel2_1.2.src.rpm
ia64:
1cc6902e487dc3d94948e6fe0a91f2a7 freetype-2.0.3-8.rhel2_1.2.ia64.rpm
4d2e15bc0f6c0c2849b3826ab13f5c38 freetype-devel-2.0.3-8.rhel2_1.2.ia64.rpm
8b9c3c8ea308328251bcec9d9cd4ee33 freetype-utils-2.0.3-8.rhel2_1.2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/freetype-2.0.3-8.rhel2_1.2.src.rpm
9c3d03656cc51a72e2753a0e27c4b474 freetype-2.0.3-8.rhel2_1.2.src.rpm
i386:
407cfe8163092692652a64baf217074e freetype-2.0.3-8.rhel2_1.2.i386.rpm
5724f665a6b32fd026b7b338d888e57b freetype-devel-2.0.3-8.rhel2_1.2.i386.rpm
a9a323b730d32b1fbcb8f619cec0b4a5 freetype-utils-2.0.3-8.rhel2_1.2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/freetype-2.0.3-8.rhel2_1.2.src.rpm
9c3d03656cc51a72e2753a0e27c4b474 freetype-2.0.3-8.rhel2_1.2.src.rpm
i386:
407cfe8163092692652a64baf217074e freetype-2.0.3-8.rhel2_1.2.i386.rpm
5724f665a6b32fd026b7b338d888e57b freetype-devel-2.0.3-8.rhel2_1.2.i386.rpm
a9a323b730d32b1fbcb8f619cec0b4a5 freetype-utils-2.0.3-8.rhel2_1.2.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/freetype-2.1.4-4.0.rhel3.2.src.rpm
b1a408493bba9185c162e4951be43b18 freetype-2.1.4-4.0.rhel3.2.src.rpm
i386:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
27f98060dc5e8a5788e836f4b68133d7 freetype-devel-2.1.4-4.0.rhel3.2.i386.rpm
ia64:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
715b086353e75c73557d093edf3fcd6d freetype-2.1.4-4.0.rhel3.2.ia64.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
7fca85177ba6b6b747d0ef73b520d418 freetype-debuginfo-2.1.4-4.0.rhel3.2.ia64.rpm
d3a2e21df27b6b0aaf61262426418f68 freetype-devel-2.1.4-4.0.rhel3.2.ia64.rpm
ppc:
5d170f7b9edd559bbecdcd67a222ee58 freetype-2.1.4-4.0.rhel3.2.ppc.rpm
fa5cfb6f58389bf5ff79d1eb20a1d751 freetype-2.1.4-4.0.rhel3.2.ppc64.rpm
92e63496948ed6e72934342b6e7c7894 freetype-debuginfo-2.1.4-4.0.rhel3.2.ppc.rpm
dc282a8be56d5e3817aa50265c6657d3 freetype-debuginfo-2.1.4-4.0.rhel3.2.ppc64.rpm
9c64d14c71deabb125d1904baed60454 freetype-devel-2.1.4-4.0.rhel3.2.ppc.rpm
s390:
ac3122941009aaf309b658161f9ab376 freetype-2.1.4-4.0.rhel3.2.s390.rpm
78dcfd5519a2f85b6d559887a17e94fd freetype-debuginfo-2.1.4-4.0.rhel3.2.s390.rpm
6465809d682d960d20b34646f5c6a22b freetype-devel-2.1.4-4.0.rhel3.2.s390.rpm
s390x:
ac3122941009aaf309b658161f9ab376 freetype-2.1.4-4.0.rhel3.2.s390.rpm
fbacd92a4dc87c11784617b4a60be2df freetype-2.1.4-4.0.rhel3.2.s390x.rpm
78dcfd5519a2f85b6d559887a17e94fd freetype-debuginfo-2.1.4-4.0.rhel3.2.s390.rpm
db92d2021bd9e26a76c9a5ebce6b6dc7 freetype-debuginfo-2.1.4-4.0.rhel3.2.s390x.rpm
d0854600a5492eb13ed216677a2e8962 freetype-devel-2.1.4-4.0.rhel3.2.s390x.rpm
x86_64:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
b4db4ba664bdf9ff605c2190a00c3724 freetype-2.1.4-4.0.rhel3.2.x86_64.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
5883a335c91312f6372a06e8692c95bc freetype-debuginfo-2.1.4-4.0.rhel3.2.x86_64.rpm
