August 2006
Six Red Hat Security Advisories
ID: 00548
Ref: 525/2006
Date: 11 August 2006:13:55:57
Version: 1
Title: Six Red Hat Security Advisories
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====
Six Red Hat Security Advisories:
1. RHSA-2006:0354-01 - Low: elfutils security update
2. RHSA-2006:0393-01 - Low: ntp security update
3. RHSA-2006:0575-01 - Updated kernel packages available for Red Hat
Enterprise Linux 4 Update 4
4. RHSA-2006:0582-01 - Low: kdebase security fix
5. RHSA-2006:0605-01 - Important: perl security update
6. RHSA-2006:0619-01 - Moderate: httpd security update
Detail
======
1. The elfutils packages contain a number of utility programs and libraries
related to the creation and maintenance of executable code.
2. The Network Time Protocol (NTP) is used to synchronize a computer's time
with a reference time source.
3. Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 4.
4. Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)
5. Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which
can cause debugging information to be logged to arbitrary files. By setting
an environment variable, a local user could cause sperl to create, as root,
files with arbitrary filenames, or append the debugging information to
existing files. (CVE-2005-0155)
6. A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header. (CVE-2006-3918)
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: elfutils security update
Advisory ID: RHSA-2006:0354-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0354.html
Issue date: 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-1704
- - ---------------------------------------------------------------------
1. Summary:
Updated elfutils packages that address a minor security issue and various
other issues are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The elfutils packages contain a number of utility programs and libraries
related to the creation and maintenance of executable code.
The elfutils packages that originally shipped with Red Hat Enterprise Linux 4
were GPL-licensed versions which lacked some functionality. Previous
updates provided fully functional versions of elfutils only under the OSL
license. This update provides a fully functional, GPL-licensed version of
elfutils.
In the OSL-licensed elfutils versions provided in previous updates, some
tools could sometimes crash when given corrupted input files. (CVE-2005-1704)
Also, when the eu-strip tool was used to create separate debuginfo files
from relocatable objects such as kernel modules (.ko), the resulting
debuginfo files (.ko.debug) were sometimes corrupted. Both of these
problems are fixed in the new version.
Users of elfutils should upgrade to these updated packages, which resolve
these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
https://rhn.redhat.com/help/latest-up2date.pxt
5. Bug IDs fixed (http://bugzilla.redhat.com/):
156342 - eu-strip mangles separate debuginfo with relocation sections
159888 - CVE-2005-1704 Integer overflow in libelf
186992 - Elfutils license upgrade
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/elfutils-0.97.1-3.src.rpm
be92076aa98203d3d1a31764e8c55fe8 elfutils-0.97.1-3.src.rpm
i386:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
597fab4861e21558ee5241391d94c29e elfutils-devel-0.97.1-3.i386.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
8d395168cffc2d3d9666b6741208115a elfutils-libelf-devel-0.97.1-3.i386.rpm
ia64:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
75c6bb5c1105e5182e9bb5f60039a875 elfutils-0.97.1-3.ia64.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
00ba981a8897e990149319d38b202198 elfutils-debuginfo-0.97.1-3.ia64.rpm
5ab55fb1b7b1fdc890beee2246ae000e elfutils-devel-0.97.1-3.ia64.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
3452f9dc057e0b921cef882189118c61 elfutils-libelf-0.97.1-3.ia64.rpm
dfb803971bd78e169c3f22cb903daae9 elfutils-libelf-devel-0.97.1-3.ia64.rpm
ppc:
2680998fa90eb10b82018054d7523d95 elfutils-0.97.1-3.ppc.rpm
5bd8535f6dbba9548a9263349d3f78e3 elfutils-0.97.1-3.ppc64.rpm
8bf644dd1a625367539033ee3d42a576 elfutils-debuginfo-0.97.1-3.ppc.rpm
d00483b7efb0503e15d4ad239b76301c elfutils-debuginfo-0.97.1-3.ppc64.rpm
c068b099c58942fc09b56a4bf63a4836 elfutils-devel-0.97.1-3.ppc.rpm
37c1b4884a178dcc69e58ecdbd4857ee elfutils-libelf-0.97.1-3.ppc.rpm
91aaa5da12acc4ea47504c8e6760ee54 elfutils-libelf-0.97.1-3.ppc64.rpm
06a68c04286bf1a1167ffcaf9fe83585 elfutils-libelf-devel-0.97.1-3.ppc.rpm
s390:
77b2c7b6229c5a3f92856dbe75cbfab8 elfutils-0.97.1-3.s390.rpm
5d68e76fbe83443f5b187302ad47d787 elfutils-debuginfo-0.97.1-3.s390.rpm
86683249da3f5f1108ab2d1136fd3452 elfutils-devel-0.97.1-3.s390.rpm
d6e3f9ca8ce95cb5328cfff6bd2d5f45 elfutils-libelf-0.97.1-3.s390.rpm
0b24693676bf6e948de7172369aba13e elfutils-libelf-devel-0.97.1-3.s390.rpm
s390x:
77b2c7b6229c5a3f92856dbe75cbfab8 elfutils-0.97.1-3.s390.rpm
6c65023b352b3e1c05667fe3e849e893 elfutils-0.97.1-3.s390x.rpm
5d68e76fbe83443f5b187302ad47d787 elfutils-debuginfo-0.97.1-3.s390.rpm
755c49447187e1a02106d954d8d25ae7 elfutils-debuginfo-0.97.1-3.s390x.rpm
2c3b1fb515c57f00417176242843bce6 elfutils-devel-0.97.1-3.s390x.rpm
d6e3f9ca8ce95cb5328cfff6bd2d5f45 elfutils-libelf-0.97.1-3.s390.rpm
cb42d361bfa5374f64623ed8a1d2c70c elfutils-libelf-0.97.1-3.s390x.rpm
404801004e0dc22196bdb80acfa37bc1 elfutils-libelf-devel-0.97.1-3.s390x.rpm
x86_64:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
921094a1e8f8febbacc1b24ce733fa61 elfutils-0.97.1-3.x86_64.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
fd0737cf83da138e82db51ffc8fb3ffb elfutils-debuginfo-0.97.1-3.x86_64.rpm
3f54f71891a4f96530f93c815e8169f7 elfutils-devel-0.97.1-3.x86_64.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
fd37a6cb30a57eb5a5e483cfec7506ba elfutils-libelf-0.97.1-3.x86_64.rpm
571be987e0f3726db8309bdc99d00941 elfutils-libelf-devel-0.97.1-3.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/elfutils-0.97.1-3.src.rpm
be92076aa98203d3d1a31764e8c55fe8 elfutils-0.97.1-3.src.rpm
i386:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
597fab4861e21558ee5241391d94c29e elfutils-devel-0.97.1-3.i386.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
8d395168cffc2d3d9666b6741208115a elfutils-libelf-devel-0.97.1-3.i386.rpm
x86_64:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
921094a1e8f8febbacc1b24ce733fa61 elfutils-0.97.1-3.x86_64.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
fd0737cf83da138e82db51ffc8fb3ffb elfutils-debuginfo-0.97.1-3.x86_64.rpm
3f54f71891a4f96530f93c815e8169f7 elfutils-devel-0.97.1-3.x86_64.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
fd37a6cb30a57eb5a5e483cfec7506ba elfutils-libelf-0.97.1-3.x86_64.rpm
571be987e0f3726db8309bdc99d00941 elfutils-libelf-devel-0.97.1-3.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/elfutils-0.97.1-3.src.rpm
be92076aa98203d3d1a31764e8c55fe8 elfutils-0.97.1-3.src.rpm
i386:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
597fab4861e21558ee5241391d94c29e elfutils-devel-0.97.1-3.i386.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
8d395168cffc2d3d9666b6741208115a elfutils-libelf-devel-0.97.1-3.i386.rpm
ia64:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
75c6bb5c1105e5182e9bb5f60039a875 elfutils-0.97.1-3.ia64.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
00ba981a8897e990149319d38b202198 elfutils-debuginfo-0.97.1-3.ia64.rpm
5ab55fb1b7b1fdc890beee2246ae000e elfutils-devel-0.97.1-3.ia64.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
3452f9dc057e0b921cef882189118c61 elfutils-libelf-0.97.1-3.ia64.rpm
