Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Six Red Hat Security Advisories

February 2005

Six Red Hat Security Advisories

ID: 00123
Ref: 2005/106
Date: 11 February 2005:12:03:01
Version: 1
Title: Six Red Hat Security Advisories
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat


Title
=====

Six Red Hat Security Advisories:

1. RHSA-2005:136-01 - Updated mailman packages fix security vulnerability

2. RHSA-2005:009-01 - Updated kdelibs and kdebase packages correct security issues

3. RHSA-2005:104-01 - Updated mod_python package fixes security issue

4. RHSA-2005:112-01 - Updated emacs packages fix security issue

5. RHSA-2005:134-01 - Updated xemacs packages fix security issue

6. RHSA-2005:135-01 - Updated Squirrelmail package fixes security issues


Detail
======

1. Updated mailman packages that correct a mailman security issue are now available.

2. Updated kdelib and kdebase packages that resolve several security issues are now available.

3. An Updated mod_python package that fixes a security issue in the publisher handler is now available.

4. Updated Emacs packages that fix a string format issue are now available.

5. Updated XEmacs packages that fix a string format issue are now available.

6. An updated Squirrelmail package that fixes several security issues is now available for Red Hat
Enterprise Linux 3.


1.
ESB-2005.0133 -- RHSA-2005:136-01
Updated mailman packages fix security vulnerability
11 February 2005


Product: mailman
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Inappropriate Access
Cross-site Scripting
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0202

Ref: ESB-2005.0130

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-136.html

Comment: Please note that this vulnerability is being actively exploited in the
wild on multiple platforms - AusCERT recommends applying patches as
soon as possible. More information is available at:

http://www.gnu.org/software/mailman/security.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated mailman packages fix security vulnerability
Advisory ID: RHSA-2005:136-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-136.html
Issue date: 2005-02-10
Updated on: 2005-02-10
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0202
- - - ---------------------------------------------------------------------

1. Summary:

Updated mailman packages that correct a mailman security issue are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux
Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red
Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The mailman package is software to help manage email discussion lists.

A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to
arbitrary files on the server. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0202 to this issue.

Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to
this issue.

Users of mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to
your system have been applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mailman-2.0.13-7.src.rpm
260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm

i386:
cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm

ia64:
fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mailman-2.0.13-7.src.rpm
260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm

ia64:
fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mailman-2.0.13-7.src.rpm
260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm

i386:
cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm
fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm

i386:
dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm

ia64:
bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm

ppc:
65e7d8774cce2917d3fc5a0caa852e14 mailman-2.1.5-24.rhel3.ppc.rpm

s390:
46808237cd331ec20b5f5fdd6e648c32 mailman-2.1.5-24.rhel3.s390.rpm

s390x:
f71588d6b4e3d731296aad6491887e35 mailman-2.1.5-24.rhel3.s390x.rpm

x86_64:
9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm
fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm

i386:
dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm

x86_64:
9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm
fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm

i386:
dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm

ia64:
bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm

x86_64:
9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm
fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm

i386:
dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm

ia64:
bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm

x86_64:
9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202

7. Contact:

The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
__________________




2.
ESB-2005.0134 -- RHSA-2005:009-01
Updated kdelibs and kdebase packages correct security issues
11 February 2005



Product: kdelibs and kdebase
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Execute Arbitrary Code/Commands
Inappropriate Access
Provide Misleading Information
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0078 CAN-2004-1165 CAN-2004-1158

Ref: ESB-2005.0090
ESB-2005.0019
AL-2004.041

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-009.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kdelibs and kdebase packages correct security issues
Advisory ID: RHSA-2005:009-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-009.html
Issue date: 2005-02-10
Updated on: 2005-02-10
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1158 CAN-2004-1165 CAN-2005-0078
- - - ---------------------------------------------------------------------

1. Summary:

Updated kdelib and kdebase packages that resolve several security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390,
s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3
- i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment.

Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a
different browser window. The Common Vulnerabilities and Exposures project has assigned the
name CAN-2004-1158 to this issue.

A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1165 to this issue.

A bug was discovered that can crash KDE screensaver under certain local circumstances. This
could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0078 to this issue.

All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your
system have been applied. Use Red Hat Network to download and update your packages. To
launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142393 - CAN-2004-1158 Frame injection vulnerability.
139265 - KDE+Cadence bug
146760 - CAN-2004-1165 kioslave command injection
145381 - CAN-2005-0078 password bypass in kde screensaver

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm

i386:
4d38bae519a161f1452bb554fb04ba81 arts-2.2.2-15.i386.rpm 030a200855eb2be8bdc42800eeb06cef kdebase-2.2.2-15.i386.rpm 774d4f3c8b056b807279149410432482 kdebase-devel-2.2.2-15.i386.rpm bb8d504cb0c377299863c4b5a49fdeab kdelibs-2.2.2-15.i386.rpm 5cdcc1ff323a76d713de8b602a8681e5 kdelibs-devel-2.2.2-15.i386.rpm 134afda3f20237a143a48b05efa19ce3 kdelibs-sound-2.2.2-15.i386.rpm f4be4258a190a5dcf32c4c9cd338d9f9 kdelibs-sound-devel-2.2.2-15.i386.rpm

ia64:
29b839c2620301ae2abfc6f26511e64e arts-2.2.2-15.ia64.rpm aceb3a74103fd439be563eb1c5346890 kdebase-2.2.2-15.ia64.rpm 8b5de25703a71498f6ce9c316a7be391 kdebase-devel-2.2.2-15.ia64.rpm ebd5bc9dd5419cf9dc00e8c663e0b722 kdelibs-2.2.2-15.ia64.rpm 6788128e0c457af8c7531f4ad4cf0620 kdelibs-devel-2.2.2-15.ia64.rpm 0eced9a280854ff5a56cf9248778aa91 kdelibs-sound-2.2.2-15.ia64.rpm c30d0494f359483f5ea45c216a75fb83 kdelibs-sound-devel-2.2.2-15.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm

ia64:
29b839c2620301ae2abfc6f26511e64e arts-2.2.2-15.ia64.rpm aceb3a74103fd439be563eb1c5346890 kdebase-2.2.2-15.ia64.rpm 8b5de25703a71498f6ce9c316a7be391 kdebase-devel-2.2.2-15.ia64.rpm ebd5bc9dd5419cf9dc00e8c663e0b722 kdelibs-2.2.2-15.ia64.rpm 6788128e0c457af8c7531f4ad4cf0620 kdelibs-devel-2.2.2-15.ia64.rpm 0eced9a280854ff5a56cf9248778aa91 kdelibs-sound-2.2.2-15.ia64.rpm c30d0494f359483f5ea45c216a75fb83 kdelibs-sound-devel-2.2.2-15.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm

i386:
4d38bae519a161f1452bb554fb04ba81 arts-2.2.2-15.i386.rpm 030a200855eb2be8bdc42800eeb06cef kdebase-2.2.2-15.i386.rpm 774d4f3c8b056b807279149410432482 kdebase-devel-2.2.2-15.i386.rpm bb8d504cb0c377299863c4b5a49fdeab kdelibs-2.2.2-15.i386.rpm 5cdcc1ff323a76d713de8b602a8681e5 kdelibs-devel-2.2.2-15.i386.rpm 134afda3f20237a143a48b05efa19ce3 kdelibs-sound-2.2.2-15.i386.rpm f4be4258a190a5dcf32c4c9cd338d9f9 kdelibs-sound-devel-2.2.2-15.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm

i386:
4d38bae519a161f1452bb554fb04ba81 arts-2.2.2-15.i386.rpm 030a200855eb2be8bdc42800eeb06cef kdebase-2.2.2-15.i386.rpm 774d4f3c8b056b807279149410432482 kdebase-devel-2.2.2-15.i386.rpm bb8d504cb0c377299863c4b5a49fdeab kdelibs-2.2.2-15.i386.rpm 5cdcc1ff323a76d713de8b602a8681e5 kdelibs-devel-2.2.2-15.i386.rpm 134afda3f20237a143a48b05efa19ce3 kdelibs-sound-2.2.2-15.i386.rpm f4be4258a190a5dcf32c4c9cd338d9f9 kdelibs-sound-devel-2.2.2-15.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm

ia64:
3fff6529152bac165097691689afd5ae kdebase-3.1.3-5.8.ia64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm 9e9245aceb7cb8d4422f91798ee47fcf kdebase-devel-3.1.3-5.8.ia64.rpm 3ff097e232c2c1ecd0a8684c8b526581 kdelibs-3.1.3-6.9.ia64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 155776d1b23d3c1c881f805416ecc9fa kdelibs-devel-3.1.3-6.9.ia64.rpm

ppc:
0fc9e4a1708c61b2206768e1394ecebd kdebase-3.1.3-5.8.ppc.rpm 2dd6ee38cd14fa2fe23738288ccbedba kdebase-devel-3.1.3-5.8.ppc.rpm 4a16bc2c6e43daab1e89c2325524b05a kdelibs-3.1.3-6.9.ppc.rpm e502d549dfd189d1adc737ec8465b891 kdelibs-devel-3.1.3-6.9.ppc.rpm

ppc64:
72499cac48e0a01419aab74f7ede3aac kdebase-3.1.3-5.8.ppc64.rpm e90b5b1341b2b3b377ffd29ae77f851a kdelibs-3.1.3-6.9.ppc64.rpm

s390:
f0a4e0e6fdf9eee9f2825da3736a7885 kdebase-3.1.3-5.8.s390.rpm 2147f372980f4df3d112545c3de5c0a8 kdebase-devel-3.1.3-5.8.s390.rpm 3a4b1bc5571900b494af7082ab7a1a13 kdelibs-3.1.3-6.9.s390.rpm bf90245b516428c7d9ef4cf0cef37342 kdelibs-devel-3.1.3-6.9.s390.rpm

s390x:
755768f2b7ad338f8d66aaa05d66cec7 kdebase-3.1.3-5.8.s390x.rpm f0a4e0e6fdf9eee9f2825da3736a7885 kdebase-3.1.3-5.8.s390.rpm cfd77c86b6f3a565c5799b057fbb5798 kdebase-devel-3.1.3-5.8.s390x.rpm 4273cbc141a3c025b40a121a320f569e kdelibs-3.1.3-6.9.s390x.rpm 3a4b1bc5571900b494af7082ab7a1a13 kdelibs-3.1.3-6.9.s390.rpm 050516f5c80f0cc06466d8698bef3833 kdelibs-devel-3.1.3-6.9.s390x.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm

ia64:
3fff6529152bac165097691689afd5ae kdebase-3.1.3-5.8.ia64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm 9e9245aceb7cb8d4422f91798ee47fcf kdebase-devel-3.1.3-5.8.ia64.rpm 3ff097e232c2c1ecd0a8684c8b526581 kdelibs-3.1.3-6.9.ia64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 155776d1b23d3c1c881f805416ecc9fa kdelibs-devel-3.1.3-6.9.ia64.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm

ia64:
3fff6529152bac165097691689afd5ae kdebase-3.1.3-5.8.ia64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm 9e9245aceb7cb8d4422f91798ee47fcf kdebase-devel-3.1.3-5.8.ia64.rpm 3ff097e232c2c1ecd0a8684c8b526581 kdelibs-3.1.3-6.9.ia64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 155776d1b23d3c1c881f805416ecc9fa kdelibs-devel-3.1.3-6.9.ia64.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://www.kde.org/info/security/advisory-20041213-1.txt
http://www.kde.org/info/security/advisory-20050101-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0078

8. Contact:

The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.