deac2e0429300513b2abb9ba75c62dad freetype-devel-2.1.4-4.0.rhel3.2.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/freetype-2.1.4-4.0.rhel3.2.src.rpm
b1a408493bba9185c162e4951be43b18 freetype-2.1.4-4.0.rhel3.2.src.rpm
i386:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
27f98060dc5e8a5788e836f4b68133d7 freetype-devel-2.1.4-4.0.rhel3.2.i386.rpm
x86_64:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
b4db4ba664bdf9ff605c2190a00c3724 freetype-2.1.4-4.0.rhel3.2.x86_64.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
5883a335c91312f6372a06e8692c95bc freetype-debuginfo-2.1.4-4.0.rhel3.2.x86_64.rpm
deac2e0429300513b2abb9ba75c62dad freetype-devel-2.1.4-4.0.rhel3.2.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/freetype-2.1.4-4.0.rhel3.2.src.rpm
b1a408493bba9185c162e4951be43b18 freetype-2.1.4-4.0.rhel3.2.src.rpm
i386:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
27f98060dc5e8a5788e836f4b68133d7 freetype-devel-2.1.4-4.0.rhel3.2.i386.rpm
ia64:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
715b086353e75c73557d093edf3fcd6d freetype-2.1.4-4.0.rhel3.2.ia64.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
7fca85177ba6b6b747d0ef73b520d418 freetype-debuginfo-2.1.4-4.0.rhel3.2.ia64.rpm
d3a2e21df27b6b0aaf61262426418f68 freetype-devel-2.1.4-4.0.rhel3.2.ia64.rpm
x86_64:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
b4db4ba664bdf9ff605c2190a00c3724 freetype-2.1.4-4.0.rhel3.2.x86_64.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
5883a335c91312f6372a06e8692c95bc freetype-debuginfo-2.1.4-4.0.rhel3.2.x86_64.rpm
deac2e0429300513b2abb9ba75c62dad freetype-devel-2.1.4-4.0.rhel3.2.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/freetype-2.1.4-4.0.rhel3.2.src.rpm
b1a408493bba9185c162e4951be43b18 freetype-2.1.4-4.0.rhel3.2.src.rpm
i386:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
27f98060dc5e8a5788e836f4b68133d7 freetype-devel-2.1.4-4.0.rhel3.2.i386.rpm
ia64:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
715b086353e75c73557d093edf3fcd6d freetype-2.1.4-4.0.rhel3.2.ia64.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
7fca85177ba6b6b747d0ef73b520d418 freetype-debuginfo-2.1.4-4.0.rhel3.2.ia64.rpm
d3a2e21df27b6b0aaf61262426418f68 freetype-devel-2.1.4-4.0.rhel3.2.ia64.rpm
x86_64:
3e4cdc899ff5aa657e51270bcb886b37 freetype-2.1.4-4.0.rhel3.2.i386.rpm
b4db4ba664bdf9ff605c2190a00c3724 freetype-2.1.4-4.0.rhel3.2.x86_64.rpm
d874c5ce3ece70500d8f1bbe68752cd4 freetype-debuginfo-2.1.4-4.0.rhel3.2.i386.rpm
5883a335c91312f6372a06e8692c95bc freetype-debuginfo-2.1.4-4.0.rhel3.2.x86_64.rpm
deac2e0429300513b2abb9ba75c62dad freetype-devel-2.1.4-4.0.rhel3.2.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-1.rhel4.4.src.rpm
927ac506c112db88f65da71044aa70c7 freetype-2.1.9-1.rhel4.4.src.rpm