dfb803971bd78e169c3f22cb903daae9 elfutils-libelf-devel-0.97.1-3.ia64.rpm
x86_64:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
921094a1e8f8febbacc1b24ce733fa61 elfutils-0.97.1-3.x86_64.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
fd0737cf83da138e82db51ffc8fb3ffb elfutils-debuginfo-0.97.1-3.x86_64.rpm
3f54f71891a4f96530f93c815e8169f7 elfutils-devel-0.97.1-3.x86_64.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
fd37a6cb30a57eb5a5e483cfec7506ba elfutils-libelf-0.97.1-3.x86_64.rpm
571be987e0f3726db8309bdc99d00941 elfutils-libelf-devel-0.97.1-3.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/elfutils-0.97.1-3.src.rpm
be92076aa98203d3d1a31764e8c55fe8 elfutils-0.97.1-3.src.rpm
i386:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
597fab4861e21558ee5241391d94c29e elfutils-devel-0.97.1-3.i386.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
8d395168cffc2d3d9666b6741208115a elfutils-libelf-devel-0.97.1-3.i386.rpm
ia64:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
75c6bb5c1105e5182e9bb5f60039a875 elfutils-0.97.1-3.ia64.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
00ba981a8897e990149319d38b202198 elfutils-debuginfo-0.97.1-3.ia64.rpm
5ab55fb1b7b1fdc890beee2246ae000e elfutils-devel-0.97.1-3.ia64.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
3452f9dc057e0b921cef882189118c61 elfutils-libelf-0.97.1-3.ia64.rpm
dfb803971bd78e169c3f22cb903daae9 elfutils-libelf-devel-0.97.1-3.ia64.rpm
x86_64:
156158f3b94caa1b50a50bf879c17eb7 elfutils-0.97.1-3.i386.rpm
921094a1e8f8febbacc1b24ce733fa61 elfutils-0.97.1-3.x86_64.rpm
a4e9411f61be01871bbeb43cf9e48b23 elfutils-debuginfo-0.97.1-3.i386.rpm
fd0737cf83da138e82db51ffc8fb3ffb elfutils-debuginfo-0.97.1-3.x86_64.rpm
3f54f71891a4f96530f93c815e8169f7 elfutils-devel-0.97.1-3.x86_64.rpm
68118aabeacdefcb65fb5134908e2ed0 elfutils-libelf-0.97.1-3.i386.rpm
fd37a6cb30a57eb5a5e483cfec7506ba elfutils-libelf-0.97.1-3.x86_64.rpm
571be987e0f3726db8309bdc99d00941 elfutils-libelf-devel-0.97.1-3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFE26ZOXlSAg2UNWIIRAkunAKCiv1pjEmH6L22MpTsPjFN3kVPVdgCgsmJq
dSH4qtgVHIfE9ERGiiYuvbg=
=8J5R
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: ntp security update
Advisory ID: RHSA-2006:0393-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0393.html
Issue date: 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
Keywords: ntp
CVE Names: CVE-2005-2496
- - ---------------------------------------------------------------------
1. Summary:
Updated ntp packages that fix several bugs are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The Network Time Protocol (NTP) is used to synchronize a computer's time
with a reference time source.
The NTP daemon (ntpd), when run with the -u option and using a string to
specify the group, uses the group ID of the user instead of the group,
which causes ntpd to run with different privileges than intended.
(CVE-2005-2496)
The following issues have also been addressed in this update:
- - - The init script had several problems
- - - The script executed on upgrade could fail
- - - The man page for ntpd indicated the wrong option for specifying a chroot
directory
- - - The ntp daemon could crash with the message "Exiting: No more memory!"
- - - There is a new option for syncing the hardware clock after a successful
run of ntpdate
Users of ntp should upgrade to these updated packages, which resolve these
issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
142926 - multiple problems with ntpd init.d script
149652 - CVE-2005-2496 improper group set when running ntpd
166773 - ntp %post scriptlet fails on upgrade, if ntpd is disabled.
177052 - ntpd dies with the error "Exiting: out of memory!"
187003 - ntpdate not invoked when supplying the -x option
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
dff68ba8482fdd88684731e41e74dde1 ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
i386:
aa4a319b232a09042e240c79f1dbb8b9 ntp-4.2.0.a.20040617-4.EL4.1.i386.rpm
d09b18e7e38dab6d7bc84a90030a60a2 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.i386.rpm
ia64:
76ef9ac685f13b5481ef4db219141c5d ntp-4.2.0.a.20040617-4.EL4.1.ia64.rpm
143e832e4208863a62cac77378ed991c ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.ia64.rpm
ppc:
7ec8d69a2dc475c766672c6c1bc021f0 ntp-4.2.0.a.20040617-4.EL4.1.ppc.rpm
fdbba961648d4583e3d1992bf5d0f1a3 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.ppc.rpm
s390:
bf8c2f2493a1f5159defa9f4031a5932 ntp-4.2.0.a.20040617-4.EL4.1.s390.rpm
af5c21cc6f67a50ae239412faddab1b5 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.s390.rpm
s390x:
002a6130739bd420e49387531339197c ntp-4.2.0.a.20040617-4.EL4.1.s390x.rpm
1a3ae9557dea58b9bfd736c268bb7f31 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.s390x.rpm
x86_64:
b8dba251850ba2ae65cd0a26f3c30513 ntp-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
0f466011249fa7f443e940d51adc9769 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
dff68ba8482fdd88684731e41e74dde1 ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
i386:
aa4a319b232a09042e240c79f1dbb8b9 ntp-4.2.0.a.20040617-4.EL4.1.i386.rpm
d09b18e7e38dab6d7bc84a90030a60a2 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.i386.rpm
x86_64:
b8dba251850ba2ae65cd0a26f3c30513 ntp-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
0f466011249fa7f443e940d51adc9769 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
dff68ba8482fdd88684731e41e74dde1 ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
i386:
aa4a319b232a09042e240c79f1dbb8b9 ntp-4.2.0.a.20040617-4.EL4.1.i386.rpm
d09b18e7e38dab6d7bc84a90030a60a2 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.i386.rpm
ia64:
76ef9ac685f13b5481ef4db219141c5d ntp-4.2.0.a.20040617-4.EL4.1.ia64.rpm
143e832e4208863a62cac77378ed991c ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.ia64.rpm
x86_64:
b8dba251850ba2ae65cd0a26f3c30513 ntp-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
0f466011249fa7f443e940d51adc9769 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
dff68ba8482fdd88684731e41e74dde1 ntp-4.2.0.a.20040617-4.EL4.1.src.rpm
i386:
aa4a319b232a09042e240c79f1dbb8b9 ntp-4.2.0.a.20040617-4.EL4.1.i386.rpm
d09b18e7e38dab6d7bc84a90030a60a2 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.i386.rpm
ia64:
76ef9ac685f13b5481ef4db219141c5d ntp-4.2.0.a.20040617-4.EL4.1.ia64.rpm
143e832e4208863a62cac77378ed991c ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.ia64.rpm
x86_64:
b8dba251850ba2ae65cd0a26f3c30513 ntp-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
0f466011249fa7f443e940d51adc9769 ntp-debuginfo-4.2.0.a.20040617-4.EL4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2496
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFE26ZyXlSAg2UNWIIRArtqAKCKPuFYXl8DqUa8wyRdtouN1AeCegCgrZQF
d0Eo/z2tNwHREQUva5HnO8Y=
=4ySU
- -----END PGP SIGNATURE-----
3.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 4
Advisory ID: RHSA-2006:0575-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0575.html
Issue date: 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
Keywords: nahant kernel update
Obsoletes: RHSA-2006:0574
CVE Names: CVE-2005-3055 CVE-2005-3623 CVE-2006-0038
CVE-2006-0456 CVE-2006-0457 CVE-2006-0742
CVE-2006-1052 CVE-2006-1056 CVE-2006-1242
CVE-2006-1343 CVE-2006-1857 CVE-2006-2275
CVE-2006-2446 CVE-2006-2448 CVE-2006-2934
- - ---------------------------------------------------------------------
1. Summary:
Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Linux kernel handles the basic functions of the operating system.
