Update to Enterprise Linux 3 also includes support for IBM Power5 servers, new driver support and bug fixes.
Read more
Read more
OSNews reports that Red Hat Enterprise 3 Update 3 has been released to Redhat Network
Two months after announcing the resignation of its chief financial officer and six weeks after it changed the way it books support subscription revenue, Linux vendor Red Hat Inc. has named a new CFO.
Read more
Read more
An updated rsync package is available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated rsync package fixes security issue
Advisory ID: RHSA-2004:436-01
Issue date: 2004-09-01
Updated on: 2004-09-01
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0792
----------------------------------------------------------------------
1. Summary:
An updated rsync package that fixes a path sanitizing bug is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated rsync package fixes security issue
Advisory ID: RHSA-2004:436-01
Issue date: 2004-09-01
Updated on: 2004-09-01
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0792
----------------------------------------------------------------------
1. Summary:
An updated rsync package that fixes a path sanitizing bug is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated httpd packages are available for Red Hat Enterprise Linux 3
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated httpd packages fix mod_ssl security flaw
Advisory ID: RHSA-2004:349-01
Issue date: 2004-09-01
Updated on: 2004-09-01
Product: Red Hat Enterprise Linux
Keywords: httpd
CVE Names: CAN-2004-0748
----------------------------------------------------------------------
1. Summary:
Updated httpd packages that include a security fix for mod_ssl and various enhancements are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated httpd packages fix mod_ssl security flaw
Advisory ID: RHSA-2004:349-01
Issue date: 2004-09-01
Updated on: 2004-09-01
Product: Red Hat Enterprise Linux
Keywords: httpd
CVE Names: CAN-2004-0748
----------------------------------------------------------------------
1. Summary:
Updated httpd packages that include a security fix for mod_ssl and various enhancements are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
An updated lha package has been released for Red Hat Enterprise Linux 3
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: An updated lha package fixes security vulnerability
Advisory ID: RHSA-2004:323-01
Issue date: 2004-09-01
Updated on: 2004-09-01
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2004:178
CVE Names: CAN-2004-0769 CAN-2004-0771 CAN-2004-0694 CAN-2004-0745
----------------------------------------------------------------------
1. Summary:
An updated lha package that fixes a buffer overflow is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: An updated lha package fixes security vulnerability
Advisory ID: RHSA-2004:323-01
Issue date: 2004-09-01
Updated on: 2004-09-01
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2004:178
CVE Names: CAN-2004-0769 CAN-2004-0771 CAN-2004-0694 CAN-2004-0745
----------------------------------------------------------------------
1. Summary:
An updated lha package that fixes a buffer overflow is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated krb5 packages are available for Red Hat Enterprise Linux 3
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated krb5 packages fix security issues
Advisory ID: RHSA-2004:350-01
Issue date: 2004-08-31
Updated on: 2004-08-31
Product: Red Hat Enterprise Linux
Keywords: krb5 client timeout
Obsoletes: RHSA-2004:236
CVE Names: CAN-2004-0642 CAN-2004-0643 CAN-2004-0644
----------------------------------------------------------------------
1. Summary:
Updated krb5 packages that improve client responsiveness and fix several security issues are now available for Red Hat Enterprise Linux 3.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.
Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execuate arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.
A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue does not affect Red Hat Enterprise Linux 3 Kerberos packages.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.
When attempting to contact a KDC, the Kerberos libraries will iterate through the list of configured servers, attempting to contact each in turn. If one of the servers becomes unresponsive, the client will time out and contact the next configured server. When the library attempts to contact the next KDC, the entire process is repeated. For applications which must contact a KDC several times, the accumulated time spent waiting can become significant.
This update modifies the libraries, notes which server for a given realm last responded to a request, and attempts to contact that server first before contacting any of the other configured servers.
All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated krb5 packages fix security issues
Advisory ID: RHSA-2004:350-01
Issue date: 2004-08-31
Updated on: 2004-08-31
Product: Red Hat Enterprise Linux
Keywords: krb5 client timeout
Obsoletes: RHSA-2004:236
CVE Names: CAN-2004-0642 CAN-2004-0643 CAN-2004-0644
----------------------------------------------------------------------
1. Summary:
Updated krb5 packages that improve client responsiveness and fix several security issues are now available for Red Hat Enterprise Linux 3.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.
Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execuate arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.
A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue does not affect Red Hat Enterprise Linux 3 Kerberos packages.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.
When attempting to contact a KDC, the Kerberos libraries will iterate through the list of configured servers, attempting to contact each in turn. If one of the servers becomes unresponsive, the client will time out and contact the next configured server. When the library attempts to contact the next KDC, the entire process is repeated. For applications which must contact a KDC several times, the accumulated time spent waiting can become significant.
