January 2005
Six Red Hat Security Advisories
ID: 00029
Ref: 26/2005
Date: 13 January 2005:16:34:12
Version: 1
Title: Six Red Hat Security Advisories
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 26/05 dated 13.01.05 Time: 15:45
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Six Red Hat Security Advisories:
1. RHSA-2005:004-01 - Updated lesstif package fixes image vulnerability
2. RHSA-2005:007-01 - Updated unarj package fixes security issue
3. RHSA-2005:013-01 - Updated CUPS packages fix security issues
4. RHSA-2005:014-01 - Updated nfs-utils package fixes security vulnerabilities
5. RHSA-2005:015-01 - An updated Pine package is now available for Red Hat Enterprise
Linux 2.1 to fix a denial of service attack.
6. RHSA-2005:018-01 - Updated Xpdf packages fix security issues
Detail
======
1. An updated lesstif package that fixes flaws in the Xpm library is now available for Red Hat Enterprise Linux 2.1.
2. An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.
3. Updated CUPS packages that fix several security issues are now available.
4. An updated nfs-utils package that fixes various security issues is now available.
5. An updated Pine package is now available for Red Hat Enterprise Linux 2.1 to fix a
denial of service attack.
6. Updated Xpdf packages that fix several security issues are now available.
1.
ESB-2005.0029 -- RHSA-2005:004-01
Updated lesstif package fixes image vulnerability
13 January 2005
Product: lesstif
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Linux variants
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2004-0914 CAN-2004-0688 CAN-2004-0687
Ref: ESB-2004.0632
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-004.html
- - --------------------------BEGIN INCLUDED TEXT--------------------
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated lesstif package fixes image vulnerability
Advisory ID: RHSA-2005:004-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-004.html
Issue date: 2005-01-12
Updated on: 2005-01-12
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0687 CAN-2004-0688 CAN-2004-0914
- - - ---------------------------------------------------------------------
1. Summary:
An updated lesstif package that fixes flaws in the Xpm library is now available
for Red Hat Enterprise Linux 2.1.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat
Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 -
i386 Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
LessTif provides libraries which implement the Motif industry standard graphical user interface.
During a source code audit, Chris Evans discovered several stack overflow flaws
and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within Lesstif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common
Vulnerabilities and Exposures project cve.mitre.org) has assigned the names (CAN-2004-0687,CAN-2004-0688, and CAN-2004-0914 to these issues.
Users of LessTif are advised to upgrade to this erratum package, which contains backported security patches to the embedded libXpm library.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your
packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
135076 - CAN-2004-0687 buffer overflows in libXpm
135079 - CAN-2004-0688 integer overflows in libXpm (CAN-2004-0914)
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/lesstif-0.93.15-4.AS21.4.src.rpm
59665437349ef5bad3f7b373e1dd6001 lesstif-0.93.15-4.AS21.4.src.rpm
i386:
9c49c91a9d0668505b1218b60705bd56 lesstif-0.93.15-4.AS21.4.i386.rpm c9b3a89ad94af645dba780da9e3d86bb lesstif-devel-0.93.15-4.AS21.4.i386.rpm
ia64:
9345984ef75ef4878bffe381e6964647 lesstif-0.93.15-4.AS21.4.ia64.rpm 09670ebdb668df8c2281eea87ce42ce8 lesstif-devel-0.93.15-4.AS21.4.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/lesstif-0.93.15-4.AS21.4.src.rpm
59665437349ef5bad3f7b373e1dd6001 lesstif-0.93.15-4.AS21.4.src.rpm
ia64:
9345984ef75ef4878bffe381e6964647 lesstif-0.93.15-4.AS21.4.ia64.rpm 09670ebdb668df8c2281eea87ce42ce8 lesstif-devel-0.93.15-4.AS21.4.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/lesstif-0.93.15-4.AS21.4.src.rpm
59665437349ef5bad3f7b373e1dd6001 lesstif-0.93.15-4.AS21.4.src.rpm
i386:
9c49c91a9d0668505b1218b60705bd56 lesstif-0.93.15-4.AS21.4.i386.rpm c9b3a89ad94af645dba780da9e3d86bb lesstif-devel-0.93.15-4.AS21.4.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/lesstif-0.93.15-4.AS21.4.src.rpm
59665437349ef5bad3f7b373e1dd6001 lesstif-0.93.15-4.AS21.4.src.rpm
i386:
9c49c91a9d0668505b1218b60705bd56 lesstif-0.93.15-4.AS21.4.i386.rpm c9b3a89ad94af645dba780da9e3d86bb lesstif-devel-0.93.15-4.AS21.4.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
8. Contact:
The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
2.