i386:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
1780063a39d2433520a775485bbd00c0 freetype-demos-2.1.9-1.rhel4.4.i386.rpm
64e3dc01cd9cb61a7adb3cd83113c8c6 freetype-devel-2.1.9-1.rhel4.4.i386.rpm
d18df0766f06ffd7710c2bd97cc32a65 freetype-utils-2.1.9-1.rhel4.4.i386.rpm
ia64:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
271f588027cd34f8a0cc003f304d3f28 freetype-2.1.9-1.rhel4.4.ia64.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
bfa14d39053f78ff2675edaf784ec5b6 freetype-debuginfo-2.1.9-1.rhel4.4.ia64.rpm
bb5f5405f3b733a4bf541109a0f83dda freetype-demos-2.1.9-1.rhel4.4.ia64.rpm
31bc0ada2359d4f4bb10ce55e75acdaf freetype-devel-2.1.9-1.rhel4.4.ia64.rpm
1d942badb4b1387d8a4887afaa2609f1 freetype-utils-2.1.9-1.rhel4.4.ia64.rpm
ppc:
5814117f8a14e77a52833faf03b9a675 freetype-2.1.9-1.rhel4.4.ppc.rpm
b9db10734903abe8bc9c51df17929a53 freetype-2.1.9-1.rhel4.4.ppc64.rpm
a4d53e08a313d8dd9d31e7e8a2fa9e2e freetype-debuginfo-2.1.9-1.rhel4.4.ppc.rpm
2ed0c908014b4bb088f80f4d2ab2f9de freetype-debuginfo-2.1.9-1.rhel4.4.ppc64.rpm
bfc62372116ffd66a312b492d4c914ed freetype-demos-2.1.9-1.rhel4.4.ppc.rpm
26b77e7e2e75d362f09464723761146e freetype-devel-2.1.9-1.rhel4.4.ppc.rpm
c031f11bb7c1ca2bcd45894a55f6443f freetype-utils-2.1.9-1.rhel4.4.ppc.rpm
s390:
c7b3866846999a9771481f8328a077bc freetype-2.1.9-1.rhel4.4.s390.rpm
e9d19d68fa1dab0a856ccc9222ac743b freetype-debuginfo-2.1.9-1.rhel4.4.s390.rpm
622b582663c82c3a88da772e240c9880 freetype-demos-2.1.9-1.rhel4.4.s390.rpm
93476295362b4ceb86f09cf42a4fa850 freetype-devel-2.1.9-1.rhel4.4.s390.rpm
9031b2ac4f7b65e1155bc0fcc54c59bb freetype-utils-2.1.9-1.rhel4.4.s390.rpm
s390x:
c7b3866846999a9771481f8328a077bc freetype-2.1.9-1.rhel4.4.s390.rpm
24b9f1ce612a1fd0792f1be6dd4f8d89 freetype-2.1.9-1.rhel4.4.s390x.rpm
e9d19d68fa1dab0a856ccc9222ac743b freetype-debuginfo-2.1.9-1.rhel4.4.s390.rpm
1701739fe98cf162735fb85755202b28 freetype-debuginfo-2.1.9-1.rhel4.4.s390x.rpm
3be671cb7587fb53884d10102193ccc1 freetype-demos-2.1.9-1.rhel4.4.s390x.rpm
8062dd53300a5f562c08c382ab3a7607 freetype-devel-2.1.9-1.rhel4.4.s390x.rpm
3138bf1a5526f05103c68968e56e1f9f freetype-utils-2.1.9-1.rhel4.4.s390x.rpm
x86_64:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
26214e971a37c207903c87c057cc2b2e freetype-2.1.9-1.rhel4.4.x86_64.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
2a5ea0e4828f109decdaf07a43b4aaa8 freetype-debuginfo-2.1.9-1.rhel4.4.x86_64.rpm
bd167657107e37c2f9e6c034bf126a87 freetype-demos-2.1.9-1.rhel4.4.x86_64.rpm
0b706cd7a4f0ef9c3e82870ce696c4df freetype-devel-2.1.9-1.rhel4.4.x86_64.rpm
abbe3bf77fd9abe66133f1d509081ca7 freetype-utils-2.1.9-1.rhel4.4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-1.rhel4.4.src.rpm
927ac506c112db88f65da71044aa70c7 freetype-2.1.9-1.rhel4.4.src.rpm
i386:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