This update modifies the libraries, notes which server for a given realm last responded to a request, and attempts to contact that server first before contacting any of the other configured servers.
All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
Updated krb5 packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated krb5 packages fix security vulnerabilities
Advisory ID: RHSA-2004:448-01
Issue date: 2004-08-31
Updated on: 2004-08-31
Product: Red Hat Enterprise Linux
Keywords: krb5 double-free asn.1
Obsoletes: RHSA-2004:236
CVE Names: CAN-2004-0642 CAN-2004-0643 CAN-2004-0644
----------------------------------------------------------------------
1. Summary:
Updated Kerberos (krb5) packages that correct double-free and ASN.1 parsing bugs are now available for Red Hat Enterprise Linux.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.
Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.
A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue was fixed for Red Hat Enterprise Linux 2.1 users by a previous erratum, RHSA-2003:052.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.
All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated krb5 packages fix security vulnerabilities
Advisory ID: RHSA-2004:448-01
Issue date: 2004-08-31
Updated on: 2004-08-31
Product: Red Hat Enterprise Linux
Keywords: krb5 double-free asn.1
Obsoletes: RHSA-2004:236
CVE Names: CAN-2004-0642 CAN-2004-0643 CAN-2004-0644
----------------------------------------------------------------------
1. Summary:
Updated Kerberos (krb5) packages that correct double-free and ASN.1 parsing bugs are now available for Red Hat Enterprise Linux.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.
Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.
A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue was fixed for Red Hat Enterprise Linux 2.1 users by a previous erratum, RHSA-2003:052.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.
All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
An updated acrobat package has been released for Red Hat Enterprise Linux 3
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated acrobat package fixes security issues
Advisory ID: RHSA-2004:432-01
Issue date: 2004-08-26
Updated on: 2004-08-26
Product: Red Hat Enterprise Linux LACD
CVE Names: CAN-2004-0631 CAN-2004-0630
----------------------------------------------------------------------
1. Summary:
An updated Adobe Acrobat Reader package that fixes multiple security issues is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux LACD 3AS - i386
Red Hat Enterprise Linux LACD 3Desktop - i386
Red Hat Enterprise Linux LACD 3ES - i386
Red Hat Enterprise Linux LACD 3WS - i386
3. Problem description:
The Adobe Acrobat Reader browser allows for the viewing, distributing, and printing of documents in portable document format (PDF).
iDEFENSE has reported that Adobe Acrobat Reader 5.0 contains a buffer overflow when decoding uuencoded documents. An attacker could execute arbitrary code on a victim's machine if a user opens a specially crafted uuencoded document. This issue poses the threat of remote execution, since Acrobat Reader may be the default handler for PDF files. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0631 to this issue.
iDEFENSE also reported that Adobe Acrobat Reader 5.0 contains an input validation error in its uuencoding feature. An attacker could create a file with a specially crafted file name which could lead to arbitrary command execution on a victim's machine. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0630 to this issue.
All users of Acrobat Reader are advised to upgrade to this updated package, which is not vulnerable to these issues.
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated acrobat package fixes security issues
Advisory ID: RHSA-2004:432-01
Issue date: 2004-08-26
Updated on: 2004-08-26
Product: Red Hat Enterprise Linux LACD
CVE Names: CAN-2004-0631 CAN-2004-0630
----------------------------------------------------------------------
1. Summary:
An updated Adobe Acrobat Reader package that fixes multiple security issues is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux LACD 3AS - i386
Red Hat Enterprise Linux LACD 3Desktop - i386
Red Hat Enterprise Linux LACD 3ES - i386
Red Hat Enterprise Linux LACD 3WS - i386
3. Problem description:
The Adobe Acrobat Reader browser allows for the viewing, distributing, and printing of documents in portable document format (PDF).
iDEFENSE has reported that Adobe Acrobat Reader 5.0 contains a buffer overflow when decoding uuencoded documents. An attacker could execute arbitrary code on a victim's machine if a user opens a specially crafted uuencoded document. This issue poses the threat of remote execution, since Acrobat Reader may be the default handler for PDF files. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0631 to this issue.
iDEFENSE also reported that Adobe Acrobat Reader 5.0 contains an input validation error in its uuencoding feature. An attacker could create a file with a specially crafted file name which could lead to arbitrary command execution on a victim's machine. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0630 to this issue.
All users of Acrobat Reader are advised to upgrade to this updated package, which is not vulnerable to these issues.
Updated qt packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated qt packages fix security issues
Advisory ID: RHSA-2004:414-01
Issue date: 2004-08-20
Updated on: 2004-08-20
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0691 CAN-2004-0692 CAN-2004-0693
----------------------------------------------------------------------
1. Summary:
Updated qt packages that fix security issues in several of the image decoders are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated qt packages fix security issues
Advisory ID: RHSA-2004:414-01
Issue date: 2004-08-20
Updated on: 2004-08-20
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0691 CAN-2004-0692 CAN-2004-0693
----------------------------------------------------------------------
1. Summary:
Updated qt packages that fix security issues in several of the image decoders are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated Kernel packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated kernel packages fix security vulnerability
Advisory ID: RHSA-2004:437-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
Keywords: kernel update
Obsoletes: RHSA-2004:044
CVE Names: CAN-2004-0178
----------------------------------------------------------------------
1. Summary:
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the fifth regular update.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux ES version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux WS version 2.1 - athlon, i386, i686
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated kernel packages fix security vulnerability
Advisory ID: RHSA-2004:437-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
Keywords: kernel update
Obsoletes: RHSA-2004:044
CVE Names: CAN-2004-0178
----------------------------------------------------------------------
1. Summary:
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the fifth regular update.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux ES version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux WS version 2.1 - athlon, i386, i686
The Netscape 4.8 package in Red Hat Enterprise Linux 2.1 contain security flaws and should not be used.
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Netscape 4.8 contains security flaws
Advisory ID: RHSA-2004:429-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
----------------------------------------------------------------------
1. Summary:
Netscape Navigator and Netscape Communicator 4.8 as distributed with Red Hat Enterprise Linux 2.1 contain security flaws and should not be used.
2. Problem description:
Netscape Navigator and Netscape Communicator have been removed from the Red Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These packages were based on Netscape 4.8, which is known to be vulnerable to recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and CAN-2004-0599.
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Netscape 4.8 contains security flaws
Advisory ID: RHSA-2004:429-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
----------------------------------------------------------------------
1. Summary:
Netscape Navigator and Netscape Communicator 4.8 as distributed with Red Hat Enterprise Linux 2.1 contain security flaws and should not be used.
2. Problem description:
Netscape Navigator and Netscape Communicator have been removed from the Red Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These packages were based on Netscape 4.8, which is known to be vulnerable to recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and CAN-2004-0599.
Updated semi packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated semi packages fix flim vulnerability
Advisory ID: RHSA-2004:344-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0422
----------------------------------------------------------------------
1. Summary:
Updated semi packages that fix vulnerabilities in flim temporary file handling are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - noarch
Red Hat Linux Advanced Workstation 2.1 - noarch
Red Hat Enterprise Linux ES version 2.1 - noarch
Red Hat Enterprise Linux WS version 2.1 - noarch
3. Problem description:
The semi package includes a MIME library for GNU Emacs and XEmacs used by the wl mail package.
Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with Internet messages included in the semi package. Temporary files were being created without taking adequate precautions, and therefore a local user could potentially overwrite files with the privileges of the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0422 to this issue.
Users of semi are advised to upgrade to these packages, which contain a backported patch fixing this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
124396 - CAN-2004-0422 flim temporary file vulnerability affects semi packages
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package
7. References:
http://www.debian.org/security/2004/dsa-500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0422
8. Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated semi packages fix flim vulnerability
Advisory ID: RHSA-2004:344-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0422
----------------------------------------------------------------------
1. Summary:
Updated semi packages that fix vulnerabilities in flim temporary file handling are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - noarch
Red Hat Linux Advanced Workstation 2.1 - noarch
Red Hat Enterprise Linux ES version 2.1 - noarch
Red Hat Enterprise Linux WS version 2.1 - noarch
3. Problem description:
The semi package includes a MIME library for GNU Emacs and XEmacs used by the wl mail package.
Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with Internet messages included in the semi package. Temporary files were being created without taking adequate precautions, and therefore a local user could potentially overwrite files with the privileges of the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0422 to this issue.