ESB-2005.0030 -- RHSA-2005:007-01
Updated unarj package fixes security issue
13 January 2005
Product: unarj
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Linux variants
UNIX variants
Impact: Execute Arbitrary Code/Commands
Overwrite Arbitrary Files
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1027 CAN-2004-0947
Ref: ESB-2004.0735
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-007.html
- - --------------------------BEGIN INCLUDED TEXT--------------------
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated unarj package fixes security issue
Advisory ID: RHSA-2005:007-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-007.html
Issue date: 2005-01-12
Updated on: 2005-01-12
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0947 CAN-2004-1027
- - - ---------------------------------------------------------------------
1. Summary:
An updated unarj package that fixes a buffer overflow vulnerability and a directory
traversal vulnerability is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux
Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
The unarj program is an archiving utility which can extract ARJ-compatible archives.
A buffer overflow bug was discovered in unarj when handling long file names contained
in an archive. An attacker could create a specially crafted archive which could cause
unarj to crash or possibly execute arbitrary code when extracted by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0947 to this issue.
Additionally, a path traversal vulnerability was discovered in unarj. An attacker
could create a specially crafted archive which would create files in the parent ("..")
directory when extracted by a victim. When used recursively, this vulnerability could
be used to overwrite critical system files and programs. The Common Vulnerabilities
and Exposures project(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.
Users of unarj should upgrade to this updated package which contains backported patches
and is not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
138462 - CAN-2004-0947 buffer overflow in unarj
138835 - CAN-2004-1027 unarj directory traversal issue
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/unarj-2.43-13.src.rpm
abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm
i386:
1b3f6e7e8780f02a7b6038b78f3af8c2 unarj-2.43-13.i386.rpm
ia64:
346187352a1792700194a7c7bd5de83f unarj-2.43-13.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/unarj-2.43-13.src.rpm
abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm
ia64:
346187352a1792700194a7c7bd5de83f unarj-2.43-13.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/unarj-2.43-13.src.rpm
abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm
i386:
1b3f6e7e8780f02a7b6038b78f3af8c2 unarj-2.43-13.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/unarj-2.43-13.src.rpm
abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm
i386:
1b3f6e7e8780f02a7b6038b78f3af8c2 unarj-2.43-13.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1027
8. Contact:
The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFB5XHlXlSAg2UNWIIRAjfJAKC4jWCt/DoeNlVB1TiCBdpMX+bp5wCgiJcl
1cL9o1vIOwd/NgGKeIJfFz0=
=HrOB
- - -----END PGP SIGNATURE-----
3.
ESB-2005.0031 -- RHSA-2005:013-01
Updated CUPS packages fix security issues
13 January 2005
Product: CUPS
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Linux variants
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1270 CAN-2004-1269 CAN-2004-1268
CAN-2004-1267 CAN-2004-1125
Ref: ESB-2005.0003
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-013.html
- - --------------------------BEGIN INCLUDED TEXT--------------------
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated CUPS packages fix security issues
Advisory ID: RHSA-2005:013-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-013.html
Issue date: 2005-01-12
Updated on: 2005-01-12
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1125 CAN-2004-1267 CAN-2004-1268 CAN-2004-1269 CAN-2004-1270
- - - ---------------------------------------------------------------------
1. Summary:
Updated CUPS packages that fix several security issues are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop
version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems.
A buffer overflow was found in the CUPS pdftops filter, which uses code from the Xpdf package. An attacker who has the ability to send a malicious PDF file to a printer could possibly
execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.
A buffer overflow was found in the ParseCommand function in the hpgltops program. An attacker who has the ability to send a malicious HPGL file to a printer could possibly execute arbitrary
code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1267 to this issue.
Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to exploit these buffer overflow vulnerabilities on x86 architectures.
The lppasswd utility ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS password file or prevent future uses of lppasswd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues.
The lppasswd utility does not verify that the passwd.new file is different from STDERR, which
could allow local users to control output to passwd.new via certain user input that triggers
an error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1270 to this issue.
In addition to these security issues, two other problems not relating to security have been fixed:
Resuming a job with "lp -H resume", which had previously been held with "lp
- - - -H hold" could cause the scheduler to stop. This has been fixed in later versions of CUPS,
and has been backported in these updated packages.
The cancel-cups(1) man page is a symbolic link to another man page. The target of this link has
been corrected.
