Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Three Red Hat Security Advisory Updates: 1. RHSA-2005:043-01 - Updated kernel packages fix security vulnerabilities 2. RHSA-2005:012-01 - Updated krb5 packages fix security vulnerabilities 3. RHSA-2005:031-01 - Updated php packages fix security issues

January 2005

Three Red Hat Security Advisory Updates: 1. RHSA-2005:043-01 - Updated kernel packages fix security vulnerabilities 2. RHSA-2005:012-01 - Updated krb5 packages fix security vulnerabilities 3. RHSA-2005:031-01 - Updated php packages fix security issues

ID: 00048
Ref: 44/2005
Date: 20 January 2005:12:53:46
Version: 1
Title: Three Red Hat Security Advisory Updates: 1. RHSA-2005:043-01 - Updated kernel packages fix security vulnerabilities 2. RHSA-2005:012-01 - Updated krb5 packages fix security vulnerabilities 3. RHSA-2005:031-01 - Updated php packages fix security issues
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat
Title
=====

Three Red Hat Security Advisory Updates:

1. RHSA-2005:043-01 - Updated kernel packages fix security vulnerabilities

2. RHSA-2005:012-01 - Updated krb5 packages fix security vulnerabilities

3. RHSA-2005:031-01 - Updated php packages fix security issues

Detail
======

1. iSEC Security Research discovered a VMA handling flaw in the uselib(2)
system call of the Linux kernel. A local user could make use of this
flaw to gain elevated (root) privileges. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1235
to this issue.

2. Kerberos is a networked authentication system that uses a trusted
third party (a KDC) to authenticate clients and servers to each other. A heap based buffer overflow bug was found in the administration library
of Kerberos 1.3.5 and earlier. This bug could allow an authenticated
remote attacker to execute arbitrary commands on a realm's master
Kerberos KDC.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1189 to this issue.

3. PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.
A double-free bug was found in the deserialization code of PHP. PHP
applications use the unserialize function on untrusted user data,
which could allow a remote attacker to gain access to memory or
potentially execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1019 to this issue.






1.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0054 -- RHSA-2005:043-01
Updated kernel packages fix security vulnerabilities
19 January 2005

===========================================================================

Product: kernel
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Impact: Root Compromise
Execute Arbitrary Code/Commands
Denial of Service
Access: Existing Account
CVE Names: CAN-2005-0003 CAN-2005-0001 CAN-2004-1237
CAN-2004-1235 CAN-2004-1016

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-043.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: RHSA-2005:043-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-043.html
Issue date: 2005-01-18
Updated on: 2005-01-18
Product: Red Hat Enterprise Linux
Keywords: taroon kernel security errata
Obsoletes: RHSA-2004:689
CVE Names: CAN-2004-1235 CAN-2004-1237 CAN-2005-0003
- - - ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat Enterprise
Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64,
ppc64iseries, ppc64pseries, s390, s390x, x86_64 Red Hat Desktop version 3 - athlon,
i386, i686, ia32e, x86_64 Red Hat Enterprise Linux ES version 3 - athlon, i386,
i686, ia32e, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - athlon, i386,
i686, ia32e, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues:

iSEC Security Research discovered a VMA handling flaw in the uselib(2)
system call of the Linux kernel. A local user could make use of this
flaw to gain elevated (root) privileges. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1235
to this issue.

A flaw was discovered where an executable could cause a VMA overlap
leading to a crash. A local user could trigger this flaw by creating
a carefully crafted a.out binary on 32-bit systems or a carefully crafted
ELF binary on Itanium systems. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0003 to this issue.

iSEC Security Research discovered a flaw in the page fault handler code
that could lead to local users gaining elevated (root) privileges on
multiprocessor machines. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0001 to this issue. A patch
that coincidentally fixed this issue was committed to the Update 4 kernel
release in December 2004. Therefore Red Hat Enterprise Linux 3 kernels
provided by RHBA-2004:550 and subsequent updates are not vulnerable to this issue.

A flaw in the system call filtering code in the audit subsystem included in
Red Hat Enterprise Linux 3 allowed a local user to cause a crash when auditing
was enabled. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1237 to this issue.

Olaf Kirch discovered that the recent security fixes for cmsg_len handling
(CAN-2004-1016) broke 32-bit compatibility on 64-bit platforms such as AMD64
and Intel EM64T. A patch to correct this issue is included.

A recent Internet Draft by Fernando Gont recommended that ICMP Source Quench
messages be ignored by hosts. A patch to ignore these messages is included.

Note: The kernel-unsupported package contains various drivers and modules that
are unsupported and therefore might contain security problems that have not been
addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the
packages associated with their machine architectures and configurations as
listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied. Use Red Hat Network to download
and update your packages. To launch the Red Hat Update Agent, use the
following command:

up2date

For information on how to install packages manually, refer to the following
Web page for the System Administration or Customization guide specific to
your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

132245 - CAN-2004-1237 Kernel panic when stopping Lotus Domino 6.52 141996 -
CAN-2004-1237 instant kernel panic from one line perl program - BAD 142091 -
CAN-2004-1237 kernel oops captured, system hangs 142442 - CAN-2004-1237 kernel
panic ( __audit_get_target) 143866 - CAN-2004-1237 kernel panic caused by
auditd 144029 - LTC13264-Kernel errata from Dec 23 results in a DB2 shutdown.
144048 - CAN-2004-1237 kernel panic when Oracle agentctl is run 144134 -
CAN-2004-1235 isec.pl uselib() privilege escalation 144784 - CAN-2005-0003
huge vma-in-executable bug

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm 90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467 kernel-2.4.21-27.0.2.EL.ia64.rpm 5d11a56a9e01f16c1280e91f38783387 kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8 kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

ppc64:
ba9f26ba2b62b45c3b095ad27e788b36 kernel-doc-2.4.21-27.0.2.EL.ppc64.rpm
4adf67ea243913ece424045c696fe88d kernel-source-2.4.21-27.0.2.EL.ppc64.rpm

ppc64iseries:
32860054d812bd958f7dd7067fd8d062 kernel-2.4.21-27.0.2.EL.ppc64iseries.rpm
b806c052dfdec4fd298b041ea6ae1ddd kernel-unsupported-2.4.21-27.0.2.EL.ppc64iseries.rpm

ppc64pseries:
78e15c97f0bd6775837a5d17667a0b0d kernel-2.4.21-27.0.2.EL.ppc64pseries.rpm
a1d9e58411aa72bac10782701579d9f4 kernel-unsupported-2.4.21-27.0.2.EL.ppc64pseries.rpm

s390:
965050540cc98a2d020bf96fec166a9b kernel-2.4.21-27.0.2.EL.s390.rpm dc258fbe8dfcdbe9991d83d5b9a2eaa6 kernel-doc-2.4.21-27.0.2.EL.s390.rpm
879eea09a534959b7566d826b7f6178f kernel-source-2.4.21-27.0.2.EL.s390.rpm
867a209a3c7d0321ac7a730bb76f66b7 kernel-unsupported-2.4.21-27.0.2.EL.s390.rpm

s390x:
2f4704180201df5c9f4601d6388a2f1d kernel-2.4.21-27.0.2.EL.s390x.rpm e94480cab994b4578f36d5b52cbe8a18 kernel-doc-2.4.21-27.0.2.EL.s390x.rpm
82702da6b0a1f02ee75e35530d8cfa41 kernel-source-2.4.21-27.0.2.EL.s390x.rpm
b7d12fcf166bdc9918d14be2b9d7edae kernel-unsupported-2.4.21-27.0.2.EL.s390x.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm 90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm 90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467 kernel-2.4.21-27.0.2.EL.ia64.rpm 5d11a56a9e01f16c1280e91f38783387 kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8 kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84 kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7 kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334 kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6 kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f kernel-2.4.21-27.0.2.EL.i686.rpm b93d7d1dd1083a6f5d88081d3ba56397 kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92 kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582 kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3 kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92 kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2 kernel-2.4.21-27.0.2.EL.ia32e.rpm 90ccef47d359bf5476e4c08dbd1d6b0d kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467 kernel-2.4.21-27.0.2.EL.ia64.rpm 5d11a56a9e01f16c1280e91f38783387 kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8 kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

x86_64:
dac6f69766a22574e1d5978af5075032 kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6 kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7 kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://marc.theaimsgroup.com/?m=109503896031720
http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0003