Users of semi are advised to upgrade to these packages, which contain a backported patch fixing this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):
124396 - CAN-2004-0422 flim temporary file vulnerability affects semi packages
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/semi-1.14.3-8.72.EL.1.src.rpm
dfcfc66f790902402b72eedd3a806284 semi-1.14.3-8.72.EL.1.src.rpm
noarch:
23c1b96f8d9fc3d3aefa21812adbd5a1 semi-1.14.3-8.72.EL.1.noarch.rpm
2e5dc06d5aadf594ae7222706e230e0e semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package
7. References:
http://www.debian.org/security/2004/dsa-500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0422
8. Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
Updated Itanium kernel packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Itanium kernel packages resolve security issues
Advisory ID: RHSA-2004:327-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0415 CAN-2004-0427 CAN-2004-0495 CAN-2004-0497 CAN-2004-0535 CAN-2004-0587
----------------------------------------------------------------------
1. Summary:
Updated Itanium kernel packages that fix a number of security issues are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Itanium kernel packages resolve security issues
Advisory ID: RHSA-2004:327-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0415 CAN-2004-0427 CAN-2004-0495 CAN-2004-0497 CAN-2004-0535 CAN-2004-0587
----------------------------------------------------------------------
1. Summary:
Updated Itanium kernel packages that fix a number of security issues are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Updated pam packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated pam packages
Advisory ID: RHSA-2004:304-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
Keywords: pam pam_wheel pam_lastlog
CVE Names: CAN-2003-0388
- ---------------------------------------------------------------------
1. Summary:
Updated pam packages that fix a security vulnerability are now available for Red Hat Enterprise Linux 2.1.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated pam packages
Advisory ID: RHSA-2004:304-01
Issue date: 2004-08-18
Updated on: 2004-08-18
Product: Red Hat Enterprise Linux
Keywords: pam pam_wheel pam_lastlog
CVE Names: CAN-2003-0388
- ---------------------------------------------------------------------
1. Summary:
Updated pam packages that fix a security vulnerability are now available for Red Hat Enterprise Linux 2.1.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Updated Ethereal packages has been released for Red Hat Enterprise Linux
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Ethereal packages fix security issues
Advisory ID: RHSA-2004:378-01
Issue date: 2004-08-05
Updated on: 2004-08-05
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2004:234
CVE Names: CAN-2004-0633 CAN-2004-0634 CAN-2004-0635
----------------------------------------------------------------------
1. Summary:
Updated Ethereal packages that fix various security vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Ethereal packages fix security issues
Advisory ID: RHSA-2004:378-01
Issue date: 2004-08-05
Updated on: 2004-08-05
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2004:234
CVE Names: CAN-2004-0633 CAN-2004-0634 CAN-2004-0635
----------------------------------------------------------------------
1. Summary:
Updated Ethereal packages that fix various security vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated Mozilla packages has been released for Red Hat Enterprise Linux
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated mozilla packages fix security issues
Advisory ID: RHSA-2004:421-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0597 CAN-2004-0599 CAN-2004-0718 CAN-2004-0722 CAN-2004-0757 CAN-2004-0758 CAN-2004-0759 CAN-2004-0760 CAN-2004-0761 CAN-2004-0762 CAN-2004-0763 CAN-2004-0764 CAN-2004-0765
----------------------------------------------------------------------
1. Summary:
Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated mozilla packages fix security issues
Advisory ID: RHSA-2004:421-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0597 CAN-2004-0599 CAN-2004-0718 CAN-2004-0722 CAN-2004-0757 CAN-2004-0758 CAN-2004-0759 CAN-2004-0760 CAN-2004-0761 CAN-2004-0762 CAN-2004-0763 CAN-2004-0764 CAN-2004-0765
----------------------------------------------------------------------
1. Summary:
Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat has released updated glibc packages for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated glibc packages fix flaws
Advisory ID: RHSA-2004:383-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
Keywords: glibc libdl ld.so dlclose umount
CVE Names: CAN-2002-0029
----------------------------------------------------------------------
1. Summary:
Updated glibc packages that fix a security flaw in the resolver as well as dlclose handling are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, i686, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386, i686
Red Hat Enterprise Linux WS version 2.1 - i386, i686
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated glibc packages fix flaws
Advisory ID: RHSA-2004:383-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
Keywords: glibc libdl ld.so dlclose umount
CVE Names: CAN-2002-0029
----------------------------------------------------------------------
1. Summary:
Updated glibc packages that fix a security flaw in the resolver as well as dlclose handling are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, i686, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386, i686
Red Hat Enterprise Linux WS version 2.1 - i386, i686
Updated GNOME VFS packages has been released for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: GNOME VFS updates address extfs vulnerability
Advisory ID: RHSA-2004:373-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
Keywords: gnome-vfs gnome-vfs2 extfs
CVE Names: CAN-2004-0494
----------------------------------------------------------------------
1. Summary:
Updated GNOME VFS packages that remove potential extfs-related vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: GNOME VFS updates address extfs vulnerability
Advisory ID: RHSA-2004:373-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
Keywords: gnome-vfs gnome-vfs2 extfs
CVE Names: CAN-2004-0494
----------------------------------------------------------------------
1. Summary:
Updated GNOME VFS packages that remove potential extfs-related vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated libpng packages has been released for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated libpng packages fix security issues
Advisory ID: RHSA-2004:402-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2004:249
CVE Names: CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
----------------------------------------------------------------------
1. Summary:
Updated libpng packages that fix several issues are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated libpng packages fix security issues
Advisory ID: RHSA-2004:402-01
Issue date: 2004-08-04
Updated on: 2004-08-04
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2004:249
CVE Names: CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
----------------------------------------------------------------------
1. Summary:
Updated libpng packages that fix several issues are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
