Kernel/RPM/Sudo Update for RHEL
Posted on: 09/07/2010 08:00 PM

Red Hat has published the following security advisories:

- [RHSA-2010:0679-01] Moderate: rpm security and bug fix update
- [RHSA-2010:0677-01] Important: kernel security update
- [RHSA-2010:0676-01] Important: kernel security update
- [RHSA-2010:0678-01] Moderate: rpm security update
- [RHSA-2010:0675-01] Important: sudo security update

[RHSA-2010:0679-01] Moderate: rpm security and bug fix update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rpm security and bug fix update
Advisory ID: RHSA-2010:0679-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0679.html
Issue date: 2010-09-07
CVE Names: CVE-2010-2059
=====================================================================

1. Summary:

Updated rpm packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The RPM Package Manager (RPM) is a command line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.

It was discovered that RPM did not remove setuid and setgid bits set on
binaries when upgrading packages. A local attacker able to create hard
links to binaries could use this flaw to keep those binaries on the system,
at a specific version level and with the setuid or setgid bit set, even if
the package providing them was upgraded by a system administrator. This
could have security implications if a package was upgraded because of a
security flaw in a setuid or setgid program. (CVE-2010-2059)

This update also fixes the following bug:

* A memory leak in the communication between RPM and the Security-Enhanced
Linux (SELinux) subsystem, which could have caused extensive memory
consumption. In reported cases, this issue was triggered by running
rhn_check when errata were scheduled to be applied. (BZ#627630)

All users of rpm are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

598775 - CVE-2010-2059 rpm: fails to drop SUID/SGID bits on package upgrade
627630 - rpm: selinux context initialization memory leak

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-20.el5_5.1.src.rpm

i386:
popt-1.10.2.3-20.el5_5.1.i386.rpm
rpm-4.4.2.3-20.el5_5.1.i386.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm
rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm
rpm-python-4.4.2.3-20.el5_5.1.i386.rpm

x86_64:
popt-1.10.2.3-20.el5_5.1.i386.rpm
popt-1.10.2.3-20.el5_5.1.x86_64.rpm
rpm-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm
rpm-libs-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-python-4.4.2.3-20.el5_5.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-20.el5_5.1.src.rpm

i386:
rpm-apidocs-4.4.2.3-20.el5_5.1.i386.rpm
rpm-build-4.4.2.3-20.el5_5.1.i386.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm
rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm

x86_64:
rpm-apidocs-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-build-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm
rpm-devel-4.4.2.3-20.el5_5.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rpm-4.4.2.3-20.el5_5.1.src.rpm

i386:
popt-1.10.2.3-20.el5_5.1.i386.rpm
rpm-4.4.2.3-20.el5_5.1.i386.rpm
rpm-apidocs-4.4.2.3-20.el5_5.1.i386.rpm
rpm-build-4.4.2.3-20.el5_5.1.i386.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm
rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm
rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm
rpm-python-4.4.2.3-20.el5_5.1.i386.rpm

ia64:
popt-1.10.2.3-20.el5_5.1.ia64.rpm
rpm-4.4.2.3-20.el5_5.1.ia64.rpm
rpm-apidocs-4.4.2.3-20.el5_5.1.ia64.rpm
rpm-build-4.4.2.3-20.el5_5.1.ia64.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.ia64.rpm
rpm-devel-4.4.2.3-20.el5_5.1.ia64.rpm
rpm-libs-4.4.2.3-20.el5_5.1.ia64.rpm
rpm-python-4.4.2.3-20.el5_5.1.ia64.rpm

ppc:
popt-1.10.2.3-20.el5_5.1.ppc.rpm
popt-1.10.2.3-20.el5_5.1.ppc64.rpm
rpm-4.4.2.3-20.el5_5.1.ppc.rpm
rpm-apidocs-4.4.2.3-20.el5_5.1.ppc.rpm
rpm-build-4.4.2.3-20.el5_5.1.ppc.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.ppc.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.ppc64.rpm
rpm-devel-4.4.2.3-20.el5_5.1.ppc.rpm
rpm-devel-4.4.2.3-20.el5_5.1.ppc64.rpm
rpm-libs-4.4.2.3-20.el5_5.1.ppc.rpm
rpm-libs-4.4.2.3-20.el5_5.1.ppc64.rpm
rpm-python-4.4.2.3-20.el5_5.1.ppc.rpm