1780063a39d2433520a775485bbd00c0 freetype-demos-2.1.9-1.rhel4.4.i386.rpm
64e3dc01cd9cb61a7adb3cd83113c8c6 freetype-devel-2.1.9-1.rhel4.4.i386.rpm
d18df0766f06ffd7710c2bd97cc32a65 freetype-utils-2.1.9-1.rhel4.4.i386.rpm
x86_64:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
26214e971a37c207903c87c057cc2b2e freetype-2.1.9-1.rhel4.4.x86_64.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
2a5ea0e4828f109decdaf07a43b4aaa8 freetype-debuginfo-2.1.9-1.rhel4.4.x86_64.rpm
bd167657107e37c2f9e6c034bf126a87 freetype-demos-2.1.9-1.rhel4.4.x86_64.rpm
0b706cd7a4f0ef9c3e82870ce696c4df freetype-devel-2.1.9-1.rhel4.4.x86_64.rpm
abbe3bf77fd9abe66133f1d509081ca7 freetype-utils-2.1.9-1.rhel4.4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-1.rhel4.4.src.rpm
927ac506c112db88f65da71044aa70c7 freetype-2.1.9-1.rhel4.4.src.rpm
i386:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
1780063a39d2433520a775485bbd00c0 freetype-demos-2.1.9-1.rhel4.4.i386.rpm
64e3dc01cd9cb61a7adb3cd83113c8c6 freetype-devel-2.1.9-1.rhel4.4.i386.rpm
d18df0766f06ffd7710c2bd97cc32a65 freetype-utils-2.1.9-1.rhel4.4.i386.rpm
ia64:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
271f588027cd34f8a0cc003f304d3f28 freetype-2.1.9-1.rhel4.4.ia64.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
bfa14d39053f78ff2675edaf784ec5b6 freetype-debuginfo-2.1.9-1.rhel4.4.ia64.rpm
bb5f5405f3b733a4bf541109a0f83dda freetype-demos-2.1.9-1.rhel4.4.ia64.rpm
31bc0ada2359d4f4bb10ce55e75acdaf freetype-devel-2.1.9-1.rhel4.4.ia64.rpm
1d942badb4b1387d8a4887afaa2609f1 freetype-utils-2.1.9-1.rhel4.4.ia64.rpm
x86_64:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
26214e971a37c207903c87c057cc2b2e freetype-2.1.9-1.rhel4.4.x86_64.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
2a5ea0e4828f109decdaf07a43b4aaa8 freetype-debuginfo-2.1.9-1.rhel4.4.x86_64.rpm
bd167657107e37c2f9e6c034bf126a87 freetype-demos-2.1.9-1.rhel4.4.x86_64.rpm
0b706cd7a4f0ef9c3e82870ce696c4df freetype-devel-2.1.9-1.rhel4.4.x86_64.rpm
abbe3bf77fd9abe66133f1d509081ca7 freetype-utils-2.1.9-1.rhel4.4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-1.rhel4.4.src.rpm
927ac506c112db88f65da71044aa70c7 freetype-2.1.9-1.rhel4.4.src.rpm
i386:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
1780063a39d2433520a775485bbd00c0 freetype-demos-2.1.9-1.rhel4.4.i386.rpm
64e3dc01cd9cb61a7adb3cd83113c8c6 freetype-devel-2.1.9-1.rhel4.4.i386.rpm
d18df0766f06ffd7710c2bd97cc32a65 freetype-utils-2.1.9-1.rhel4.4.i386.rpm
ia64:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
271f588027cd34f8a0cc003f304d3f28 freetype-2.1.9-1.rhel4.4.ia64.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
bfa14d39053f78ff2675edaf784ec5b6 freetype-debuginfo-2.1.9-1.rhel4.4.ia64.rpm
bb5f5405f3b733a4bf541109a0f83dda freetype-demos-2.1.9-1.rhel4.4.ia64.rpm