All users of cups should upgrade to these updated packages, which resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red
Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
136973 - cancel-cups man page missing from errata package 143087 - CAN-2004-1267 Bernstein cups
issues (CAN-2004-1268 CAN-2004-1269 CAN-2004-1270) 143566 - CAN-2004-1125 xpdf buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.22.src.rpm
190988317b27033d81b2bac9a43fe067 cups-1.1.17-13.3.22.src.rpm
i386:
a30fd9428ed826ba91f00bcc278c0b01 cups-1.1.17-13.3.22.i386.rpm 8184b2da98eb1838724794c30af766dc cups-devel-1.1.17-13.3.22.i386.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
ia64:
3f10e07b8cda5176ab1f119cbf61e780 cups-1.1.17-13.3.22.ia64.rpm ded0c35fdf93b5c01b7fcb1c881f57d0 cups-devel-1.1.17-13.3.22.ia64.rpm
3d50c786845f90dc25eedab7cf7ae2a2 cups-libs-1.1.17-13.3.22.ia64.rpm a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
ppc:
5b526866e0e9dbb03a81b899e8865ddb cups-1.1.17-13.3.22.ppc.rpm 4914ab0993bcf0f7a5a351938dffbc4b cups-devel-1.1.17-13.3.22.ppc.rpm 4f16be3e0f2ff6ec3c4b9fd4a163ab7e cups-libs-1.1.17-13.3.22.ppc.rpm 08a52a6857b66afbf728b28429b2ac93 cups-libs-1.1.17-13.3.22.ppc64.rpm
s390:
3e2ef06fbe2515d02d620ce39afb5483 cups-1.1.17-13.3.22.s390.rpm 4fc9df57c3e08f390aec16dfd6c1e07c cups-devel-1.1.17-13.3.22.s390.rpm
4d91aeb4c1434088b9d9efcb805d4955 cups-libs-1.1.17-13.3.22.s390.rpm
s390x:
15eda517b033bc3e1a6889b9f7043a25 cups-1.1.17-13.3.22.s390x.rpm d608f750860d605d8f2823d33c7526e4 cups-devel-1.1.17-13.3.22.s390x.rpm
9ab09b2a7f68d88bc631773f3f748dfb cups-libs-1.1.17-13.3.22.s390x.rpm
4d91aeb4c1434088b9d9efcb805d4955 cups-libs-1.1.17-13.3.22.s390.rpm
x86_64:
11ef9b6bf664a100ef42d74e2d272b61 cups-1.1.17-13.3.22.x86_64.rpm 299975095a8675a7a7269ac0e957aa44 cups-devel-1.1.17-13.3.22.x86_64.rpm
54332395d650c593d43f86d58166bcf9 cups-libs-1.1.17-13.3.22.x86_64.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
Red Hat Desktop version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.22.src.rpm
190988317b27033d81b2bac9a43fe067 cups-1.1.17-13.3.22.src.rpm
i386:
a30fd9428ed826ba91f00bcc278c0b01 cups-1.1.17-13.3.22.i386.rpm 8184b2da98eb1838724794c30af766dc cups-devel-1.1.17-13.3.22.i386.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
x86_64:
11ef9b6bf664a100ef42d74e2d272b61 cups-1.1.17-13.3.22.x86_64.rpm 299975095a8675a7a7269ac0e957aa44 cups-devel-1.1.17-13.3.22.x86_64.rpm
54332395d650c593d43f86d58166bcf9 cups-libs-1.1.17-13.3.22.x86_64.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.22.src.rpm
190988317b27033d81b2bac9a43fe067 cups-1.1.17-13.3.22.src.rpm
i386:
a30fd9428ed826ba91f00bcc278c0b01 cups-1.1.17-13.3.22.i386.rpm 8184b2da98eb1838724794c30af766dc cups-devel-1.1.17-13.3.22.i386.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
ia64:
3f10e07b8cda5176ab1f119cbf61e780 cups-1.1.17-13.3.22.ia64.rpm ded0c35fdf93b5c01b7fcb1c881f57d0 cups-devel-1.1.17-13.3.22.ia64.rpm
3d50c786845f90dc25eedab7cf7ae2a2 cups-libs-1.1.17-13.3.22.ia64.rpm a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
x86_64:
11ef9b6bf664a100ef42d74e2d272b61 cups-1.1.17-13.3.22.x86_64.rpm 299975095a8675a7a7269ac0e957aa44 cups-devel-1.1.17-13.3.22.x86_64.rpm
54332395d650c593d43f86d58166bcf9 cups-libs-1.1.17-13.3.22.x86_64.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.22.src.rpm
190988317b27033d81b2bac9a43fe067 cups-1.1.17-13.3.22.src.rpm
i386:
a30fd9428ed826ba91f00bcc278c0b01 cups-1.1.17-13.3.22.i386.rpm 8184b2da98eb1838724794c30af766dc cups-devel-1.1.17-13.3.22.i386.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
ia64:
3f10e07b8cda5176ab1f119cbf61e780 cups-1.1.17-13.3.22.ia64.rpm ded0c35fdf93b5c01b7fcb1c881f57d0 cups-devel-1.1.17-13.3.22.ia64.rpm
3d50c786845f90dc25eedab7cf7ae2a2 cups-libs-1.1.17-13.3.22.ia64.rpm a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
x86_64:
11ef9b6bf664a100ef42d74e2d272b61 cups-1.1.17-13.3.22.x86_64.rpm 299975095a8675a7a7269ac0e957aa44 cups-devel-1.1.17-13.3.22.x86_64.rpm
54332395d650c593d43f86d58166bcf9 cups-libs-1.1.17-13.3.22.x86_64.rpm
a07d4c2e48c90f409dabd525968e9d9e cups-libs-1.1.17-13.3.22.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://www.cups.org/str.php?L1023 http://www.cups.org/str.php?L1024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
8. Contact:
The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
4.