s390x:
popt-1.10.2.3-20.el5_5.1.s390.rpm
popt-1.10.2.3-20.el5_5.1.s390x.rpm
rpm-4.4.2.3-20.el5_5.1.s390x.rpm
rpm-apidocs-4.4.2.3-20.el5_5.1.s390x.rpm
rpm-build-4.4.2.3-20.el5_5.1.s390x.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.s390.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.s390x.rpm
rpm-devel-4.4.2.3-20.el5_5.1.s390.rpm
rpm-devel-4.4.2.3-20.el5_5.1.s390x.rpm
rpm-libs-4.4.2.3-20.el5_5.1.s390.rpm
rpm-libs-4.4.2.3-20.el5_5.1.s390x.rpm
rpm-python-4.4.2.3-20.el5_5.1.s390x.rpm

x86_64:
popt-1.10.2.3-20.el5_5.1.i386.rpm
popt-1.10.2.3-20.el5_5.1.x86_64.rpm
rpm-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-apidocs-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-build-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm
rpm-debuginfo-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm
rpm-devel-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm
rpm-libs-4.4.2.3-20.el5_5.1.x86_64.rpm
rpm-python-4.4.2.3-20.el5_5.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2059.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.


[RHSA-2010:0677-01] Important: kernel security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2010:0677-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0677.html
Issue date: 2010-09-07
CVE Names: CVE-2010-2240
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 4.7 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)

Red Hat would like to thank the X.Org security team for reporting this
issue. Upstream acknowledges Rafal Wojtczuk as the original reporter.

Users should upgrade to these updated packages, which contain backported
patches to correct this issue. The system must be rebooted for this update
to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment

6. Package List:

Red Hat Enterprise Linux AS version 4.7.z:

Source:
kernel-2.6.9-78.0.32.EL.src.rpm

i386:
kernel-2.6.9-78.0.32.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.i686.rpm
kernel-devel-2.6.9-78.0.32.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.32.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.32.EL.i686.rpm
kernel-smp-2.6.9-78.0.32.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.32.EL.i686.rpm
kernel-xenU-2.6.9-78.0.32.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.32.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.32.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.ia64.rpm
kernel-devel-2.6.9-78.0.32.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.32.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.32.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.32.EL.noarch.rpm

ppc:
kernel-2.6.9-78.0.32.EL.ppc64.rpm
kernel-2.6.9-78.0.32.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.32.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.32.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-78.0.32.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.32.EL.ppc64.rpm

s390:
kernel-2.6.9-78.0.32.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.s390.rpm
kernel-devel-2.6.9-78.0.32.EL.s390.rpm

s390x:
kernel-2.6.9-78.0.32.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.s390x.rpm
kernel-devel-2.6.9-78.0.32.EL.s390x.rpm

x86_64:
kernel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.32.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.32.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.32.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.32.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4.7.z:

Source:
kernel-2.6.9-78.0.32.EL.src.rpm

i386:
kernel-2.6.9-78.0.32.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.i686.rpm
kernel-devel-2.6.9-78.0.32.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.32.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.32.EL.i686.rpm
kernel-smp-2.6.9-78.0.32.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.32.EL.i686.rpm
kernel-xenU-2.6.9-78.0.32.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.32.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.32.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.ia64.rpm
kernel-devel-2.6.9-78.0.32.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.32.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.32.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.32.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.32.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.32.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.32.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.32.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.32.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.32.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2240.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.


[RHSA-2010:0676-01] Important: kernel security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2010:0676-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0676.html
Issue date: 2010-09-07
CVE Names: CVE-2010-2240
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)

Red Hat would like to thank the X.Org security team for reporting this
issue. Upstream acknowledges Rafal Wojtczuk as the original reporter.

Users should upgrade to these updated packages, which contain backported
patches to correct this issue. The system must be rebooted for this update
to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm

i386:
kernel-2.6.9-89.0.29.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm
kernel-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.29.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.ia64.rpm
kernel-devel-2.6.9-89.0.29.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.29.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.29.EL.noarch.rpm

ppc:
kernel-2.6.9-89.0.29.EL.ppc64.rpm
kernel-2.6.9-89.0.29.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.0.29.EL.ppc64.rpm
kernel-devel-2.6.9-89.0.29.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.0.29.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.ppc64.rpm

s390:
kernel-2.6.9-89.0.29.EL.s390.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.s390.rpm
kernel-devel-2.6.9-89.0.29.EL.s390.rpm

s390x:
kernel-2.6.9-89.0.29.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.s390x.rpm
kernel-devel-2.6.9-89.0.29.EL.s390x.rpm

x86_64:
kernel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm

i386:
kernel-2.6.9-89.0.29.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm
kernel-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm

noarch:
kernel-doc-2.6.9-89.0.29.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm

i386:
kernel-2.6.9-89.0.29.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm
kernel-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.29.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.ia64.rpm
kernel-devel-2.6.9-89.0.29.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.29.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.29.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm

i386:
kernel-2.6.9-89.0.29.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm
kernel-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-2.6.9-89.0.29.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-2.6.9-89.0.29.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.29.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.ia64.rpm
kernel-devel-2.6.9-89.0.29.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.29.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.29.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2240.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.