3.

ESB-2005.0135 -- RHSA-2005:104-01
Updated mod_python package fixes security issue
11 February 2005


Product: mod_python
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Linux variants
UNIX variants
Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0088

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-104.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated mod_python package fixes security issue
Advisory ID: RHSA-2005:104-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-104.html
Issue date: 2005-02-10
Updated on: 2005-02-10
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0088
- - - ---------------------------------------------------------------------

1. Summary:

An Updated mod_python package that fixes a security issue in the publisher handler
is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat
Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise
Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mod_python is a module that embeds the Python language interpreter within the Apache web server, allowing handlers to be written in Python.

Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python,
used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access to objects that should not be visible, leading to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0088 to this issue.

Users of mod_python are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146655 - CAN-2005-0088 mod_python information leak

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm
50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm

i386:
b51bdac75600cd7c80060334ce5373f2 mod_python-2.7.8-3.1.i386.rpm

ia64:
f6645270af7c98323e7779ac1be4501b mod_python-2.7.8-3.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm
50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm

ia64:
f6645270af7c98323e7779ac1be4501b mod_python-2.7.8-3.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm
50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm

i386:
b51bdac75600cd7c80060334ce5373f2 mod_python-2.7.8-3.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm
50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm

i386:
b51bdac75600cd7c80060334ce5373f2 mod_python-2.7.8-3.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm
d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm

i386:
d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm

ia64:
2c09223945087dd8948b2b3c4dfe3f01 mod_python-3.0.3-5.ent.ia64.rpm

ppc:
b02b5f309e8b1791b5ce1fe2543541c0 mod_python-3.0.3-5.ent.ppc.rpm

s390:
95c7d6c8747e8b04bb8dcc5678c4d465 mod_python-3.0.3-5.ent.s390.rpm

s390x:
bee109211e88d46749152476a17f94c3 mod_python-3.0.3-5.ent.s390x.rpm

x86_64:
781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm
d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm

i386:
d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm

x86_64:
781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm
d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm

i386:
d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm

ia64:
2c09223945087dd8948b2b3c4dfe3f01 mod_python-3.0.3-5.ent.ia64.rpm

x86_64:
781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm
d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm

i386:
d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm

ia64:
2c09223945087dd8948b2b3c4dfe3f01 mod_python-3.0.3-5.ent.ia64.rpm

x86_64:
781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088

8. Contact:

The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.




4.

ESB-2005.0136 -- RHSA-2005:112-01
Updated emacs packages fix security issue
11 February 2005



Product: emacs
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0100

Ref: ESB-2005.0125

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-112.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated emacs packages fix security issue
Advisory ID: RHSA-2005:112-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-112.html
Issue date: 2005-02-10
Updated on: 2005-02-10
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0100
- - - ---------------------------------------------------------------------

1. Summary:

Updated Emacs packages that fix a string format issue are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat
Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1
- - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux
AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 -
i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat
Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Emacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the movemail
utility of Emacs. If a user connects to a malicious POP server, an attacker
can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue.

Users of Emacs are advised to upgrade to these updated packages, which contain
backported patches to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and
update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web
page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146700 - CAN-2005-0100 Arbitrary code execution in *emacs*

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/emacs-20.7-41.2.src.rpm
fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm

i386:
d69a461fb714a8320df49cd0bc0a2948 emacs-20.7-41.2.i386.rpm 81d716a2780da4bd70b2e9ff65a59e04 emacs-X11-20.7-41.2.i386.rpm e791e0b8b5d3fdb9302dba7cffd6600d emacs-el-20.7-41.2.i386.rpm b3460f46f0aca2143b255e5664d0cbcf emacs-leim-20.7-41.2.i386.rpm 23a6cddea1a2d693da09ef6ce6a04cb4 emacs-nox-20.7-41.2.i386.rpm

ia64:
9907122cb87f25b145fc64d249e1f373 emacs-20.7-41.2.ia64.rpm a5c29b47a726c3464cea29db223bf0a3 emacs-X11-20.7-41.2.ia64.rpm b9bb6d89f90ca8c04621c1f4658a02e3 emacs-el-20.7-41.2.ia64.rpm 5f524f16502e44f00fbada64070ac220 emacs-leim-20.7-41.2.ia64.rpm 4d0fbe779bed8c187f3ffea7829e15f0 emacs-nox-20.7-41.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/emacs-20.7-41.2.src.rpm
fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm

ia64:
9907122cb87f25b145fc64d249e1f373 emacs-20.7-41.2.ia64.rpm a5c29b47a726c3464cea29db223bf0a3 emacs-X11-20.7-41.2.ia64.rpm b9bb6d89f90ca8c04621c1f4658a02e3 emacs-el-20.7-41.2.ia64.rpm 5f524f16502e44f00fbada64070ac220 emacs-leim-20.7-41.2.ia64.rpm 4d0fbe779bed8c187f3ffea7829e15f0 emacs-nox-20.7-41.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/emacs-20.7-41.2.src.rpm
fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm

i386:
d69a461fb714a8320df49cd0bc0a2948 emacs-20.7-41.2.i386.rpm 81d716a2780da4bd70b2e9ff65a59e04 emacs-X11-20.7-41.2.i386.rpm e791e0b8b5d3fdb9302dba7cffd6600d emacs-el-20.7-41.2.i386.rpm b3460f46f0aca2143b255e5664d0cbcf emacs-leim-20.7-41.2.i386.rpm 23a6cddea1a2d693da09ef6ce6a04cb4 emacs-nox-20.7-41.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/emacs-20.7-41.2.src.rpm
fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm

i386:
d69a461fb714a8320df49cd0bc0a2948 emacs-20.7-41.2.i386.rpm 81d716a2780da4bd70b2e9ff65a59e04 emacs-X11-20.7-41.2.i386.rpm e791e0b8b5d3fdb9302dba7cffd6600d emacs-el-20.7-41.2.i386.rpm b3460f46f0aca2143b255e5664d0cbcf emacs-leim-20.7-41.2.i386.rpm 23a6cddea1a2d693da09ef6ce6a04cb4 emacs-nox-20.7-41.2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/emacs-21.3-4.1.src.rpm
38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm

i386:
7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm

ia64:
3e09e53a65636ac4046db955d9b21e0a emacs-21.3-4.1.ia64.rpm 470539029a0dc531e2f0982015624231 emacs-el-21.3-4.1.ia64.rpm f26f3a45cecbb9faae945ba862cc3308 emacs-leim-21.3-4.1.ia64.rpm

ppc:
3074759a6d154377204e1b40119c1a34 emacs-21.3-4.1.ppc.rpm d523a8d4b7248f5c9733cf56568ab32e emacs-el-21.3-4.1.ppc.rpm 52a931ab8acae24e97b61808cf2155a0 emacs-leim-21.3-4.1.ppc.rpm

s390:
3adbd2b469cb0f3a1806127d995aee61 emacs-21.3-4.1.s390.rpm 9660ccd43c5d52d61a67df0d3dee06aa emacs-el-21.3-4.1.s390.rpm 93866792827d67299f54d1b5ec607275 emacs-leim-21.3-4.1.s390.rpm

s390x:
0072da2a620ada0451182e160af05756 emacs-21.3-4.1.s390x.rpm b56396b351324f8e5f196479bd767f0e emacs-el-21.3-4.1.s390x.rpm e499de9b21b997711499ba6d337ebbf0 emacs-leim-21.3-4.1.s390x.rpm

x86_64:
c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/emacs-21.3-4.1.src.rpm
38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm

i386:
7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm

x86_64:
c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/emacs-21.3-4.1.src.rpm
38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm

i386:
7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm

ia64:
3e09e53a65636ac4046db955d9b21e0a emacs-21.3-4.1.ia64.rpm 470539029a0dc531e2f0982015624231 emacs-el-21.3-4.1.ia64.rpm f26f3a45cecbb9faae945ba862cc3308 emacs-leim-21.3-4.1.ia64.rpm

x86_64:
c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/emacs-21.3-4.1.src.rpm
38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm

i386:
7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm

ia64:
3e09e53a65636ac4046db955d9b21e0a emacs-21.3-4.1.ia64.rpm 470539029a0dc531e2f0982015624231 emacs-el-21.3-4.1.ia64.rpm f26f3a45cecbb9faae945ba862cc3308 emacs-leim-21.3-4.1.ia64.rpm

x86_64:
c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

8. Contact:

The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

______________________





5.
ESB-2005.0137 -- RHSA-2005:134-01
Updated xemacs packages fix security issue
11 February 2005



Product: xemacs
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0100

Ref: ESB-2005.0126

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-134.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated xemacs packages fix security issue
Advisory ID: RHSA-2005:134-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-134.html
Issue date: 2005-02-10
Updated on: 2005-02-10
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0100
- - - ---------------------------------------------------------------------

1. Summary:

Updated XEmacs packages that fix a string format issue are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1
- - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux
AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 -
i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

XEmacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the movemail
utility of XEmacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running xemacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this
issue.

Users of XEmacs are advised to upgrade to these updated packages, which contain
backported patches to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146704 - CAN-2005-0100 Arbitrary code execution in *emacs*

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm
4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm

i386:
9b918791022dbd365d1c2ffc7487ad37 xemacs-21.4.6-6.9.1.i386.rpm e951c1189a2098befdb5f3e7c7806e38 xemacs-el-21.4.6-6.9.1.i386.rpm 0ae98221a5979e4d22c6c5a82ec88682 xemacs-info-21.4.6-6.9.1.i386.rpm

ia64:
f4ef0907a0a8b648307095916e59e5e2 xemacs-21.4.6-6.9.1.ia64.rpm 165bffd4faf333bef4d6f1c9d1be28f4 xemacs-el-21.4.6-6.9.1.ia64.rpm 42fdb40e2f69005f5d574e633c889ca7 xemacs-info-21.4.6-6.9.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm
4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm

ia64:
f4ef0907a0a8b648307095916e59e5e2 xemacs-21.4.6-6.9.1.ia64.rpm 165bffd4faf333bef4d6f1c9d1be28f4 xemacs-el-21.4.6-6.9.1.ia64.rpm 42fdb40e2f69005f5d574e633c889ca7 xemacs-info-21.4.6-6.9.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm
4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm

i386:
9b918791022dbd365d1c2ffc7487ad37 xemacs-21.4.6-6.9.1.i386.rpm e951c1189a2098befdb5f3e7c7806e38 xemacs-el-21.4.6-6.9.1.i386.rpm 0ae98221a5979e4d22c6c5a82ec88682 xemacs-info-21.4.6-6.9.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm
4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm

i386:
9b918791022dbd365d1c2ffc7487ad37 xemacs-21.4.6-6.9.1.i386.rpm e951c1189a2098befdb5f3e7c7806e38 xemacs-el-21.4.6-6.9.1.i386.rpm 0ae98221a5979e4d22c6c5a82ec88682 xemacs-info-21.4.6-6.9.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm
6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm

i386:
cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm
30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm

ia64:
92b20d9de180d11b88c5fa58ad5a0dbf xemacs-21.4.13-8.ent.1.ia64.rpm c3070054bc6a0b31744538b5e007d4ba xemacs-el-21.4.13-8.ent.1.ia64.rpm
9e025747828aab85df935b8549a7785d xemacs-info-21.4.13-8.ent.1.ia64.rpm

ppc:
108e7a89e0a3fa98f68eb577a27d282c xemacs-21.4.13-8.ent.1.ppc.rpm ffa9533b7ce42210266485f03a23415c xemacs-el-21.4.13-8.ent.1.ppc.rpm f72e70f4cd85f1ad8313984d3d4107fc xemacs-info-21.4.13-8.ent.1.ppc.rpm