8. Contact:

The Red Hat security contact is . More contact details at
https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB7aJNXlSAg2UNWIIRAjGQAKCbOBJe+4OCFk6lgS4Zs+TuKnPWNACePvt3
EVRFDLBf4eN5mqGR/IQ7LJg=
=T2KG
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------



iQCVAwUBQe24DSh9+71yA2DNAQIEJAP9EF+6djDNIAwiRf4ar44JdcZKX/A5SPTf
dbsGJYmC4i1PFFkT0YRVpX4aMJsP2unpRPTw4TWV3hQ4pmSySjE372UMw9MiDPmN
D5jV8Ez94pUC23727xtrhO549JbsMDQ1d1x/0VGKHaSKOxlemPUEt+LWCwY2KKFU
4AUfrXaWBlE=
=fjsN
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

ESB-2005.0062 -- RHSA-2005:012-01
Updated krb5 packages fix security vulnerabilities
20 January 2005

===========================================================================



Product: Kerberos 1.3.5 and prior
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Execute Arbitrary Code/Commands
Overwrite Arbitrary Files
Access: Existing Account
CVE Names: CAN-2004-1189 CAN-2004-0971

Ref: ESB-2004.0805

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-012.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated krb5 packages fix security vulnerabilities
Advisory ID: RHSA-2005:012-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-012.html
Issue date: 2005-01-19
Updated on: 2005-01-19
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0971 CAN-2004-1189
- - - ---------------------------------------------------------------------

1. Summary:

Updated Kerberos (krb5) packages that correct buffer overflow and
temporary file bugs are now available for Red Hat Enterprise Linux.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux
ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390,
s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat
Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise
Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Kerberos is a networked authentication system that uses a trusted
third party (a KDC) to authenticate clients and servers to each other.

A heap based buffer overflow bug was found in the administration library
of Kerberos 1.3.5 and earlier. This bug could allow an authenticated
remote attacker to execute arbitrary commands on a realm's master
Kerberos KDC.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1189 to this issue.

Additionally a temporary file bug was found in the Kerberos krb5-send-pr
program. It is possible that an attacker could create a temporary file
that would allow an arbitrary file to be overwritten which the victim
has write access to. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.

All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied. Use Red Hat Network to download
and update your packages. To launch the Red Hat Update Agent, use the
following command:

up2date

For information on how to install packages manually, refer to the following
Web page for the System Administration or Customization guide specific to
your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

136304 - CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
140066 - CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
142902 - CAN-2004-1189 buffer overflow in krb5

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9 krb5-1.2.2-32.src.rpm

i386:
5e983e2655f19f5291a36e006d4258fe krb5-devel-1.2.2-32.i386.rpm 3a6837c6854918d054574c845a81fe1e krb5-libs-1.2.2-32.i386.rpm 9d6720b7a0eb84e75c66f06910b7ac13 krb5-server-1.2.2-32.i386.rpm ea1826ed45658cdade4fa53f6692f2ac krb5-workstation-1.2.2-32.i386.rpm

ia64:
7641b31ba2d148739cf87b4d80725f4e krb5-devel-1.2.2-32.ia64.rpm cf1d8835e783ff996241275049b90275 krb5-libs-1.2.2-32.ia64.rpm 95944c38c02a0985737ce92a974397e3 krb5-server-1.2.2-32.ia64.rpm 3e318a692f05c640da6b25d5134cda87 krb5-workstation-1.2.2-32.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9 krb5-1.2.2-32.src.rpm

ia64:
7641b31ba2d148739cf87b4d80725f4e krb5-devel-1.2.2-32.ia64.rpm cf1d8835e783ff996241275049b90275 krb5-libs-1.2.2-32.ia64.rpm 95944c38c02a0985737ce92a974397e3 krb5-server-1.2.2-32.ia64.rpm 3e318a692f05c640da6b25d5134cda87 krb5-workstation-1.2.2-32.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9 krb5-1.2.2-32.src.rpm

i386:
5e983e2655f19f5291a36e006d4258fe krb5-devel-1.2.2-32.i386.rpm 3a6837c6854918d054574c845a81fe1e krb5-libs-1.2.2-32.i386.rpm 9d6720b7a0eb84e75c66f06910b7ac13 krb5-server-1.2.2-32.i386.rpm ea1826ed45658cdade4fa53f6692f2ac krb5-workstation-1.2.2-32.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9 krb5-1.2.2-32.src.rpm