[RHSA-2010:0678-01] Moderate: rpm security update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rpm security update
Advisory ID: RHSA-2010:0678-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0678.html
Issue date: 2010-09-07
CVE Names: CVE-2005-4889 CVE-2010-2059
=====================================================================

1. Summary:

Updated rpm packages that fix two security issues are now available for Red
Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The RPM Package Manager (RPM) is a command line driven package management
system capable of installing, uninstalling, verifying, querying, and
updating software packages.

It was discovered that RPM did not remove setuid and setgid bits set on
binaries when upgrading or removing packages. A local attacker able to
create hard links to binaries could use this flaw to keep those binaries on
the system, at a specific version level and with the setuid or setgid bit
set, even if the package providing them was upgraded or removed by a system
administrator. This could have security implications if a package was
upgraded or removed because of a security flaw in a setuid or setgid
program. (CVE-2005-4889, CVE-2010-2059)

All users of rpm are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

598775 - CVE-2010-2059 rpm: fails to drop SUID/SGID bits on package upgrade
625756 - CVE-2005-4889 rpm: fails to drop SUID/SGID bits on package removal

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm

i386:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm

ia64:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
popt-1.9.1-33_nonptl.el4_8.1.ia64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.ia64.rpm

ppc:
popt-1.9.1-33_nonptl.el4_8.1.ppc.rpm
popt-1.9.1-33_nonptl.el4_8.1.ppc64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.ppc.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.ppc.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ppc.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ppc64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.ppc.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.ppc.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.ppc64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.ppc.rpm

s390:
popt-1.9.1-33_nonptl.el4_8.1.s390.rpm
rpm-4.3.3-33_nonptl.el4_8.1.s390.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.s390.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.s390.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.s390.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.s390.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.s390.rpm

s390x:
popt-1.9.1-33_nonptl.el4_8.1.s390.rpm
popt-1.9.1-33_nonptl.el4_8.1.s390x.rpm
rpm-4.3.3-33_nonptl.el4_8.1.s390x.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.s390x.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.s390.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.s390x.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.s390x.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.s390.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.s390x.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.s390x.rpm

x86_64:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm

i386:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm

x86_64:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm

i386:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm

ia64:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
popt-1.9.1-33_nonptl.el4_8.1.ia64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.ia64.rpm

x86_64:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm

i386:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm

ia64:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
popt-1.9.1-33_nonptl.el4_8.1.ia64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.ia64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.ia64.rpm

x86_64:
popt-1.9.1-33_nonptl.el4_8.1.i386.rpm
popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm
rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm
rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm
rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2005-4889.html
https://www.redhat.com/security/data/cve/CVE-2010-2059.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.


[RHSA-2010:0675-01] Important: sudo security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: sudo security update
Advisory ID: RHSA-2010:0675-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0675.html
Issue date: 2010-09-07
CVE Names: CVE-2010-2956
=====================================================================

1. Summary:

An updated sudo package that fixes one security issue is now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A flaw was found in the way sudo handled Runas specifications containing
both a user and a group list. If a local user were authorized by the
sudoers file to perform their sudo commands with the privileges of a
specified user and group, they could use this flaw to run those commands
with the privileges of either an arbitrary user or group on the system.
(CVE-2010-2956)

Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance
for reporting this issue.

Users of sudo should upgrade to this updated package, which contains a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

628628 - CVE-2010-2956 sudo: incorrect handling of RunAs specification with both user and group lists

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sudo-1.7.2p1-8.el5_5.src.rpm

i386:
sudo-1.7.2p1-8.el5_5.i386.rpm
sudo-debuginfo-1.7.2p1-8.el5_5.i386.rpm

x86_64:
sudo-1.7.2p1-8.el5_5.x86_64.rpm
sudo-debuginfo-1.7.2p1-8.el5_5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sudo-1.7.2p1-8.el5_5.src.rpm

i386:
sudo-1.7.2p1-8.el5_5.i386.rpm
sudo-debuginfo-1.7.2p1-8.el5_5.i386.rpm

ia64:
sudo-1.7.2p1-8.el5_5.ia64.rpm
sudo-debuginfo-1.7.2p1-8.el5_5.ia64.rpm

ppc:
sudo-1.7.2p1-8.el5_5.ppc.rpm
sudo-debuginfo-1.7.2p1-8.el5_5.ppc.rpm

s390x:
sudo-1.7.2p1-8.el5_5.s390x.rpm
sudo-debuginfo-1.7.2p1-8.el5_5.s390x.rpm

x86_64:
sudo-1.7.2p1-8.el5_5.x86_64.rpm
sudo-debuginfo-1.7.2p1-8.el5_5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2956.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/kernelrpmsudo_update_for_rhel.html)