31bc0ada2359d4f4bb10ce55e75acdaf freetype-devel-2.1.9-1.rhel4.4.ia64.rpm
1d942badb4b1387d8a4887afaa2609f1 freetype-utils-2.1.9-1.rhel4.4.ia64.rpm
x86_64:
f4dfc9303c4d4f2894a415475c7d7190 freetype-2.1.9-1.rhel4.4.i386.rpm
26214e971a37c207903c87c057cc2b2e freetype-2.1.9-1.rhel4.4.x86_64.rpm
1a5c2f2e0fbb3f29a2087d18ec465410 freetype-debuginfo-2.1.9-1.rhel4.4.i386.rpm
2a5ea0e4828f109decdaf07a43b4aaa8 freetype-debuginfo-2.1.9-1.rhel4.4.x86_64.rpm
bd167657107e37c2f9e6c034bf126a87 freetype-demos-2.1.9-1.rhel4.4.x86_64.rpm
0b706cd7a4f0ef9c3e82870ce696c4df freetype-devel-2.1.9-1.rhel4.4.x86_64.rpm
abbe3bf77fd9abe66133f1d509081ca7 freetype-utils-2.1.9-1.rhel4.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEvLpXXlSAg2UNWIIRAqbvAJwNmh3byhYoUK07tGMJI9FF5lJKzwCgstvq
GCdRHgiWlYG+mUEy7tGiTTc=
=ObtS
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: gnupg security update
Advisory ID: RHSA-2006:0571-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0571.html
Issue date: 2006-07-18
Updated on: 2006-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3082
- - ---------------------------------------------------------------------
1. Summary:
An updated GnuPG package that fixes a security issue is now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
GnuPG is a utility for encrypting data and creating digital signatures.
An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3082)
All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
195945 - CVE-2006-3082 gnupg integer overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm
ia64:
c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
ia64:
c1b68462b1b4d696fa9e90e38f6f54d7 gnupg-1.0.7-17.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-17.src.rpm
fa7cfe6dfa03fa809e9b2af5147a7d51 gnupg-1.0.7-17.src.rpm
i386:
0cc151d11326fd2358805f4586a53184 gnupg-1.0.7-17.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm
ppc:
950443789619df4f52cdf43ab0fec80c gnupg-1.2.1-16.ppc.rpm
90dbe63929e7992bf0c24b43a925b777 gnupg-debuginfo-1.2.1-16.ppc.rpm
s390:
7e791472c18454f8f9a0e5efbee1ef87 gnupg-1.2.1-16.s390.rpm
c17c578799ba3d2996a883f3be7fa76e gnupg-debuginfo-1.2.1-16.s390.rpm
s390x:
14b9d593377b1e01a1dae543cc1716ad gnupg-1.2.1-16.s390x.rpm
31b331a50108e47b15208326609f7670 gnupg-debuginfo-1.2.1-16.s390x.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-16.src.rpm
f173b3d78ec867a2f3111bdf974a274f gnupg-1.2.1-16.src.rpm
i386:
4a09e2928900d8a82c2d783c7eb2d296 gnupg-1.2.1-16.i386.rpm
585875422f491242ad70dba461de85ea gnupg-debuginfo-1.2.1-16.i386.rpm
ia64:
9e5c54d0ab18653e474d55b7dbf239f4 gnupg-1.2.1-16.ia64.rpm
e9b95b54d37687b4450ab049305c3206 gnupg-debuginfo-1.2.1-16.ia64.rpm
x86_64:
0e9ea49121b053d9a8bc67c50cf70673 gnupg-1.2.1-16.x86_64.rpm
46437be7724be2a7116e97006dccee11 gnupg-debuginfo-1.2.1-16.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm
ppc:
b5441d9d4ade66a04f4cdea1ddbdd307 gnupg-1.2.6-5.ppc.rpm
ea1d914777b585a1e41aea1939cefabb gnupg-debuginfo-1.2.6-5.ppc.rpm
s390:
d7b5cfdd8c6f094a296c158922fe9b2e gnupg-1.2.6-5.s390.rpm
3540be56fb0b644f0fefa4d38805109c gnupg-debuginfo-1.2.6-5.s390.rpm
s390x:
5d50e214254980abd03cd087eacf35bd gnupg-1.2.6-5.s390x.rpm
b653dc31175df5d2e2144cbb9a0a7399 gnupg-debuginfo-1.2.6-5.s390x.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-5.src.rpm
6cf00ad0b97c9731e07a34adc1965493 gnupg-1.2.6-5.src.rpm
i386:
47e0360b4534d7220dd01f5dbdf11d72 gnupg-1.2.6-5.i386.rpm
c3a7f32d81cbf830f9143646288d04a6 gnupg-debuginfo-1.2.6-5.i386.rpm
ia64:
8bcbf0ee44c28eda3700601462f8f279 gnupg-1.2.6-5.ia64.rpm
0e8ac80c56798191601ba554fad08556 gnupg-debuginfo-1.2.6-5.ia64.rpm
x86_64:
64689932318e0b756e64d1b4cfd4c850 gnupg-1.2.6-5.x86_64.rpm
45ccc6c12630ca9ac199edfc97b75fe9 gnupg-debuginfo-1.2.6-5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEvLqFXlSAg2UNWIIRAs0GAKDC2yFB6ZYCJxKRVHkr2d+l7gQ5ywCdFzVw
a8vCYa9aPS+QiUSH2gr85Ck=
=gL1L
- -----END PGP SIGNATURE-----
3.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: libwmf security update
Advisory ID: RHSA-2006:0597-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0597.html
Issue date: 2006-07-18
Updated on: 2006-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3376
- - ---------------------------------------------------------------------
1. Summary:
Updated libwmf packages that fix a security flaw are now available for Red
Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Libwmf is a library for reading and converting Windows MetaFile vector
graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick.
An integer overflow flaw was discovered in libwmf. An attacker could
create a carefully crafted WMF flaw that could execute arbitrary code if
opened by a victim. (CVE-2006-3376).
Users of libwmf should update to these packages which contain a backported
security patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
198290 - CVE-2006-3376 libwmf integer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
ia64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm
ppc:
73258f72fc27adf63b5598265a3d41d4 libwmf-0.2.8.3-5.3.ppc.rpm
09a24c35d6711648ef35f81800a7201e libwmf-0.2.8.3-5.3.ppc64.rpm
386f46b7457bff04b47a0ebe8a0538f9 libwmf-debuginfo-0.2.8.3-5.3.ppc.rpm
90b145052f46530d7fb3bf8b8c45cadd libwmf-debuginfo-0.2.8.3-5.3.ppc64.rpm
5bf40c54b6ba949f8e02ebb5e13984f0 libwmf-devel-0.2.8.3-5.3.ppc.rpm
s390:
44dac72b0172705871d0c368269e7f9a libwmf-0.2.8.3-5.3.s390.rpm
e842d2f832410e99328dce18ed54192f libwmf-debuginfo-0.2.8.3-5.3.s390.rpm
92190ab8c67aa978b499f750d7399ef5 libwmf-devel-0.2.8.3-5.3.s390.rpm
s390x:
44dac72b0172705871d0c368269e7f9a libwmf-0.2.8.3-5.3.s390.rpm
4429fd7bbc35881cd9f29cc5c2ecda22 libwmf-0.2.8.3-5.3.s390x.rpm