i386:
5e983e2655f19f5291a36e006d4258fe krb5-devel-1.2.2-32.i386.rpm 3a6837c6854918d054574c845a81fe1e krb5-libs-1.2.2-32.i386.rpm 9d6720b7a0eb84e75c66f06910b7ac13 krb5-server-1.2.2-32.i386.rpm ea1826ed45658cdade4fa53f6692f2ac krb5-workstation-1.2.2-32.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c krb5-devel-1.2.7-38.i386.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm dd38fa05c17e9e986b4d1181e695b3df krb5-server-1.2.7-38.i386.rpm 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf krb5-workstation-1.2.7-38.i386.rpm

ia64:
361f9ea375518c1db1e1bd8b3c63cce7 krb5-devel-1.2.7-38.ia64.rpm a96e16502096c19b2d8b0c3eea4b77b5 krb5-libs-1.2.7-38.ia64.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm ac2c8fe8e7d8dfc9be4fea96f7283bac krb5-server-1.2.7-38.ia64.rpm 96303cbcd45e7fb93b93bda92047a7e9 krb5-workstation-1.2.7-38.ia64.rpm

ppc:
18807f63b63422fd8bce85ea2ba0c8e4 krb5-devel-1.2.7-38.ppc.rpm 89795f2d52b519f80a1df8fcddb0cb24 krb5-libs-1.2.7-38.ppc.rpm 0a3b6bb917d51d6a3cb19e8d2b194001 krb5-server-1.2.7-38.ppc.rpm 5917e264b07a6469e30c2ea87b6fc1fd krb5-workstation-1.2.7-38.ppc.rpm

ppc64:
c552f8269adb38dbf21686e74085fb85 krb5-libs-1.2.7-38.ppc64.rpm

s390:
ce047097ae7b876514b9395e1b8524df krb5-devel-1.2.7-38.s390.rpm a070cad5f21a22f7611ae641eb4b91f5 krb5-libs-1.2.7-38.s390.rpm 1340f95c60414347b525a0b22cf72c03 krb5-server-1.2.7-38.s390.rpm 0f82ce679c7f7d6750e6bf98330cfb5b krb5-workstation-1.2.7-38.s390.rpm

s390x:
4d90a77748aaacd818d9e3f77433618b krb5-devel-1.2.7-38.s390x.rpm 0894dff280fc7550086b94a6737f1f45 krb5-libs-1.2.7-38.s390x.rpm a070cad5f21a22f7611ae641eb4b91f5 krb5-libs-1.2.7-38.s390.rpm 084688d5e785317fc7e485ecc75710a8 krb5-server-1.2.7-38.s390x.rpm 128834612bbe91305293d8d77c7bde7a krb5-workstation-1.2.7-38.s390x.rpm

x86_64:
c9439fe08d70b776d081d5877af78995 krb5-devel-1.2.7-38.x86_64.rpm fdfbb86d17c8129232a999e5d08f2a4f krb5-libs-1.2.7-38.x86_64.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm fb069e8ce3c2ba661d1e4bc944b5b77d krb5-server-1.2.7-38.x86_64.rpm c6a81c4cc4c5f8a6afa242b616651451 krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c krb5-devel-1.2.7-38.i386.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf krb5-workstation-1.2.7-38.i386.rpm

x86_64:
c9439fe08d70b776d081d5877af78995 krb5-devel-1.2.7-38.x86_64.rpm fdfbb86d17c8129232a999e5d08f2a4f krb5-libs-1.2.7-38.x86_64.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm c6a81c4cc4c5f8a6afa242b616651451 krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c krb5-devel-1.2.7-38.i386.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm dd38fa05c17e9e986b4d1181e695b3df krb5-server-1.2.7-38.i386.rpm 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf krb5-workstation-1.2.7-38.i386.rpm

ia64:
361f9ea375518c1db1e1bd8b3c63cce7 krb5-devel-1.2.7-38.ia64.rpm a96e16502096c19b2d8b0c3eea4b77b5 krb5-libs-1.2.7-38.ia64.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm ac2c8fe8e7d8dfc9be4fea96f7283bac krb5-server-1.2.7-38.ia64.rpm 96303cbcd45e7fb93b93bda92047a7e9 krb5-workstation-1.2.7-38.ia64.rpm

x86_64:
c9439fe08d70b776d081d5877af78995 krb5-devel-1.2.7-38.x86_64.rpm fdfbb86d17c8129232a999e5d08f2a4f krb5-libs-1.2.7-38.x86_64.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm fb069e8ce3c2ba661d1e4bc944b5b77d krb5-server-1.2.7-38.x86_64.rpm c6a81c4cc4c5f8a6afa242b616651451 krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c krb5-devel-1.2.7-38.i386.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf krb5-workstation-1.2.7-38.i386.rpm