ESB-2005.0032 -- RHSA-2005:014-01
Updated nfs-utils package fixes security vulnerabilities
13 January 2005
Product: nfs-utils
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Linux variants
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1014 CAN-2004-0946
Ref: ESB-2004.0763
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-014.html
- - --------------------------BEGIN INCLUDED TEXT--------------------
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated nfs-utils package fixes security vulnerabilities
Advisory ID: RHSA-2005:014-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-014.html
Issue date: 2005-01-12
Updated on: 2005-01-12
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1014 CAN-2004-0946
- - - ---------------------------------------------------------------------
1. Summary:
An updated nfs-utils package that fixes various security issues is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux
Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red
Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
The nfs-utils package provides a daemon for the kernel NFS server and related tools.
SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A
misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1014 to this issue.
Arjan van de Ven discovered a buffer overflow in rquotad. On 64-bit architectures, an improper integer conversion can lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could lead to
the execution of arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0946 to this issue.
All users of nfs-utils should upgrade to this updated package, which resolves these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant
to your system have been applied. Use Red Hat Network to download and update your
packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
144652 - CAN-2004-1014 DoS in statd
138063 - CAN-2004-0946 buffer overflow in rquotad
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/nfs-utils-0.3.3-11.src.rpm
9553612895ebfaa51e95f6ca30917ae3 nfs-utils-0.3.3-11.src.rpm
i386:
b5e37053bfa2a629ad89cf8aa55fdd81 nfs-utils-0.3.3-11.i386.rpm
ia64:
1acfa8622a1a9a98f676e8d5e8ada932 nfs-utils-0.3.3-11.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/nfs-utils-0.3.3-11.src.rpm
9553612895ebfaa51e95f6ca30917ae3 nfs-utils-0.3.3-11.src.rpm
ia64:
1acfa8622a1a9a98f676e8d5e8ada932 nfs-utils-0.3.3-11.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/nfs-utils-0.3.3-11.src.rpm
9553612895ebfaa51e95f6ca30917ae3 nfs-utils-0.3.3-11.src.rpm
i386:
b5e37053bfa2a629ad89cf8aa55fdd81 nfs-utils-0.3.3-11.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/nfs-utils-0.3.3-11.src.rpm
9553612895ebfaa51e95f6ca30917ae3 nfs-utils-0.3.3-11.src.rpm
i386:
b5e37053bfa2a629ad89cf8aa55fdd81 nfs-utils-0.3.3-11.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0946
8. Contact:
The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFB5XJWXlSAg2UNWIIRAgdcAKCmUguAappvqdDI6w31HH4al0ZTbwCgrWQH
f+Qg0yF6e1LuIcSJcGJjQxo=
=5AwU
- - -----END PGP SIGNATURE-----
5.
ESB-2005.0033 -- RHSA-2005:015-01
Updated Pine packages fix security vulnerability
13 January 2005
Product: Pine
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Linux variants
UNIX variants
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2003-0297 CAN-2003-0279
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-015.html
- - --------------------------BEGIN INCLUDED TEXT--------------------
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Pine packages fix security vulnerability
Advisory ID: RHSA-2005:015-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-015.html
Issue date: 2005-01-12
Updated on: 2005-01-12
Product: Red Hat Enterprise Linux
CVE Names: CAN-2003-0297
- - - ---------------------------------------------------------------------
1. Summary:
An updated Pine package is now available for Red Hat Enterprise Linux 2.1 to fix a denial of service attack.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version
2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
Pine is an email user agent.
The c-client IMAP client library, as used in Pine 4.44 contains an integer
overflow and integer signedness flaw. An attacker could create a malicious
IMAP server in such a way that it would cause Pine to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0297 to this issue.
Users of Pine are advised to upgrade to these erratum packages which contain
a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied. Use Red Hat Network to download
and update your packages. To launch the Red Hat Update Agent, use the following
command:
up2date
For information on how to install packages manually, refer to the following Web
page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
97342 - CAN-2003-0279 c-client imap client
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/pine-4.44-20.src.rpm
10365ce656dc56e679cd17d70c506820 pine-4.44-20.src.rpm
i386:
7e8793f0bf05f544dea50fde67af462d pine-4.44-20.i386.rpm
ia64:
68b149c040e66b19059dd9480d26ef2c pine-4.44-20.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/pine-4.44-20.src.rpm
10365ce656dc56e679cd17d70c506820 pine-4.44-20.src.rpm
ia64:
68b149c040e66b19059dd9480d26ef2c pine-4.44-20.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/pine-4.44-20.src.rpm
10365ce656dc56e679cd17d70c506820 pine-4.44-20.src.rpm
i386:
7e8793f0bf05f544dea50fde67af462d pine-4.44-20.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/pine-4.44-20.src.rpm
10365ce656dc56e679cd17d70c506820 pine-4.44-20.src.rpm
i386:
7e8793f0bf05f544dea50fde67af462d pine-4.44-20.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0297
8. Contact:
The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFB5XKWXlSAg2UNWIIRAm6PAKCJA3lWLcWswVervDjSozyhjUghAgCfReM0
gWwNlHQYj+hDhooKNrL+CfA=
=iEh3
- - -----END PGP SIGNATURE-----
6.
ESB-2005.0034 -- RHSA-2005:018-01
Updated Xpdf packages fix security issues
13 January 2005
Product: Xpdf
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Linux variants
UNIX variants
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1125
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-018.html
- - --------------------------BEGIN INCLUDED TEXT--------------------
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Xpdf packages fix security issues
Advisory ID: RHSA-2005:018-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-018.html
Issue date: 2005-01-12
Updated on: 2005-01-12
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1125
- - - ---------------------------------------------------------------------
1. Summary:
Updated Xpdf packages that fix several security issues are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red
Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files.
A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly
execute arbitrary code when opened. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.
Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to exploit this vulnerability on x86 architectures.
All users of the Xpdf packages should upgrade to these updated packages, which resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant
to your system have been applied. Use Red Hat Network to download and update your
packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
143499 - CAN-2004-1125 xpdf buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-9.4.src.rpm
0698157d8dc5c71c31533d62bda960e4 xpdf-2.02-9.4.src.rpm
i386:
6a547a0365e1c2f0d40b1787e5be9d3a xpdf-2.02-9.4.i386.rpm
ia64:
58f17daa557c176847bfa810b97e00e3 xpdf-2.02-9.4.ia64.rpm
ppc:
a074f246495f1ebbaa0bdad34cd47edb xpdf-2.02-9.4.ppc.rpm
s390:
e3b911af69e4c30b4c22be1618986c6a xpdf-2.02-9.4.s390.rpm
s390x:
c9f16486d10ccc1f9d654b1db9ae72b2 xpdf-2.02-9.4.s390x.rpm
x86_64:
15e0ffc7c4c416756cf7174153801204 xpdf-2.02-9.4.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-9.4.src.rpm
0698157d8dc5c71c31533d62bda960e4 xpdf-2.02-9.4.src.rpm
i386:
6a547a0365e1c2f0d40b1787e5be9d3a xpdf-2.02-9.4.i386.rpm
x86_64:
15e0ffc7c4c416756cf7174153801204 xpdf-2.02-9.4.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-9.4.src.rpm
0698157d8dc5c71c31533d62bda960e4 xpdf-2.02-9.4.src.rpm
i386:
6a547a0365e1c2f0d40b1787e5be9d3a xpdf-2.02-9.4.i386.rpm
ia64:
58f17daa557c176847bfa810b97e00e3 xpdf-2.02-9.4.ia64.rpm
x86_64:
15e0ffc7c4c416756cf7174153801204 xpdf-2.02-9.4.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-9.4.src.rpm
0698157d8dc5c71c31533d62bda960e4 xpdf-2.02-9.4.src.rpm
i386:
6a547a0365e1c2f0d40b1787e5be9d3a xpdf-2.02-9.4.i386.rpm
ia64:
58f17daa557c176847bfa810b97e00e3 xpdf-2.02-9.4.ia64.rpm
x86_64:
15e0ffc7c4c416756cf7174153801204 xpdf-2.02-9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
8. Contact:
The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------