e842d2f832410e99328dce18ed54192f libwmf-debuginfo-0.2.8.3-5.3.s390.rpm
587093bdd9e438b571479e42a9e9e089 libwmf-debuginfo-0.2.8.3-5.3.s390x.rpm
661d64b1287985b92b22848dcd075887 libwmf-devel-0.2.8.3-5.3.s390x.rpm
x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
ia64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm
x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libwmf-0.2.8.3-5.3.src.rpm
a3351e97473f0af4394b998cd5ff389e libwmf-0.2.8.3-5.3.src.rpm
i386:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
09e45037b62f7463fe722e507078df59 libwmf-devel-0.2.8.3-5.3.i386.rpm
ia64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
da0236a75948cccfa9a8534091af47bb libwmf-0.2.8.3-5.3.ia64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
22de5d504e134590d17a9dd3e16a643e libwmf-debuginfo-0.2.8.3-5.3.ia64.rpm
e211c15294c79a83bfcead7abe175bb5 libwmf-devel-0.2.8.3-5.3.ia64.rpm
x86_64:
95ce0776b99d34b2305b01d2491c8ff7 libwmf-0.2.8.3-5.3.i386.rpm
db3a6a0d9976a0a90e0bcc8318babed3 libwmf-0.2.8.3-5.3.x86_64.rpm
130c14ff86120816f2714930fb4c113e libwmf-debuginfo-0.2.8.3-5.3.i386.rpm
2ebfbea367681a2c58324f11e61c66d0 libwmf-debuginfo-0.2.8.3-5.3.x86_64.rpm
255efbcafa17355b7d366e77f28ea92e libwmf-devel-0.2.8.3-5.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEvLqhXlSAg2UNWIIRAo5PAJ9DUKgBVLAJtpdSfWXwDktkg//FWwCfX3r1
M44lFF+SeXi8h//dif+B0zE=
=g7rD
- -----END PGP SIGNATURE-----
4.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: gimp security update
Advisory ID: RHSA-2006:0598-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0598.html
Issue date: 2006-07-18
Updated on: 2006-07-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3404
- - ---------------------------------------------------------------------
1. Summary:
Updated gimp packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.
Henning Makholm discovered a buffer overflow bug in The GIMP XCF file
loader. An attacker could create a carefully crafted image that could
execute arbitrary code if opened by a victim. (CVE-2006-3404)
Please note that this issue did not affect the gimp packages in Red Hat
Enterprise Linux 2.1, or 3.
Users of The GIMP should update to these erratum packages which contain a
backported fix to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
198269 - CVE-2006-3404 gimp xcf buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gimp-2.0.5-6.src.rpm
e04e322b38e961a39a11226d4332eb96 gimp-2.0.5-6.src.rpm
i386:
4df3bf6b7eb28e00565d675710336a70 gimp-2.0.5-6.i386.rpm
d17931aa26f6cd1a542bae0e61e69da2 gimp-debuginfo-2.0.5-6.i386.rpm
1281afed4e3e307b54d110e9069319a3 gimp-devel-2.0.5-6.i386.rpm
ia64:
c10526624b14a3d01dc0403323b3b334 gimp-2.0.5-6.ia64.rpm
0c8215a8e83e26844e0fd59f356d3c8a gimp-debuginfo-2.0.5-6.ia64.rpm
c4ab05bcab59def7b78b12c02f3d55a9 gimp-devel-2.0.5-6.ia64.rpm