This is the fourth regular update to Red Hat Enterprise Linux 4.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Problem description:
New features introduced in this update include:
* Device Mapper mirroring support
* IDE diskdump support
* x86, AMD64 and Intel EM64T: Multi-core scheduler support enhancements
* Itanium: perfmon support for Montecito
* much improved support for IBM x460
* AMD PowerNow! patches to support Opteron Rev G
* Vmalloc support > 64MB
The following device drivers have been upgraded to new versions:
ipmi: 33.11 to 33.13
ib_mthca: 0.06 to 0.08
bnx2: 1.4.30 to 1.4.38
bonding: 2.6.1 to 2.6.3
e100: 3.4.8-k2-NAPI to 3.5.10-k2-NAPI
e1000: 6.1.16-k3-NAPI to 7.0.33-k2-NAPI
sky2: 0.13 to 1.1
tg3: 3.43-rh to 3.52-rh
ipw2100: 1.1.0 to git-1.1.4
ipw2200: 1.0.0 to git-1.0.10
3w-9xxx: 2.26.02.001 to 2.26.04.010
ips: 7.10.18 to 7.12.02
iscsi_sfnet: 4:0.1.11-2 to 4:0.1.11-3
lpfc: 0:8.0.16.18 to 0:8.0.16.27
megaraid_sas: 00.00.02.00 to 00.00.02.03-RH1
qla2xxx: 8.01.02-d4 to 8.01.04-d7
qla6312: 8.01.02-d4 to 8.01.04-d7
sata_promise: 1.03 to 1.04
sata_vsc: 1.1 to 1.2
ibmvscsic: 1.5.5 to 1.5.6
ipr: 2.0.11.1 to 2.0.11.2
Added drivers:
dcdbas: 5.6.0-2
sata_mv: 0.6
sata_qstor: 0.05
sata_uli: 0.5
skge: 1.1
stex: 2.9.0.13
pdc_adma: 0.03
This update includes fixes for the security issues:
* a flaw in the USB devio handling of device removal that allowed a
local user to cause a denial of service (crash) (CVE-2005-3055,
moderate)
* a flaw in the ACL handling of nfsd that allowed a remote user to
bypass ACLs for readonly mounted NFS file systems (CVE-2005-3623,
moderate)
* a flaw in the netfilter handling that allowed a local user with
CAP_NET_ADMIN rights to cause a buffer overflow (CVE-2006-0038, low)
* a flaw in the IBM S/390 and IBM zSeries strnlen_user() function that
allowed a local user to cause a denial of service (crash) or to retrieve
random kernel data (CVE-2006-0456, important)
* a flaw in the keyctl functions that allowed a local user to cause a
denial of service (crash) or to read sensitive kernel memory
(CVE-2006-0457, important)
* a flaw in unaligned accesses handling on Itanium processors that
allowed a local user to cause a denial of service (crash)
(CVE-2006-0742, important)
* a flaw in SELinux ptrace logic that allowed a local user with ptrace
permissions to change the tracer SID to a SID of another process
(CVE-2006-1052, moderate)
* an info leak on AMD-based x86 and x86_64 systems that allowed a local
user to retrieve the floating point exception state of a process run by a
different user (CVE-2006-1056, important)
* a flaw in IPv4 packet output handling that allowed a remote user to
bypass the zero IP ID countermeasure on systems with a disabled firewall
(CVE-2006-1242, low)
* a minor info leak in socket option handling in the network code
(CVE-2006-1343, low)
* a flaw in the HB-ACK chunk handling of SCTP that allowed a remote user to
cause a denial of service (crash) (CVE-2006-1857, moderate)
* a flaw in the SCTP implementation that allowed a remote user to cause a
denial of service (deadlock) (CVE-2006-2275, moderate)
* a flaw in the socket buffer handling that allowed a remote user to cause
a denial of service (panic) (CVE-2006-2446, important)
* a flaw in the signal handling access checking on PowerPC that allowed a
local user to cause a denial of service (crash) or read arbitrary kernel
memory on 64-bit systems (CVE-2006-2448, important)
* a flaw in the netfilter SCTP module when receiving a chunkless packet
that allowed a remote user to cause a denial of service (crash)
(CVE-2006-2934, important)
There were several bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement
in the reliability and scalability of Red Hat Enterprise Linux 4.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
141342 - install hangs on Dell PowerVault 745 with SATA drives (sata_vsc module)
149933 - fix missing wakeup in ipc/sem
151981 - udevd fails to create /dev files after misc_register
154984 - Sound Blaster Audigy 2 Value audio does not work
155926 - [RHEL4-U2][Diskdump] OS_INIT dump function is broken
156145 - kernel may oops if more than 4k worth of string data returned in /proc/devices
156663 - Can't install from SATA CD/DVD drive
157404 - Loss of SATA ICH device hangs RAID1
157902 - [PATCH] ata_piix fails on some ICH7 hardware
158989 - snd-nm256 module hangs Dell Latitude CSx
165113 - kernel build broken when 4KSTACKS disabled
165245 - EHCI Host driver violates USB2.0 Specification leading to device failures
166541 - mdadm --grow infinite resync
168285 - No (useful) logging of parameters to execve
169260 - CVE-2005-3055 async usb devio oops
169456 - COMM_LOST problem with SCTP stream socket
169600 - SMP kernel crash when use as LVS router
170143 - rm command hangs when removing a symlink on ext2 loop filesystem
170434 - Deadlock in fc_target_unblock while shutting down the system
171304 - sata_promise: missing PCI ID for SATA300 TX4
171645 - Oops kernel NULL pointer
171740 - ipw2100 modules crashes and restarts whenever in use
172199 - Spurious keyboard repeats and clock is fast
172696 - kernel panic after a few hours/days of operation with pulse
173193 - vmalloc limited to 64Mb
173489 - kernel panics when rebooting
173843 - Kernel panic with this comment: <4>VFS: Busy inodes after unmount. Self-destruct in 5 seconds. Have a nice day...
