Updated httpd and mod_ssl packages has been released for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated httpd and mod_ssl packages fix minor Apache security vulnerabilities
Advisory ID: RHSA-2004:245-01
Issue date: 2004-06-14
Updated on: 2004-06-14
Product: Red Hat Enterprise Linux
Keywords: Apache httpd ASF mod_ssl mod_proxy FakeBasicAuth
Cross references:
Obsoletes: RHBA-2004:101
CVE Names: CAN-2004-0488 CAN-2004-0492
----------------------------------------------------------------------
1. Topic:
Updated httpd and mod_ssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Updated Tripware packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Tripwire packages fix security flaw
Advisory ID: RHSA-2004:244-01
Issue date: 2004-06-14
Updated on: 2004-06-14
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0536
----------------------------------------------------------------------
1. Topic:
Updated Tripwire packages that fix a format string security vulnerability are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
An updated SquirrelMail package is available for Red Hat Enterprise Linux 3
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated SquirrelMail package fixes multiple vulnerabilities
Advisory ID: RHSA-2004:240-01
Issue date: 2004-06-14
Updated on: 2004-06-14
Product: Red Hat Enterprise Linux
Keywords: cross-site scripting XSS sql injection
Cross references:
Obsoletes:
CVE Names: CAN-2004-0519 CAN-2004-0520 CAN-2004-0521
----------------------------------------------------------------------
1. Topic:
An updated SquirrelMail package that fixes several security vulnerabilities is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch
Updated cvs packages has been released for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated cvs package fixes security issues
Advisory ID: RHSA-2004:233-01
Issue date: 2004-06-09
Updated on: 2004-06-09
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes: RHSA-2004:190
CVE Names: CAN-2004-0414 CAN-2004-0416 CAN-2004-0417 CAN-2004-0418
----------------------------------------------------------------------
1. Topic:
An updated cvs package that fixes several server vulnerabilities, which could be exploited by a malicious client, is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
An updated squid package has been released for Red Hat Enterprise Linux 3
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated squid package fixes security vulnerability
Advisory ID: RHSA-2004:242-01
Issue date: 2004-06-09
Updated on: 2004-06-09
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes: RHSA-2004:133
CVE Names: CAN-2004-0541
----------------------------------------------------------------------
1. Topic:
An updated squid package that fixes a security vulnerability in the NTLM authentication helper is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated krb5 packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated krb5 packages available
Advisory ID: RHSA-2004:236-01
Issue date: 2004-06-09
Updated on: 2004-06-09
Product: Red Hat Enterprise Linux
Keywords: krb5 auth_to_local MITKRB5-SA-2004-001
Cross references:
Obsoletes: RHBA-2004:208
CVE Names: CAN-2004-0523
----------------------------------------------------------------------
1. Topic:
Updated Kerberos 5 (krb5) packages which correct buffer overflows in the krb5_aname_to_localname function are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated Ethereal packages has been released for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Ethereal packages fix security issues
Advisory ID: RHSA-2004:234-01
Issue date: 2004-06-09
Updated on: 2004-06-09
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes: RHSA-2004:136
CVE Names: CAN-2004-0504 CAN-2004-0505 CAN-2004-0506
----------------------------------------------------------------------
1. Topic:
Updated Ethereal packages that fix various security vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat's newest hobbyist and developer version of Linux, Fedora Core 2, caused trouble for some who found they couldn't start Windows after installing the Linux upgrade side by side with it.
Read more
Microsoft Windows XP Service Pack 2 and the next version of Red Hat Enterprise Linux 3 will support new CPU-based security protections designed to stop incoming malicious executable code from being triggered.
Read more
Linux seller Red Hat and chipmaker Intel released prototype Linux software this week to support a security technology designed to curtail the spread of viruses.
Read more
An updated CVS package is available for Red Hat Linux 7.3 and 9
------------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated cvs resolves security vulnerability
Advisory ID: FLSA:1620
Issue date: 2004-06-02
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1620
CVE Names: CAN-2004-0180 CAN-2004-0396 CAN-2004-0405
------------------------------------------------------------------------
----------------------------------------------------------------------
1. Topic:
Updated cvs packages that fix remote denial of service vulnerabilities are now available.
2. Relevent releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
3. Problem description:
Sebastian Krahmer discovered a flaw in CVS clients where rcs diff files can create files with absolute pathnames An attacker could create a fake malicious CVS server that would cause arbitrary files to be created or overwritten when a victim connects to it. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0180 to this issue. (Note: Red Hat Linux 9 was already patched for this issue)
Derek Price discovered a vulnerability whereby a CVS pserver could be abused by a malicious client to view the contents of certain files outside of the CVS root directory using relative pathnames containing "../". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0405 to this issue. (Note: Red Hat Linux 9 was already patched for this issue)
Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could cause a heap overflow. An attacker who has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0396 to this issue.
Linux seller Red Hat has named Stephen McWhirter, formerly of IBM, to lead sales and operations for the Asia-Pacific region, a new position.
Read more
Updated tcpdump packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated tcpdump packages fix various vulnerabilities
Advisory ID: RHSA-2004:219-01
Issue date: 2004-05-26
Updated on: 2004-05-26
Product: Red Hat Enterprise Linux
Keywords: tcpdump buffer overflow libpcap arpwatch
Cross references:
Obsoletes: RHSA-2004:008-09
CVE Names: CAN-2004-0183 CAN-2004-0184
- ---------------------------------------------------------------------
1. Topic:
Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP parsing.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated LHA packages has been released for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: An updated LHA package fixes security vulnerabilities
Advisory ID: RHSA-2004:178-01
Issue date: 2004-05-26
Updated on: 2004-05-26
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0234 CAN-2004-0235
----------------------------------------------------------------------
1. Topic:
An updated LHA package that fixes several security vulnerabilities is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated utempter packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated utempter package fixes vulnerability
Advisory ID: RHSA-2004:174-01
Issue date: 2004-05-26
Updated on: 2004-05-26
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0233
----------------------------------------------------------------------
1. Topic:
An updated utempter package that fixes a potential symlink vulnerability is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated libpng packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated libpng packages fix crash
Advisory ID: RHSA-2004:180-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0421
----------------------------------------------------------------------
1. Topic:
Updated libpng packages that fix a out of bounds memory access are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated rsync packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated rsync package fixes security issue
Advisory ID: RHSA-2004:192-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0426
----------------------------------------------------------------------
1. Topic:
An updated rsync package that fixes a directory traversal security flaw is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated mc packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated mc packages resolve several vulnerabilities
Advisory ID: RHSA-2004:172-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords: mc buffer overflow format string temporary file
Cross references:
Obsoletes:
CVE Names: CAN-2004-0226 CAN-2004-0231 CAN-2004-0232
----------------------------------------------------------------------
1. Topic:
Updated mc packages that resolve several buffer overflow vulnerabilities, one format string vulnerability and several temporary file creation vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux WS version 2.1 - i386
Updated cadaver packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated cadaver package fixes security vulnerability in neon
Advisory ID: RHSA-2004:191-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords: cadaver neon sscanf
Cross references:
Obsoletes:
CVE Names: CAN-2004-0398
----------------------------------------------------------------------
1. Topic:
An updated cadaver package is now available that fixes a vulnerability in neon which could be exploitable by a malicious DAV server.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Updated cvs packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated cvs package fixes security issue
Advisory ID: RHSA-2004:190-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords: cvs
Cross references:
Obsoletes: RHSA-2004:153
CVE Names: CAN-2004-0396
----------------------------------------------------------------------
1. Topic:
An updated cvs package that fixes a server vulnerability that could be exploited by a malicious client is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