ppc:
f6d626ad978e353c9d22dd613787293b gimp-2.0.5-6.ppc.rpm
6ba17075abaf535ba024b82765173bbc gimp-debuginfo-2.0.5-6.ppc.rpm
0a5014b0b8d5fe00bb7a26c479cb556c gimp-devel-2.0.5-6.ppc.rpm
s390:
fa6b172b11970b24616833467919ed82 gimp-2.0.5-6.s390.rpm
1ee3407b511e310cf0110eb474162484 gimp-debuginfo-2.0.5-6.s390.rpm
cca46a04cb1447a9e3c17b059735e142 gimp-devel-2.0.5-6.s390.rpm
s390x:
ad3aef899acaeb2cf10bf8826e66cb34 gimp-2.0.5-6.s390x.rpm
e967db8a9f308b4441b08d6a7cd05ad6 gimp-debuginfo-2.0.5-6.s390x.rpm
d78a1cca918edfb422a557e76afd50cd gimp-devel-2.0.5-6.s390x.rpm
x86_64:
a663dde0c10dbd66978a2331ff6d617c gimp-2.0.5-6.x86_64.rpm
15a1f141eb4cbb2a6389a7dd7311c81e gimp-debuginfo-2.0.5-6.x86_64.rpm
be6424607dc53cace28ba1fbb99938ee gimp-devel-2.0.5-6.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gimp-2.0.5-6.src.rpm
e04e322b38e961a39a11226d4332eb96 gimp-2.0.5-6.src.rpm
i386:
4df3bf6b7eb28e00565d675710336a70 gimp-2.0.5-6.i386.rpm
d17931aa26f6cd1a542bae0e61e69da2 gimp-debuginfo-2.0.5-6.i386.rpm
1281afed4e3e307b54d110e9069319a3 gimp-devel-2.0.5-6.i386.rpm
x86_64:
a663dde0c10dbd66978a2331ff6d617c gimp-2.0.5-6.x86_64.rpm
15a1f141eb4cbb2a6389a7dd7311c81e gimp-debuginfo-2.0.5-6.x86_64.rpm
be6424607dc53cace28ba1fbb99938ee gimp-devel-2.0.5-6.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gimp-2.0.5-6.src.rpm
e04e322b38e961a39a11226d4332eb96 gimp-2.0.5-6.src.rpm
i386:
4df3bf6b7eb28e00565d675710336a70 gimp-2.0.5-6.i386.rpm
d17931aa26f6cd1a542bae0e61e69da2 gimp-debuginfo-2.0.5-6.i386.rpm
1281afed4e3e307b54d110e9069319a3 gimp-devel-2.0.5-6.i386.rpm
ia64:
c10526624b14a3d01dc0403323b3b334 gimp-2.0.5-6.ia64.rpm
0c8215a8e83e26844e0fd59f356d3c8a gimp-debuginfo-2.0.5-6.ia64.rpm
c4ab05bcab59def7b78b12c02f3d55a9 gimp-devel-2.0.5-6.ia64.rpm
x86_64:
a663dde0c10dbd66978a2331ff6d617c gimp-2.0.5-6.x86_64.rpm
15a1f141eb4cbb2a6389a7dd7311c81e gimp-debuginfo-2.0.5-6.x86_64.rpm
be6424607dc53cace28ba1fbb99938ee gimp-devel-2.0.5-6.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gimp-2.0.5-6.src.rpm
e04e322b38e961a39a11226d4332eb96 gimp-2.0.5-6.src.rpm
i386:
4df3bf6b7eb28e00565d675710336a70 gimp-2.0.5-6.i386.rpm
d17931aa26f6cd1a542bae0e61e69da2 gimp-debuginfo-2.0.5-6.i386.rpm
1281afed4e3e307b54d110e9069319a3 gimp-devel-2.0.5-6.i386.rpm
ia64:
c10526624b14a3d01dc0403323b3b334 gimp-2.0.5-6.ia64.rpm
0c8215a8e83e26844e0fd59f356d3c8a gimp-debuginfo-2.0.5-6.ia64.rpm
c4ab05bcab59def7b78b12c02f3d55a9 gimp-devel-2.0.5-6.ia64.rpm
x86_64:
a663dde0c10dbd66978a2331ff6d617c gimp-2.0.5-6.x86_64.rpm
15a1f141eb4cbb2a6389a7dd7311c81e gimp-debuginfo-2.0.5-6.x86_64.rpm
be6424607dc53cace28ba1fbb99938ee gimp-devel-2.0.5-6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEvNZPXlSAg2UNWIIRApO6AKCj7qW4bSRMvbhfYiUB2NbpVbvH3gCfSmV1
1pLhpj8vM9xmBTpDKslYZ1A=
=Got/
- -----END PGP SIGNATURE-----