173895 - Kernel panic on install on 64BG EM64T
174019 - TG3 driver crashes with BCM4704C chipset with heavy traffic
174155 - Documentation mismatch
174470 - RFE: tg3 support for Broadcom 5751 PCIe
174639 - System hangs with kernel panic when using current 3ware drivers
174671 - [PATCH] bonding: don't drop non-VLAN traffic
175616 - [RHEL 4 U2] kernel panic on EM64T with long cmdline args
175763 - misleading overcommit_memory reference in Documentation/filesystems/proc.txt
175778 - Accessing automounted directories can cause a process to hang forever
175854 - [RHEL4-U3] Checking dump partition fails when a swap partition whose size is less than memory size is configured for diskdump.
176107 - sata-nv crashes on multiple SATA disks
176173 - The hash.h hash_long function, when used on a 64 bit machine, ignores many of the middle-order bits.
176361 - io_setup() fails for 32bit tasks in x86-64
176601 - Oprofile unsupported recent Pentium4
176612 - xw6400 System panic while installing RHEL4-U3
177439 - SELinux MLS compatibility
177509 - No i915 DRM module
178084 - Last AIO read of a file opened with O_DIRECT returns wrong length
178720 - O_DIRECT bug when reading last block of sparse file
178845 - RHEL4u4 FEAT: Provide support for Opteron Rev G and Power Now! clean-up
179206 - Please backport the sata_mv Marvell MV88SX5081 driver?
179334 - kernel boot can Oops in work queue code when console blanks
179752 - Request to update lpfc driver in RHEL 4 U4
180028 - deadlocks on ext2,sync mounted fs
180138 - kmir_mon worker thread doesn't exit
180195 - aic7xxx and aic79xx Drivers Don't Support 16-byte CDBs
180568 - typo in spinlock.h? line 407
180621 - ipv6 ready logo-P1 ND Test24 fails- RA Lifetime=5 not understood
180958 - [RHEL4] MCE arg parsing broken on x86-64
181457 - Console redirection on DRAC 3 results in repeated key strokes (P1)
181475 - lpfc driver: add managment ioctl module to kernel tree
181780 - Gettimeofday() timer related slowdown and scaling issue
181793 - add MCP51/ NVidia 430 IDE support
181869 - Error given when duplicate non-updateable key (eg: keyring) added
181870 - Key quota handling incorrect in allocation
181879 - CVE-2006-0457 Key syscalls use get length of strings before copying, and assume terminating NUL copied from userspace
181881 - CVE-2006-0456 s390/s390x strnlen_user() is broken
182137 - NFS lockd recovery is broken in U3 due to missing code.
182684 - [EMC/Oracle RHEL 4.4] ISCSI MODULE SHOWS MULTIPLE DEVICES FOR A SINGLE LUN IN RHEL 4.0 U2
182726 - Possible hang when ptracing and using hugepages
183392 - [RHEL4] [RFE] Add diskdump capability to IDE
183416 - DoS attack possible via nfsservctl
183463 - CVE-2006-0742 Bug in IA64 unaligned access handler causes kernel panic
183661 - ramfs: update dir mtime and ctime
183664 - dm: make sure don't give out the same minor number twice
184208 - Large LUNS can't be seen with Hitachi Open- SAN
184254 - PCI interrupts on ioapic pins 0-15 always get "legacy" IRQs.
184535 - [BETA RHEL4 U3] brokenness in cfq_dispatch_requests
184583 - Kernel should export number and state of local APICs
185043 - CVE-2005-3623 ACL setting on read-only fs
185289 - CVE-2006-1052 SELinux flaw
185431 - kernel dm: bad argument count check in dm-log.c
185444 - kernel dm: missing bdput
185445 - kernel dm: fix free_dev del_gendisk
185447 - kernel dm: flush queued bios if suspend is interrupted
185450 - kernel dm: log bitset fix BE find_next_zero_bit
185454 - kernel device-mapper mirroring: table output incorrect
185455 - kernel dm snapshots: replace siblings list
185456 - kernel dm mirroring: suspend operation is not well behaved
185459 - kernel dm snapshots: fix invalidation
185468 - kernel dm: striped access beyond end of device
185754 - [RHEL4 U3] kernel dm mirror: unrelated mirror devices stall if any log device fails
185782 - [RHEL4 U3] device-mapper mirror: Data corruption if the default mirror fails during recovery.
185785 - [RHEL4 U3] device-mapper mirror: Data corruption by temporal errors during recovery.
185991 - kernel dm: bio split bvec fix
186004 - [RHEL4 U3] device-mapper mirror: Write failure region becomes in-sync when suspension.
186057 - CVE-2006-1242 Linux zero IP ID vulnerability?
186066 - Connectathon tests fail against newer Irix server
186071 - NFSD fails SETCLIENTID_CONFIRM
186104 - kernel dm mirror: lvs Copy% overs 100% by lvreduce/lvresize.
186242 - CVE-2006-1343 Small information leak in SO_ORIGINAL_DST
186295 - CVE-2006-0038 netfilters do_replace() overflow
186316 - nvidia cache aliasing problem: change_page_attr drops GLOBAL bit from executable kernel pages
186564 - ACPI 2.0 systems with no XSDT fail to boot
186751 - kernel problem to deal with 3ware 9500SX-12 RAID cards
187249 - [RHEL4 U3] dm-mirror: read stalls if all mirrors failed
187494 - CVE-2006-2275 SCTP traffic probably never resumes
187498 - diskdump_sysfs_store() needs to check sscanf retval
187500 - diskdump_sysfs_store() should check partition number
187501 - device_to_gendisk() is lacking mntput(nd.mnt) on exit
187502 - diskdump - device_to_gendisk() is both racy
187910 - CVE-2006-1056 FPU Information leak on i386/x86-64 on AMD CPUs
187951 - Replication failover fails if the NFS permissions are incorrect on one of the servers...
188080 - kernel dm snapshots: Incorrect processing of incorrect chunk size
188141 - Kernel appears too conservative in memory use
188296 - tlb_clear_slave races with tlb_choose_channel
188912 - Update Qlogic qla2xxx driver in RHEL 4 U4
189127 - Trouble with recent module - one packet is seen more than one time
189198 - VLAN not working on initial startup
189279 - [Stratus RHEL4 U4 bug] unchecked error path in usb_alloc_dev can lead to an Oops.