s390:
59a254a6ceab69616f83826e50ae7a30 xemacs-21.4.13-8.ent.1.s390.rpm c50eacecae3000edd5fbc8a878c72142 xemacs-el-21.4.13-8.ent.1.s390.rpm
d25d73f36604c415b8ec6e7c95fda9fe xemacs-info-21.4.13-8.ent.1.s390.rpm

s390x:
2788db105bb473b1d773495006d7aee7 xemacs-21.4.13-8.ent.1.s390x.rpm c337eb51c51849a1d1d3580b206a0dd3 xemacs-el-21.4.13-8.ent.1.s390x.rpm
2accf5d242d37dd20a194c3f9231cd4d xemacs-info-21.4.13-8.ent.1.s390x.rpm

x86_64:
8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm
e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm
6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm

i386:
cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm
30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm

x86_64:
8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm
e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm
6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm

i386:
cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm
30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm

ia64:
92b20d9de180d11b88c5fa58ad5a0dbf xemacs-21.4.13-8.ent.1.ia64.rpm c3070054bc6a0b31744538b5e007d4ba xemacs-el-21.4.13-8.ent.1.ia64.rpm
9e025747828aab85df935b8549a7785d xemacs-info-21.4.13-8.ent.1.ia64.rpm

x86_64:
8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm
e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm
6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm

i386:
cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm
30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm

ia64:
92b20d9de180d11b88c5fa58ad5a0dbf xemacs-21.4.13-8.ent.1.ia64.rpm c3070054bc6a0b31744538b5e007d4ba xemacs-el-21.4.13-8.ent.1.ia64.rpm
9e025747828aab85df935b8549a7785d xemacs-info-21.4.13-8.ent.1.ia64.rpm

x86_64:
8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm
e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

8. Contact:

The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.




6.

ESB-2005.0138 -- RHSA-2005:135-01
Updated Squirrelmail package fixes security issues
11 February 2005

Product: Squirrelmail
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Impact: Cross-site Scripting
Reduced Security
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0104 CAN-2005-0103 CAN-2005-0075

Ref: ESB-2005.0075

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-135.html

Comment: This Red Hat advisory is for Enterprise Linux version 3 only. The same
vulnerability may exist in other versions, and administrators are
advised to check the vendor's web site for further details.

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Squirrelmail package fixes security issues
Advisory ID: RHSA-2005:135-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-135.html
Issue date: 2005-02-10
Updated on: 2005-02-10
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0075 CAN-2005-0103 CAN-2005-0104
- - - ---------------------------------------------------------------------

1. Summary:

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch

3. Problem description:

SquirrelMail is a standards-based webmail package written in PHP4.

Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw
could allow potential insecure file inclusions on servers where the PHP setting "register_globals" is set to "On". This is not a default or recommended setting.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0075 to this issue.

A URL sanitisation bug was found in Squirrelmail. This flaw could allow a cross site scripting attack when loading the URL for the sidebar. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0103 to this issue.

A missing variable initialization bug was found in Squirrelmail. This flaw could allow a cross site scripting attack. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0104 to this issue.

Users of Squirrelmail are advised to upgrade to this updated package, which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to
your system have been applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

145384 - CAN-2005-0075 Arbitrary code injection in Squirrelmail 145964 - CAN-2005-0103
Multiple issues in squirrelmail (CAN-2005-0104)

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm
02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm

noarch:
2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm
02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm

noarch:
2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm
02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm

noarch:
2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm
02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm

noarch:
2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://www.squirrelmail.org/security/issue/2005-01-20
http://www.squirrelmail.org/security/issue/2005-01-19
http://www.squirrelmail.org/security/issue/2005-01-14
http://www.php.net/register_globals
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0104

8. Contact:

The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |