RHSA-2007:0345-01 Moderate: vixie-cron security update
Posted on: 05/17/2007 04:15 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: vixie-cron security update
Advisory ID: RHSA-2007:0345-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0345.html
Issue date: 2007-05-17
Updated on: 2007-05-17
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1856
- ---------------------------------------------------------------------

1. Summary:

Updated vixie-cron packages that fix a denial of service issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.

Raphael Marichez discovered a denial of service bug in the way vixie-cron
verifies crontab file integrity. A local user with the ability to create a
hardlink to /etc/crontab can prevent vixie-cron from executing certain
system cron jobs. (CVE-2007-1856)

All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

223662 - crond failed "Days of week" after a few hours on 1st/Jan
235880 - CVE-2007-1856 crontab denial of service

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

ia64:
dbd7433ff15f0aaf005cd1bbed789112 vixie-cron-4.1-19.EL3.ia64.rpm
1e75f2bf0383e74c5d491a023e4f4cff vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm

ppc:
097b5ff35bfae9dc80600b1c5c625b28 vixie-cron-4.1-19.EL3.ppc.rpm
6642327a5b747246059681feb75c48c2 vixie-cron-debuginfo-4.1-19.EL3.ppc.rpm

s390:
825a473c9476f6c4c0998c9b37c87584 vixie-cron-4.1-19.EL3.s390.rpm
d6c108ff0f700e2637b8256e04027998 vixie-cron-debuginfo-4.1-19.EL3.s390.rpm

s390x:
a69ee247f2c81ef9baa7636c8f695ab5 vixie-cron-4.1-19.EL3.s390x.rpm
eae9c4a5d305cb0077125a51200f6bf8 vixie-cron-debuginfo-4.1-19.EL3.s390x.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

ia64:
dbd7433ff15f0aaf005cd1bbed789112 vixie-cron-4.1-19.EL3.ia64.rpm
1e75f2bf0383e74c5d491a023e4f4cff vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

ia64:
dbd7433ff15f0aaf005cd1bbed789112 vixie-cron-4.1-19.EL3.ia64.rpm
1e75f2bf0383e74c5d491a023e4f4cff vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

ia64:
2a8acdc3387f80b88b05d3caf37494b4 vixie-cron-4.1-47.EL4.ia64.rpm
d02b38ef9530988cf05c1bf4d14b084b vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm

ppc:
68741ea68b37363dc302345cc3bf2209 vixie-cron-4.1-47.EL4.ppc.rpm
4fd9d72458e7571e12336d829b72e97f vixie-cron-debuginfo-4.1-47.EL4.ppc.rpm

s390:
4bcc729825cd7622cc9cf2ce317f641f vixie-cron-4.1-47.EL4.s390.rpm
610471c0b6115c8162bc338173bbbe69 vixie-cron-debuginfo-4.1-47.EL4.s390.rpm

s390x:
903f1dbd19ee18070d02b659d8d8ba83 vixie-cron-4.1-47.EL4.s390x.rpm
b3fb169573665923ed33b42ab92c569a vixie-cron-debuginfo-4.1-47.EL4.s390x.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

ia64:
2a8acdc3387f80b88b05d3caf37494b4 vixie-cron-4.1-47.EL4.ia64.rpm
d02b38ef9530988cf05c1bf4d14b084b vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

ia64:
2a8acdc3387f80b88b05d3caf37494b4 vixie-cron-4.1-47.EL4.ia64.rpm
d02b38ef9530988cf05c1bf4d14b084b vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vixie-cron-4.1-70.el5.src.rpm
91b16cc530bd52916de05ebf3a291ec3 vixie-cron-4.1-70.el5.src.rpm

i386:
bf66188eda08c4e4410854a118448fce vixie-cron-4.1-70.el5.i386.rpm
ebbfcef54ccd476f05ce6e107b8c6ae6 vixie-cron-debuginfo-4.1-70.el5.i386.rpm

x86_64:
2d9c6bdffb703c8ecdfb5bbac74a193e vixie-cron-4.1-70.el5.x86_64.rpm
7090e5d8fbc61e8c148c3b5a8e849ee1 vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vixie-cron-4.1-70.el5.src.rpm
91b16cc530bd52916de05ebf3a291ec3 vixie-cron-4.1-70.el5.src.rpm

i386:
bf66188eda08c4e4410854a118448fce vixie-cron-4.1-70.el5.i386.rpm
ebbfcef54ccd476f05ce6e107b8c6ae6 vixie-cron-debuginfo-4.1-70.el5.i386.rpm

ia64:
4bd5c5c644d7cae8a7a35ee8a8db1fe3 vixie-cron-4.1-70.el5.ia64.rpm
52f06612b2ced2ffef0f10dcc2ef1211 vixie-cron-debuginfo-4.1-70.el5.ia64.rpm

ppc:
ccd2a860b388dcf0b8174ac301813692 vixie-cron-4.1-70.el5.ppc.rpm
b972e59606b597f9e6d8040927158294 vixie-cron-debuginfo-4.1-70.el5.ppc.rpm

s390x:
308a141f06dcf269d3fcbf80d464cd9d vixie-cron-4.1-70.el5.s390x.rpm
c704c4150bea7712738eb444ad65a036 vixie-cron-debuginfo-4.1-70.el5.s390x.rpm

x86_64:
2d9c6bdffb703c8ecdfb5bbac74a193e vixie-cron-4.1-70.el5.x86_64.rpm
7090e5d8fbc61e8c148c3b5a8e849ee1 vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1856
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGTGYNXlSAg2UNWIIRAuu0AJ0WFAFqBQi0X2qlsfVf31uMV5CxVwCglzws
bfK3V0WBKBeBbG4nQYlUzfc=
=pvha
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070345_01_moderate_vixie_cron_security_update.html)