189390 - RHEL4-U3: openipmi: startup race condition
189392 - Submit Promise RHEL4 driver in-box to RHEL4 CD
189393 - Submit Promise RHEL4 driver in-box to RHEL4 CD
189397 - Submit Promise RHEL4 driver in-box to RHEL4 CD
189797 - dm: Fix mapped device references
190576 - REGRESSION: kabi breakage on ia64_mv
191138 - CVE-2006-0742 Bug in IA64 unaligned access handler causes kernel panic
191139 - installer does not see SATA HDs attached to JMB360 chipset which in legacy mode
191141 - MCE arg parsing broken on x86-64
191723 - device-mapper mirror: Need proper notification of sync status chage on write failure
191847 - REGRESSION: kernel-2.6.9.36 does not boot on ALTIX systems
192098 - Fix problems with MSI-X on 64-bit platforms
192635 - CVE-2006-1857 SCTP HB-ACK chunk overflow
192779 - CVE-2006-2446 LTC20512-kernel BUG in __kfree_skb while running TCP+Kernel stress
193230 - RFE: add pci ids for atiixp
193696 - Not using all available system memory - swapping too aggressive - high load average (iowait)
193728 - A write to a cluster mirror volume not in sync will hang and also cause the sync to hang as well
193838 - gettimeofday goes backwards on IBM x460 merged servers
194215 - CVE-2006-2448 missing access_ok checks in powerpc signal*.c
194533 - veritas storage foundation 32bit apps crash in glibc during post-process installation
195002 - RHEL4 U4 i386 partner beta will not install on ES7000/one
195254 - HP xw9400 network card not getting seen
195502 - Regression: cluster mirror creation cmd hangs even though mirror gets created
196512 - VLANs, tg3 driver, and 2.6.9-34.EL kernel update
196712 - O=/objdir builds fail for out-of-tree builds with 2.6.9-39.4
197387 - CVE-2006-2934 SCTP netfilter DoS with chunkless packets
198321 - kernel freeze at "kernel BUG at kernel/timer.c:420!"
198892 - kernel deadlock on reading /proc/meminfo on 4 CPU's at the same time
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-42.EL.src.rpm
11a024e010dc8f2e3dbec9f816c8fec5 kernel-2.6.9-42.EL.src.rpm
i386:
cba4519a04c6271eafa1ffd5df0708b8 kernel-2.6.9-42.EL.i686.rpm
86bfc2516a07531d321d5f3bf819a67e kernel-debuginfo-2.6.9-42.EL.i686.rpm
5a96a68e49041a8e142a047c7d52d744 kernel-devel-2.6.9-42.EL.i686.rpm
47517050f412936223b130719ae9c7b5 kernel-hugemem-2.6.9-42.EL.i686.rpm
a77cef2d88c5df96f26812e9eb66ab95 kernel-hugemem-devel-2.6.9-42.EL.i686.rpm
95cc28bb2c8012a19e1ec8c1f8a1eb1d kernel-smp-2.6.9-42.EL.i686.rpm
896615edeb7d593bf330888da95b8315 kernel-smp-devel-2.6.9-42.EL.i686.rpm
ia64:
3315efa6779b1d00f227adb085a40e15 kernel-2.6.9-42.EL.ia64.rpm
6d49881cf7c5fc87abd1b224a53dd7c9 kernel-debuginfo-2.6.9-42.EL.ia64.rpm
bb991f581fc4e61757717c64b7c54bf5 kernel-devel-2.6.9-42.EL.ia64.rpm
9638115a8925655c5f72499d4cf34adf kernel-largesmp-2.6.9-42.EL.ia64.rpm
f0f98d3d2d789d3ed98219dcf7567de4 kernel-largesmp-devel-2.6.9-42.EL.ia64.rpm
noarch:
35877d309fcc505f606398f10de3594c kernel-doc-2.6.9-42.EL.noarch.rpm
ppc:
d7cb2ee73437c698a1f314f429e0da17 kernel-2.6.9-42.EL.ppc64.rpm
41d0dbfc97d8f31d9b331311fce2e501 kernel-2.6.9-42.EL.ppc64iseries.rpm
2cae20f796673bbd838e6d2d16833c93 kernel-debuginfo-2.6.9-42.EL.ppc64.rpm
5cb483bf9668209f65ca46c00f503cd6 kernel-debuginfo-2.6.9-42.EL.ppc64iseries.rpm
05ee813e788213f4284fa8314c53e255 kernel-devel-2.6.9-42.EL.ppc64.rpm
b14cf9cd736dbff98fc96afa96bde9eb kernel-devel-2.6.9-42.EL.ppc64iseries.rpm
afbaacfef8016ef3de821df78fb35c29 kernel-largesmp-2.6.9-42.EL.ppc64.rpm
7a49c313c8c49af72245ae539296310f kernel-largesmp-devel-2.6.9-42.EL.ppc64.rpm
s390:
3be376e40170c59099bcac60ae72b230 kernel-2.6.9-42.EL.s390.rpm
a6cb721a60628aad7e1ebb84615e1f0a kernel-debuginfo-2.6.9-42.EL.s390.rpm
d1b563a510c61c9831f6ad58770d3dc3 kernel-devel-2.6.9-42.EL.s390.rpm
s390x:
9a28d8c9f1c17c49971e530b12c2cf52 kernel-2.6.9-42.EL.s390x.rpm
c3ce451e9ea457f9292b5f3c42a9e5cd kernel-debuginfo-2.6.9-42.EL.s390x.rpm
f332531af396a8e88cd0365214098ab6 kernel-devel-2.6.9-42.EL.s390x.rpm
x86_64:
d9c9139f0fc50387bc687c2ce91be404 kernel-2.6.9-42.EL.x86_64.rpm
0ea6b69c6ee7a24db7f45907bb9e2392 kernel-debuginfo-2.6.9-42.EL.x86_64.rpm
ea60a89f3b08289381e8be6e6213f6a0 kernel-devel-2.6.9-42.EL.x86_64.rpm
76868583b4666bfdfd3187f4522be573 kernel-largesmp-2.6.9-42.EL.x86_64.rpm
1bc693d3e3e3f304507cab6c8a498a4d kernel-largesmp-devel-2.6.9-42.EL.x86_64.rpm
ef31d24cf073aeda4a90094f60641bb6 kernel-smp-2.6.9-42.EL.x86_64.rpm
b64aaf4baec4373bde909251bd7924c9 kernel-smp-devel-2.6.9-42.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-42.EL.src.rpm
11a024e010dc8f2e3dbec9f816c8fec5 kernel-2.6.9-42.EL.src.rpm
i386:
cba4519a04c6271eafa1ffd5df0708b8 kernel-2.6.9-42.EL.i686.rpm
86bfc2516a07531d321d5f3bf819a67e kernel-debuginfo-2.6.9-42.EL.i686.rpm
5a96a68e49041a8e142a047c7d52d744 kernel-devel-2.6.9-42.EL.i686.rpm
47517050f412936223b130719ae9c7b5 kernel-hugemem-2.6.9-42.EL.i686.rpm
a77cef2d88c5df96f26812e9eb66ab95 kernel-hugemem-devel-2.6.9-42.EL.i686.rpm
95cc28bb2c8012a19e1ec8c1f8a1eb1d kernel-smp-2.6.9-42.EL.i686.rpm
896615edeb7d593bf330888da95b8315 kernel-smp-devel-2.6.9-42.EL.i686.rpm
noarch:
35877d309fcc505f606398f10de3594c kernel-doc-2.6.9-42.EL.noarch.rpm
x86_64:
d9c9139f0fc50387bc687c2ce91be404 kernel-2.6.9-42.EL.x86_64.rpm
0ea6b69c6ee7a24db7f45907bb9e2392 kernel-debuginfo-2.6.9-42.EL.x86_64.rpm
ea60a89f3b08289381e8be6e6213f6a0 kernel-devel-2.6.9-42.EL.x86_64.rpm
76868583b4666bfdfd3187f4522be573 kernel-largesmp-2.6.9-42.EL.x86_64.rpm
1bc693d3e3e3f304507cab6c8a498a4d kernel-largesmp-devel-2.6.9-42.EL.x86_64.rpm
ef31d24cf073aeda4a90094f60641bb6 kernel-smp-2.6.9-42.EL.x86_64.rpm
b64aaf4baec4373bde909251bd7924c9 kernel-smp-devel-2.6.9-42.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-42.EL.src.rpm
11a024e010dc8f2e3dbec9f816c8fec5 kernel-2.6.9-42.EL.src.rpm
i386:
cba4519a04c6271eafa1ffd5df0708b8 kernel-2.6.9-42.EL.i686.rpm
86bfc2516a07531d321d5f3bf819a67e kernel-debuginfo-2.6.9-42.EL.i686.rpm
5a96a68e49041a8e142a047c7d52d744 kernel-devel-2.6.9-42.EL.i686.rpm
47517050f412936223b130719ae9c7b5 kernel-hugemem-2.6.9-42.EL.i686.rpm
a77cef2d88c5df96f26812e9eb66ab95 kernel-hugemem-devel-2.6.9-42.EL.i686.rpm
95cc28bb2c8012a19e1ec8c1f8a1eb1d kernel-smp-2.6.9-42.EL.i686.rpm
896615edeb7d593bf330888da95b8315 kernel-smp-devel-2.6.9-42.EL.i686.rpm
ia64:
3315efa6779b1d00f227adb085a40e15 kernel-2.6.9-42.EL.ia64.rpm
6d49881cf7c5fc87abd1b224a53dd7c9 kernel-debuginfo-2.6.9-42.EL.ia64.rpm
bb991f581fc4e61757717c64b7c54bf5 kernel-devel-2.6.9-42.EL.ia64.rpm
9638115a8925655c5f72499d4cf34adf kernel-largesmp-2.6.9-42.EL.ia64.rpm
f0f98d3d2d789d3ed98219dcf7567de4 kernel-largesmp-devel-2.6.9-42.EL.ia64.rpm
noarch:
35877d309fcc505f606398f10de3594c kernel-doc-2.6.9-42.EL.noarch.rpm
x86_64:
d9c9139f0fc50387bc687c2ce91be404 kernel-2.6.9-42.EL.x86_64.rpm
0ea6b69c6ee7a24db7f45907bb9e2392 kernel-debuginfo-2.6.9-42.EL.x86_64.rpm
ea60a89f3b08289381e8be6e6213f6a0 kernel-devel-2.6.9-42.EL.x86_64.rpm
76868583b4666bfdfd3187f4522be573 kernel-largesmp-2.6.9-42.EL.x86_64.rpm
1bc693d3e3e3f304507cab6c8a498a4d kernel-largesmp-devel-2.6.9-42.EL.x86_64.rpm
ef31d24cf073aeda4a90094f60641bb6 kernel-smp-2.6.9-42.EL.x86_64.rpm
b64aaf4baec4373bde909251bd7924c9 kernel-smp-devel-2.6.9-42.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-42.EL.src.rpm
11a024e010dc8f2e3dbec9f816c8fec5 kernel-2.6.9-42.EL.src.rpm
i386:
cba4519a04c6271eafa1ffd5df0708b8 kernel-2.6.9-42.EL.i686.rpm
86bfc2516a07531d321d5f3bf819a67e kernel-debuginfo-2.6.9-42.EL.i686.rpm
5a96a68e49041a8e142a047c7d52d744 kernel-devel-2.6.9-42.EL.i686.rpm
47517050f412936223b130719ae9c7b5 kernel-hugemem-2.6.9-42.EL.i686.rpm
a77cef2d88c5df96f26812e9eb66ab95 kernel-hugemem-devel-2.6.9-42.EL.i686.rpm
95cc28bb2c8012a19e1ec8c1f8a1eb1d kernel-smp-2.6.9-42.EL.i686.rpm
896615edeb7d593bf330888da95b8315 kernel-smp-devel-2.6.9-42.EL.i686.rpm
ia64:
3315efa6779b1d00f227adb085a40e15 kernel-2.6.9-42.EL.ia64.rpm
6d49881cf7c5fc87abd1b224a53dd7c9 kernel-debuginfo-2.6.9-42.EL.ia64.rpm
bb991f581fc4e61757717c64b7c54bf5 kernel-devel-2.6.9-42.EL.ia64.rpm
9638115a8925655c5f72499d4cf34adf kernel-largesmp-2.6.9-42.EL.ia64.rpm
f0f98d3d2d789d3ed98219dcf7567de4 kernel-largesmp-devel-2.6.9-42.EL.ia64.rpm
noarch:
35877d309fcc505f606398f10de3594c kernel-doc-2.6.9-42.EL.noarch.rpm
x86_64:
d9c9139f0fc50387bc687c2ce91be404 kernel-2.6.9-42.EL.x86_64.rpm
0ea6b69c6ee7a24db7f45907bb9e2392 kernel-debuginfo-2.6.9-42.EL.x86_64.rpm
ea60a89f3b08289381e8be6e6213f6a0 kernel-devel-2.6.9-42.EL.x86_64.rpm
76868583b4666bfdfd3187f4522be573 kernel-largesmp-2.6.9-42.EL.x86_64.rpm
1bc693d3e3e3f304507cab6c8a498a4d kernel-largesmp-devel-2.6.9-42.EL.x86_64.rpm
ef31d24cf073aeda4a90094f60641bb6 kernel-smp-2.6.9-42.EL.x86_64.rpm
b64aaf4baec4373bde909251bd7924c9 kernel-smp-devel-2.6.9-42.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2934
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFE26aaXlSAg2UNWIIRAtE0AKDCLvYec0x51zafW1pyhXsrVDCjrgCgu6nQ
5hg6hgm2QMMDBkkmHO9xu6o=
=8wvV
- -----END PGP SIGNATURE-----
4.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Low: kdebase security fix
Advisory ID: RHSA-2006:0582-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0582.html
Issue date: 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2494
- - ---------------------------------------------------------------------
1. Summary:
Updated kdebase packages that resolve several bugs are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.
Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)
The following bugs have also been addressed:
- - - kstart --tosystray does not send the window to the system tray in Kicker
- - - When the customer enters or selects URLs in Firefox's address field, the
desktop freezes for a couple of seconds
- - - fish kioslave is broken on 64-bit systems
All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
166995 - CVE-2005-2494 kcheckpass privilege escalation
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
ppc:
0e13fd2c7d50c005c01b777256361e97 kdebase-3.3.1-5.13.ppc.rpm
33fdc248c7e8f284eee9df46c6fd074f kdebase-3.3.1-5.13.ppc64.rpm
490924ff9919c2e0e48a00980b80de3b kdebase-debuginfo-3.3.1-5.13.ppc.rpm
0acaf800331abdbad452afd455474f6f kdebase-debuginfo-3.3.1-5.13.ppc64.rpm
73e9a088e803778702ccd92bf579933c kdebase-devel-3.3.1-5.13.ppc.rpm
s390:
a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm
52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm
4200af840ddda1504e5fe28dbd721a9a kdebase-devel-3.3.1-5.13.s390.rpm
s390x:
a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm
dfe54aae8c9b764927f1f3de7be19519 kdebase-3.3.1-5.13.s390x.rpm
52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm
8b046a450015d422e732374230e616e1 kdebase-debuginfo-3.3.1-5.13.s390x.rpm
075565f82bdd59bb2ff7082f4abf9b81 kdebase-devel-3.3.1-5.13.s390x.rpm
x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2494
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFE26a2XlSAg2UNWIIRAm8mAJ4w3B98u0VPM1C/K2HMb3v42zvd/QCgiUGu
x/+89CBSpBUprzB4zIwyxNA=
=S1gt
- -----END PGP SIGNATURE-----
5.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: perl security update
Advisory ID: RHSA-2006:0605-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0605.html
Issue date: 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3813
- - ---------------------------------------------------------------------
1. Summary:
Updated Perl packages that fix security a security issue are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which
can cause debugging information to be logged to arbitrary files. By setting
an environment variable, a local user could cause sperl to create, as root,
files with arbitrary filenames, or append the debugging information to
existing files. (CVE-2005-0155)
A fix for this issue was first included in the update RHSA-2005:103
released in February 2005. However the patch to correct this issue was
dropped from the update RHSA-2005:674 made in October 2005. This
regression has been assigned CVE-2006-3813.
Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-36.RHEL4.src.rpm
1a1cb67f57489eeec48c476419abe21b perl-5.8.5-36.RHEL4.src.rpm
i386:
4060aca3f76d65d59d7c7d00bd53b70e perl-5.8.5-36.RHEL4.i386.rpm
c6997488ac05ee1a03ffee1caca35a65 perl-debuginfo-5.8.5-36.RHEL4.i386.rpm
edb22fcfe455c21bfd272c74e9ce6837 perl-suidperl-5.8.5-36.RHEL4.i386.rpm
ia64:
cd08f7b4cb850213d2757bfada9dd956 perl-5.8.5-36.RHEL4.ia64.rpm
28edd44703901cc219c0d74938d2b5a7 perl-debuginfo-5.8.5-36.RHEL4.ia64.rpm
35b7ff4152135396feb0b0083831247b perl-suidperl-5.8.5-36.RHEL4.ia64.rpm
ppc:
a77b3207552f5e625f329b61e09577b5 perl-5.8.5-36.RHEL4.ppc.rpm
9e819e0cdbb412ea396b320ce28270db perl-debuginfo-5.8.5-36.RHEL4.ppc.rpm
458cf86bb3db0da22ae6378485deffac perl-suidperl-5.8.5-36.RHEL4.ppc.rpm
s390:
519fc6b7fd84a91a472a670727c55de3 perl-5.8.5-36.RHEL4.s390.rpm
1b993ae54688004ee4dc187bf2fc9e70 perl-debuginfo-5.8.5-36.RHEL4.s390.rpm
b5dc4f4882b412b6260f24ab2b85fdda perl-suidperl-5.8.5-36.RHEL4.s390.rpm
s390x:
95fefe02a5cea938b95be2b995ae8833 perl-5.8.5-36.RHEL4.s390x.rpm
0fc353a5d0fb16e50504d69fad0b950c perl-debuginfo-5.8.5-36.RHEL4.s390x.rpm
b146373683877b421333b4edd3e2c1ff perl-suidperl-5.8.5-36.RHEL4.s390x.rpm
x86_64:
a2bb0ab0ff5319f5253a84b6d57147de perl-5.8.5-36.RHEL4.x86_64.rpm
56796ec1f6f34b37dc326368a87f3f83 perl-debuginfo-5.8.5-36.RHEL4.x86_64.rpm
ef416fbb8cce60759907f36625f22bd7 perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-36.RHEL4.src.rpm
1a1cb67f57489eeec48c476419abe21b perl-5.8.5-36.RHEL4.src.rpm
i386:
4060aca3f76d65d59d7c7d00bd53b70e perl-5.8.5-36.RHEL4.i386.rpm
c6997488ac05ee1a03ffee1caca35a65 perl-debuginfo-5.8.5-36.RHEL4.i386.rpm
edb22fcfe455c21bfd272c74e9ce6837 perl-suidperl-5.8.5-36.RHEL4.i386.rpm
x86_64:
a2bb0ab0ff5319f5253a84b6d57147de perl-5.8.5-36.RHEL4.x86_64.rpm
56796ec1f6f34b37dc326368a87f3f83 perl-debuginfo-5.8.5-36.RHEL4.x86_64.rpm
ef416fbb8cce60759907f36625f22bd7 perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-36.RHEL4.src.rpm
1a1cb67f57489eeec48c476419abe21b perl-5.8.5-36.RHEL4.src.rpm
i386:
4060aca3f76d65d59d7c7d00bd53b70e perl-5.8.5-36.RHEL4.i386.rpm
c6997488ac05ee1a03ffee1caca35a65 perl-debuginfo-5.8.5-36.RHEL4.i386.rpm
edb22fcfe455c21bfd272c74e9ce6837 perl-suidperl-5.8.5-36.RHEL4.i386.rpm
ia64:
cd08f7b4cb850213d2757bfada9dd956 perl-5.8.5-36.RHEL4.ia64.rpm
28edd44703901cc219c0d74938d2b5a7 perl-debuginfo-5.8.5-36.RHEL4.ia64.rpm
35b7ff4152135396feb0b0083831247b perl-suidperl-5.8.5-36.RHEL4.ia64.rpm
x86_64:
a2bb0ab0ff5319f5253a84b6d57147de perl-5.8.5-36.RHEL4.x86_64.rpm
56796ec1f6f34b37dc326368a87f3f83 perl-debuginfo-5.8.5-36.RHEL4.x86_64.rpm
ef416fbb8cce60759907f36625f22bd7 perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-36.RHEL4.src.rpm
1a1cb67f57489eeec48c476419abe21b perl-5.8.5-36.RHEL4.src.rpm
i386:
4060aca3f76d65d59d7c7d00bd53b70e perl-5.8.5-36.RHEL4.i386.rpm
c6997488ac05ee1a03ffee1caca35a65 perl-debuginfo-5.8.5-36.RHEL4.i386.rpm
edb22fcfe455c21bfd272c74e9ce6837 perl-suidperl-5.8.5-36.RHEL4.i386.rpm
ia64:
cd08f7b4cb850213d2757bfada9dd956 perl-5.8.5-36.RHEL4.ia64.rpm
28edd44703901cc219c0d74938d2b5a7 perl-debuginfo-5.8.5-36.RHEL4.ia64.rpm
35b7ff4152135396feb0b0083831247b perl-suidperl-5.8.5-36.RHEL4.ia64.rpm
x86_64:
a2bb0ab0ff5319f5253a84b6d57147de perl-5.8.5-36.RHEL4.x86_64.rpm
56796ec1f6f34b37dc326368a87f3f83 perl-debuginfo-5.8.5-36.RHEL4.x86_64.rpm
ef416fbb8cce60759907f36625f22bd7 perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3813
http://rhn.redhat.com/errata/RHSA-2005-105.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0155
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFE26bYXlSAg2UNWIIRAjztAJ4mr/MDyQzZNUCDMzz/cBq4ZOYfpwCeJgwb
rGnPNySNMgwIK8OwM4UV75k=
=Cf9L
- -----END PGP SIGNATURE-----
6.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2006:0619-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0619.html
Issue date: 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3918
- - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct security issues and resolve bugs
are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The Apache HTTP Server is a popular Web server available for free.
A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header. (CVE-2006-3918)
While a web browser cannot be forced to send an arbitrary Expect
header by a third-party attacker, it was recently discovered that
certain versions of the Flash plugin can manipulate request headers.
If users running such versions can be persuaded to load a web page
with a malicious Flash applet, a cross-site scripting attack against
the server may be possible.
On Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in
the handling of malformed Expect headers, the page produced by the
cross-site scripting attack will only be returned after a timeout expires
(2-5 minutes by default) if not first canceled by the user.
Users of httpd should update to these erratum packages, which contain a
backported patch to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
200732 - CVE-2006-3918 Expect header XSS
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm
i386:
d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm
ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8 httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5 httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2 httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39 mod_ssl-2.0.46-61.ent.ia64.rpm
ppc:
54e916bfdc60fdd36ff8e924f18fa165 httpd-2.0.46-61.ent.ppc.rpm
59e5b716afb5cc4968c445d4114b18e0 httpd-debuginfo-2.0.46-61.ent.ppc.rpm
acaaf4cbdca1df0cd1e781af286c8758 httpd-devel-2.0.46-61.ent.ppc.rpm
076c66ddc29fc5d97fc9b33f744dda30 mod_ssl-2.0.46-61.ent.ppc.rpm
s390:
631fd6776f5930a1a5346ef7b651a596 httpd-2.0.46-61.ent.s390.rpm
c92b39cea6574b088d879f17406e1f1e httpd-debuginfo-2.0.46-61.ent.s390.rpm
d547adbcdb6e9b7c3971db416196eb24 httpd-devel-2.0.46-61.ent.s390.rpm
7bb49ad738ca9fd78ee1fcaaf6fa85e9 mod_ssl-2.0.46-61.ent.s390.rpm
s390x:
88820ef80fc2f013716483ed9cc24618 httpd-2.0.46-61.ent.s390x.rpm
b5da9fe9b0a72da25644623099c97d54 httpd-debuginfo-2.0.46-61.ent.s390x.rpm
9f02adf3a99778f31bdcc5e83c552ccf httpd-devel-2.0.46-61.ent.s390x.rpm
6f9e00153fb16ca4d84ca25edc8b369d mod_ssl-2.0.46-61.ent.s390x.rpm
x86_64:
a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm
i386:
d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm
x86_64:
a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm
i386:
d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm
ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8 httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5 httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2 httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39 mod_ssl-2.0.46-61.ent.ia64.rpm
x86_64:
a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-61.ent.src.rpm
04cf2be7ea48113d24aad1d32b36ad0b httpd-2.0.46-61.ent.src.rpm
i386:
d9bb6b02095ee31f3779a41ccf37e889 httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5 httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87 httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5 mod_ssl-2.0.46-61.ent.i386.rpm
ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8 httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5 httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2 httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39 mod_ssl-2.0.46-61.ent.ia64.rpm
x86_64:
a867591bfea47c5918bb37b37fbec21a httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309 httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0 mod_ssl-2.0.46-61.ent.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm
i386:
0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm
ia64:
981d825a38f285dc367a57909ebb1bb5 httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040 httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a mod_ssl-2.0.52-28.ent.ia64.rpm
ppc:
d5f2c327364716fac423212bab0e78ae httpd-2.0.52-28.ent.ppc.rpm
22e7b339bf1bd1673ac55d5ee26a9abf httpd-debuginfo-2.0.52-28.ent.ppc.rpm
90bd7f4d121543fa18c46d5e4d061800 httpd-devel-2.0.52-28.ent.ppc.rpm
4df7750df209c840db61a391c4dc53cb httpd-manual-2.0.52-28.ent.ppc.rpm
d990a29b89b52cc4f106f71e960de2f6 httpd-suexec-2.0.52-28.ent.ppc.rpm
2e36173faaf66a60e16f4ab560943264 mod_ssl-2.0.52-28.ent.ppc.rpm
s390:
6b4eadc50cd34b89a5e552a9d837915b httpd-2.0.52-28.ent.s390.rpm
10b1258eaa72cb7d24f307f4b56587d6 httpd-debuginfo-2.0.52-28.ent.s390.rpm
c32a312d95476cb5239f09ac5640cc89 httpd-devel-2.0.52-28.ent.s390.rpm
9f2a04f98ba26be7241299f38b3bdb30 httpd-manual-2.0.52-28.ent.s390.rpm
3f69e468aa98ccb4041eb638fb4f9836 httpd-suexec-2.0.52-28.ent.s390.rpm
b1bf1d1537d3c69db0810449cd40a202 mod_ssl-2.0.52-28.ent.s390.rpm
s390x:
1ade626c844752cacd4a4e3693b89c4d httpd-2.0.52-28.ent.s390x.rpm
1b47cc782af3c9ae292070bc4153314d httpd-debuginfo-2.0.52-28.ent.s390x.rpm
0473513c742d3926e936daa1cedb01e3 httpd-devel-2.0.52-28.ent.s390x.rpm
62693d03ee562582b0e8b3338da593ff httpd-manual-2.0.52-28.ent.s390x.rpm
ce08d7a587630f3568d49a35d1aa3ad7 httpd-suexec-2.0.52-28.ent.s390x.rpm
bf53b4918b08d5efd7abaf97445821f5 mod_ssl-2.0.52-28.ent.s390x.rpm
x86_64:
5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm
i386:
0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm
x86_64:
5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm
i386:
0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm
ia64:
981d825a38f285dc367a57909ebb1bb5 httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040 httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a mod_ssl-2.0.52-28.ent.ia64.rpm
x86_64:
5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-28.ent.src.rpm
4f35d5c8dc42f7e0c8d47fbe15f80ee7 httpd-2.0.52-28.ent.src.rpm
i386:
0b30f0a89cca20b95784a39fcab65e35 httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21 httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053 httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06 mod_ssl-2.0.52-28.ent.i386.rpm
ia64:
981d825a38f285dc367a57909ebb1bb5 httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040 httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a mod_ssl-2.0.52-28.ent.ia64.rpm
x86_64:
5ea25c8a07bb0021b79d3607bebb7324 httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302 httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50 httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236 httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb mod_ssl-2.0.52-28.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFE26cHXlSAg2UNWIIRAjpYAJ0UEAHLvxemCtk3j5E1qvTK4J8yKQCdHjVw
3UtrXb7F/zzzTBDNYJfMflY=
=ZIj0
- -----END PGP SIGNATURE-----