RHSA-2006:0727-01 Moderate: texinfo security update
Posted on: 11/08/2006 11:05 AM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: texinfo security update
Advisory ID: RHSA-2006:0727-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0727.html
Issue date: 2006-11-08
Updated on: 2006-11-08
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3011 CVE-2006-4810
- ---------------------------------------------------------------------

1. Summary:

New Texinfo packages that fix various security vulnerabilities are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Texinfo is a documentation system that can produce both online information
and printed output from a single source file.

A buffer overflow flaw was found in Texinfo's texindex command. An attacker
could construct a carefully crafted Texinfo file that could cause texindex
to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)

A flaw was found in the way Texinfo's texindex command creates temporary
files. A local user could leverage this flaw to overwrite files the user
executing texindex has write access to. (CVE-2005-3011)

Users of Texinfo should upgrade to these updated packages which contain
backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

169583 - CVE-2005-3011 texindex insecure temporary file usage
170743 - CVE-2005-3011 texindex insecure temporary file usage
170744 - CVE-2005-3011 texindex insecure temporary file usage
211484 - CVE-2006-4810 texindex buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm

i386:
878a207e614180cf8fd43920d51947d6 info-4.0b-3.el2.1.i386.rpm
58cc2bc691496d3aef522fc87449554b texinfo-4.0b-3.el2.1.i386.rpm

ia64:
a259d8d26dbaa8cc96686f169dc05911 info-4.0b-3.el2.1.ia64.rpm
6fae56c8168b45be80ae719ebe0aca82 texinfo-4.0b-3.el2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm

ia64:
a259d8d26dbaa8cc96686f169dc05911 info-4.0b-3.el2.1.ia64.rpm
6fae56c8168b45be80ae719ebe0aca82 texinfo-4.0b-3.el2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm

i386:
878a207e614180cf8fd43920d51947d6 info-4.0b-3.el2.1.i386.rpm
58cc2bc691496d3aef522fc87449554b texinfo-4.0b-3.el2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm

i386:
878a207e614180cf8fd43920d51947d6 info-4.0b-3.el2.1.i386.rpm
58cc2bc691496d3aef522fc87449554b texinfo-4.0b-3.el2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm

ia64:
42ca02702693284272a52b61b0914d66 info-4.5-3.el3.1.ia64.rpm
3fabad46614f61118bc29cffbd83df54 texinfo-4.5-3.el3.1.ia64.rpm
d8bb2bd2fd7be72a8822e93b1372b625 texinfo-debuginfo-4.5-3.el3.1.ia64.rpm

ppc:
5fe3e1eca608678fc0770f0de702cd8d info-4.5-3.el3.1.ppc.rpm
9275ad56b995b25f275af0a44c3d01bf texinfo-4.5-3.el3.1.ppc.rpm
f54a3f00a87b3ce1d4d0af73f0601bf7 texinfo-debuginfo-4.5-3.el3.1.ppc.rpm

s390:
215d4ea1202a2309c7c676e3c1e46299 info-4.5-3.el3.1.s390.rpm
7085ead3927535c315c336c3314b9d2f texinfo-4.5-3.el3.1.s390.rpm
2d670e1ec1d3ab67628aa982d125bed4 texinfo-debuginfo-4.5-3.el3.1.s390.rpm

s390x:
fd6332f0b59ad9bd8f99cf40a8ff1ad9 info-4.5-3.el3.1.s390x.rpm
a7d61c3643d31ac0db2f6b15d0ea996b texinfo-4.5-3.el3.1.s390x.rpm
566c653544cdb5e1a5eb82f6b67edb9c texinfo-debuginfo-4.5-3.el3.1.s390x.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm

ia64:
42ca02702693284272a52b61b0914d66 info-4.5-3.el3.1.ia64.rpm
3fabad46614f61118bc29cffbd83df54 texinfo-4.5-3.el3.1.ia64.rpm
d8bb2bd2fd7be72a8822e93b1372b625 texinfo-debuginfo-4.5-3.el3.1.ia64.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm

ia64:
42ca02702693284272a52b61b0914d66 info-4.5-3.el3.1.ia64.rpm
3fabad46614f61118bc29cffbd83df54 texinfo-4.5-3.el3.1.ia64.rpm
d8bb2bd2fd7be72a8822e93b1372b625 texinfo-debuginfo-4.5-3.el3.1.ia64.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm

ia64:
99deee5e7579a4d49a0c7cb82a13e54b info-4.7-5.el4.2.ia64.rpm
119c541a6cfe685fc2762e4718c772de texinfo-4.7-5.el4.2.ia64.rpm
17d075dc8887246a394f9bb699791d81 texinfo-debuginfo-4.7-5.el4.2.ia64.rpm

ppc:
706a14c171a272ce82f3201364ec17a2 info-4.7-5.el4.2.ppc.rpm
1d1b035106a9889fa3bfa96f79a88248 texinfo-4.7-5.el4.2.ppc.rpm
52cc1d3e4c5fa6f2d745654706363d22 texinfo-debuginfo-4.7-5.el4.2.ppc.rpm

s390:
1f1c0056ceed97e903f70f9583bce14a info-4.7-5.el4.2.s390.rpm
d4170f862521f47487a88eae5f1c6946 texinfo-4.7-5.el4.2.s390.rpm
6eb45ee9e2bcf48289334e33c3b54846 texinfo-debuginfo-4.7-5.el4.2.s390.rpm

s390x:
f5ccba218def5a9c496ff4ff6a8177d2 info-4.7-5.el4.2.s390x.rpm
bd3f9d50bb9855b8adeefe44ca7c0793 texinfo-4.7-5.el4.2.s390x.rpm
d64aa22173ce1036c50a23748f835251 texinfo-debuginfo-4.7-5.el4.2.s390x.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm

ia64:
99deee5e7579a4d49a0c7cb82a13e54b info-4.7-5.el4.2.ia64.rpm
119c541a6cfe685fc2762e4718c772de texinfo-4.7-5.el4.2.ia64.rpm
17d075dc8887246a394f9bb699791d81 texinfo-debuginfo-4.7-5.el4.2.ia64.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm

ia64:
99deee5e7579a4d49a0c7cb82a13e54b info-4.7-5.el4.2.ia64.rpm
119c541a6cfe685fc2762e4718c772de texinfo-4.7-5.el4.2.ia64.rpm
17d075dc8887246a394f9bb699791d81 texinfo-debuginfo-4.7-5.el4.2.ia64.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFFUasrXlSAg2UNWIIRAuu8AJ4no9wzZGRpmkTPPhfLUWmg/2eK0gCfQwbG
NFay9zOfrymBTUW99vUQs6w=
=hBFC
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20060727_01_moderate_texinfo_security_update.html)