ia64:
361f9ea375518c1db1e1bd8b3c63cce7 krb5-devel-1.2.7-38.ia64.rpm a96e16502096c19b2d8b0c3eea4b77b5 krb5-libs-1.2.7-38.ia64.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm 96303cbcd45e7fb93b93bda92047a7e9 krb5-workstation-1.2.7-38.ia64.rpm

x86_64:
c9439fe08d70b776d081d5877af78995 krb5-devel-1.2.7-38.x86_64.rpm fdfbb86d17c8129232a999e5d08f2a4f krb5-libs-1.2.7-38.x86_64.rpm e450f4b4d96bd13d51cd56cec1e5e568 krb5-libs-1.2.7-38.i386.rpm c6a81c4cc4c5f8a6afa242b616651451 krb5-workstation-1.2.7-38.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.securityfocus.com/bid/11289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189

8. Contact:

The Red Hat security contact is . More contact details at
https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB7q0TXlSAg2UNWIIRAgmVAJ9Qd4fUjj1I/gn1sUVBDNovlg1TdgCgu2A3
zxpN2LEjK+RYEGD41UsvIY8=
=FdoG
- - -----END PGP SIGNATURE-----


- - --
Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQe8FMCh9+71yA2DNAQLJ+gQAi6SIEbBvFac8reFMz+Ri3FQppbgmwbrh
JKhEIMfjh3ozfXHlQMaLmXRNKVnrk4Gswb2kPhtk1wNd4Iu2o/ATd0AVEwiiqyvY
x+KB6fHZMqizcgUWXar18WrVtmYmkpCiVv77YcDxfOexnxId6nxUAoC84f1kxvcF
lrgQBKNcCEY=
=GIwf
- -----END PGP SIGNATURE-----



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

ESB-2005.0063 -- RHSA-2005:031-01
Updated php packages fix security issues
20 January 2005

===========================================================================




Product: php
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Execute Arbitrary Code/Commands
Inappropriate Access
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1019 CAN-2004-1018

Ref: ESB-2004.0795

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-031.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated php packages fix security issues
Advisory ID: RHSA-2005:031-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-031.html
Issue date: 2005-01-19
Updated on: 2005-01-19
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1018 CAN-2004-1019
- - - ---------------------------------------------------------------------

1. Summary:

Updated php packages that fix various security issues are now available
for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux
ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the
Apache HTTP Web server.

A double-free bug was found in the deserialization code of PHP. PHP
applications use the unserialize function on untrusted user data,
which could allow a remote attacker to gain access to memory or
potentially execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1019 to this issue.

Flaws were found in the pack and unpack PHP functions. These
functions do not normally pass user supplied data, so they
would require a malicious PHP script to be exploited. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-1018 to this issue.

A bug was discovered in the initialization of the OpenSSL library,
such that the curl extension could not be used to perform HTTP
requests over SSL unless the php-imap package was installed.

Users of PHP should upgrade to these updated packages, which
contain fixes for these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red
Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

138904 - PHP cURL getting a 'SSL Couldn't create a context error'.
144773 - CAN-2004-1019 information disclosure issues

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.2.src.rpm
c138d06b06b24f913451b0b1014936db php-4.1.2-2.2.src.rpm

i386:
747527fa5af2927a2e60f03a51155b33 php-4.1.2-2.2.i386.rpm 34123715e6bb68ee25aa341a22210aac php-devel-4.1.2-2.2.i386.rpm c8324b01a0f912f23509256876a6bd48 php-imap-4.1.2-2.2.i386.rpm fa0c258503adbaa3da27ce315f2d8491 php-ldap-4.1.2-2.2.i386.rpm b81212e8cdf6a2fd5d8b144993ce70ce php-manual-4.1.2-2.2.i386.rpm 8d0e23028c8ff9ae95a21f18a4afae4d php-mysql-4.1.2-2.2.i386.rpm c62eb1c9b7d19df3b59c407aadd6f036 php-odbc-4.1.2-2.2.i386.rpm 8304761b31fc02bff2d653ef6a090544 php-pgsql-4.1.2-2.2.i386.rpm

ia64:
cad220354a3a740fcb3839c3142dbecd php-4.1.2-2.2.ia64.rpm 13dc6469275f280ce64517896a6aeef0 php-devel-4.1.2-2.2.ia64.rpm 29878d0334434bab6eef75852dace0ec php-imap-4.1.2-2.2.ia64.rpm c0bbd8c59e4c6014686b427dc86e0315 php-ldap-4.1.2-2.2.ia64.rpm 44fa0088c8faa8f548e57f5fb9aafacf php-manual-4.1.2-2.2.ia64.rpm 729473b0a5a4a881f3d59a4f5f336989 php-mysql-4.1.2-2.2.ia64.rpm 2d5d684aef3f82b15ee31edbd92002a2 php-odbc-4.1.2-2.2.ia64.rpm 4e1997eef1f1aefe14bc6a1605d58a18 php-pgsql-4.1.2-2.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.2.src.rpm
c138d06b06b24f913451b0b1014936db php-4.1.2-2.2.src.rpm

ia64:
cad220354a3a740fcb3839c3142dbecd php-4.1.2-2.2.ia64.rpm 13dc6469275f280ce64517896a6aeef0 php-devel-4.1.2-2.2.ia64.rpm 29878d0334434bab6eef75852dace0ec php-imap-4.1.2-2.2.ia64.rpm c0bbd8c59e4c6014686b427dc86e0315 php-ldap-4.1.2-2.2.ia64.rpm 44fa0088c8faa8f548e57f5fb9aafacf php-manual-4.1.2-2.2.ia64.rpm 729473b0a5a4a881f3d59a4f5f336989 php-mysql-4.1.2-2.2.ia64.rpm 2d5d684aef3f82b15ee31edbd92002a2 php-odbc-4.1.2-2.2.ia64.rpm 4e1997eef1f1aefe14bc6a1605d58a18 php-pgsql-4.1.2-2.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.2.src.rpm
c138d06b06b24f913451b0b1014936db php-4.1.2-2.2.src.rpm

i386:
747527fa5af2927a2e60f03a51155b33 php-4.1.2-2.2.i386.rpm 34123715e6bb68ee25aa341a22210aac php-devel-4.1.2-2.2.i386.rpm c8324b01a0f912f23509256876a6bd48 php-imap-4.1.2-2.2.i386.rpm fa0c258503adbaa3da27ce315f2d8491 php-ldap-4.1.2-2.2.i386.rpm b81212e8cdf6a2fd5d8b144993ce70ce php-manual-4.1.2-2.2.i386.rpm 8d0e23028c8ff9ae95a21f18a4afae4d php-mysql-4.1.2-2.2.i386.rpm c62eb1c9b7d19df3b59c407aadd6f036 php-odbc-4.1.2-2.2.i386.rpm 8304761b31fc02bff2d653ef6a090544 php-pgsql-4.1.2-2.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.2.src.rpm
c138d06b06b24f913451b0b1014936db php-4.1.2-2.2.src.rpm

i386:
747527fa5af2927a2e60f03a51155b33 php-4.1.2-2.2.i386.rpm 34123715e6bb68ee25aa341a22210aac php-devel-4.1.2-2.2.i386.rpm c8324b01a0f912f23509256876a6bd48 php-imap-4.1.2-2.2.i386.rpm fa0c258503adbaa3da27ce315f2d8491 php-ldap-4.1.2-2.2.i386.rpm b81212e8cdf6a2fd5d8b144993ce70ce php-manual-4.1.2-2.2.i386.rpm 8d0e23028c8ff9ae95a21f18a4afae4d php-mysql-4.1.2-2.2.i386.rpm c62eb1c9b7d19df3b59c407aadd6f036 php-odbc-4.1.2-2.2.i386.rpm 8304761b31fc02bff2d653ef6a090544 php-pgsql-4.1.2-2.2.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB7q1OXlSAg2UNWIIRAkZ3AKCuGM8ufUNg41F6cdYo5Y/AkA8bsQCgtTfk
DDXtQTuyZYojZN/LitO0iHI=
=SV0/
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQe8Isyh9+71yA2DNAQL+lgP/Yby1U9lu1ArCfHZ2UHlqZErKF74dQdMw
0cpMvcOHlXP09aeRbLXNLplWjw+i3EndwB/mly4QA9KOkmUKA2Ep59muXYQySwBz
r4Xny7iUnIXVyG3tHwdFWEAc0fMsIqQmTYEiz6asXiDtYeWuByz8sluqbWOK5sDM
xfEfyf/jxos=
=ULH1
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |