Updated krb5 packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated krb5 packages available
Advisory ID: RHSA-2004:236-01
Issue date: 2004-06-09
Updated on: 2004-06-09
Product: Red Hat Enterprise Linux
Keywords: krb5 auth_to_local MITKRB5-SA-2004-001
Cross references:
Obsoletes: RHBA-2004:208
CVE Names: CAN-2004-0523
----------------------------------------------------------------------
1. Topic:
Updated Kerberos 5 (krb5) packages which correct buffer overflows in the krb5_aname_to_localname function are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated Ethereal packages has been released for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Ethereal packages fix security issues
Advisory ID: RHSA-2004:234-01
Issue date: 2004-06-09
Updated on: 2004-06-09
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes: RHSA-2004:136
CVE Names: CAN-2004-0504 CAN-2004-0505 CAN-2004-0506
----------------------------------------------------------------------
1. Topic:
Updated Ethereal packages that fix various security vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat's newest hobbyist and developer version of Linux, Fedora Core 2, caused trouble for some who found they couldn't start Windows after installing the Linux upgrade side by side with it.
Read more
Microsoft Windows XP Service Pack 2 and the next version of Red Hat Enterprise Linux 3 will support new CPU-based security protections designed to stop incoming malicious executable code from being triggered.
Read more
Linux seller Red Hat and chipmaker Intel released prototype Linux software this week to support a security technology designed to curtail the spread of viruses.
Read more
An updated CVS package is available for Red Hat Linux 7.3 and 9
------------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated cvs resolves security vulnerability
Advisory ID: FLSA:1620
Issue date: 2004-06-02
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1620
CVE Names: CAN-2004-0180 CAN-2004-0396 CAN-2004-0405
------------------------------------------------------------------------
----------------------------------------------------------------------
1. Topic:
Updated cvs packages that fix remote denial of service vulnerabilities are now available.
2. Relevent releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
3. Problem description:
Sebastian Krahmer discovered a flaw in CVS clients where rcs diff files can create files with absolute pathnames An attacker could create a fake malicious CVS server that would cause arbitrary files to be created or overwritten when a victim connects to it. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0180 to this issue. (Note: Red Hat Linux 9 was already patched for this issue)
Derek Price discovered a vulnerability whereby a CVS pserver could be abused by a malicious client to view the contents of certain files outside of the CVS root directory using relative pathnames containing "../". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0405 to this issue. (Note: Red Hat Linux 9 was already patched for this issue)
Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could cause a heap overflow. An attacker who has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0396 to this issue.
Linux seller Red Hat has named Stephen McWhirter, formerly of IBM, to lead sales and operations for the Asia-Pacific region, a new position.
Read more
Updated tcpdump packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated tcpdump packages fix various vulnerabilities
Advisory ID: RHSA-2004:219-01
Issue date: 2004-05-26
Updated on: 2004-05-26
Product: Red Hat Enterprise Linux
Keywords: tcpdump buffer overflow libpcap arpwatch
Cross references:
Obsoletes: RHSA-2004:008-09
CVE Names: CAN-2004-0183 CAN-2004-0184
- ---------------------------------------------------------------------
1. Topic:
Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP parsing.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated LHA packages has been released for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: An updated LHA package fixes security vulnerabilities
Advisory ID: RHSA-2004:178-01
Issue date: 2004-05-26
Updated on: 2004-05-26
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0234 CAN-2004-0235
----------------------------------------------------------------------
1. Topic:
An updated LHA package that fixes several security vulnerabilities is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated utempter packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated utempter package fixes vulnerability
Advisory ID: RHSA-2004:174-01
Issue date: 2004-05-26
Updated on: 2004-05-26
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0233
----------------------------------------------------------------------
1. Topic:
An updated utempter package that fixes a potential symlink vulnerability is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated libpng packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated libpng packages fix crash
Advisory ID: RHSA-2004:180-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0421
----------------------------------------------------------------------
1. Topic:
Updated libpng packages that fix a out of bounds memory access are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated rsync packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated rsync package fixes security issue
Advisory ID: RHSA-2004:192-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0426
----------------------------------------------------------------------
1. Topic:
An updated rsync package that fixes a directory traversal security flaw is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated mc packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated mc packages resolve several vulnerabilities
Advisory ID: RHSA-2004:172-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords: mc buffer overflow format string temporary file
Cross references:
Obsoletes:
CVE Names: CAN-2004-0226 CAN-2004-0231 CAN-2004-0232
----------------------------------------------------------------------
1. Topic:
Updated mc packages that resolve several buffer overflow vulnerabilities, one format string vulnerability and several temporary file creation vulnerabilities are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux WS version 2.1 - i386
Updated cadaver packages are available for Red Hat Enterprise Linux 2.1
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated cadaver package fixes security vulnerability in neon
Advisory ID: RHSA-2004:191-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords: cadaver neon sscanf
Cross references:
Obsoletes:
CVE Names: CAN-2004-0398
----------------------------------------------------------------------
1. Topic:
An updated cadaver package is now available that fixes a vulnerability in neon which could be exploitable by a malicious DAV server.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Updated cvs packages are available for Red Hat Enterprise Linux
----------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated cvs package fixes security issue
Advisory ID: RHSA-2004:190-01
Issue date: 2004-05-19
Updated on: 2004-05-19
Product: Red Hat Enterprise Linux
Keywords: cvs
Cross references:
Obsoletes: RHSA-2004:153
CVE Names: CAN-2004-0396
----------------------------------------------------------------------
1. Topic:
An updated cvs package that fixes a server vulnerability that could be exploited by a malicious client is now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Updated pwlib packages are available for Red Hat Linux 7.3 and 8.0
------------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated pwlib resolves security vulnerability
Advisory ID: FLSA:1296
Issue date: 2004-05-18
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1296
CVE Names: CAN-2004-0097
------------------------------------------------------------------------
----------------------------------------------------------------------
1. Topic:
Updated PWLib packages that contain fixes for security issues found during protocol testing by the NISCC are now available.
2. Relevent releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
An updated mutt package is available for Red Hat Linux 8.0
------------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated mutt resolves security vulnerability
Advisory ID: FLSA:1285
Issue date: 2004-05-18
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1285
CVE Names: CAN-2004-0078
------------------------------------------------------------------------
----------------------------------------------------------------------
1. Topic:
New mutt packages that fix a remotely-triggerable crash in the menu drawing code are now available.
2. Relevent releases/architectures:
Red Hat Linux 8.0 - i386
Updated utempter packages has been released for Red Hat Linux 7.2 - 8.0
------------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated utempter resolves security vulnerability
Advisory ID: FLSA:1546
Issue date: 2004-05-18
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1546
CVE Names: CAN-2004-0233
------------------------------------------------------------------------
----------------------------------------------------------------------
1. Topic:
An updated utempter package that fixes a potential symlink vulnerability is now available.
2. Relevent releases/architectures:
Red Hat Linux 7.2 - i386
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Updated metamail packages has been released for Red Hat Linux 7.2 and 7.3
------------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated metamail resolves security vulnerability
Advisory ID: FLSA:1305
Issue date: 2004-05-18
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1305
CVE Names: CAN-2004-0104 CAN-2004-0105
------------------------------------------------------------------------
----------------------------------------------------------------------
1. Topic:
Updated metamail packages that fix a number of vulnerabilities are now available.
2. Relevent releases/architectures:
Red Hat Linux 7.2 - i386
Red Hat Linux 7.3 - i386
Updated mc packages has been released for Red Hat Linux 7.2 - 8.0
------------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated mc resolves security vulnerability
Advisory ID: FLSA:1224
Issue date: 2004-05-18
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1224
CVE Names: CAN-2003-1023
------------------------------------------------------------------------
----------------------------------------------------------------------
1. Topic:
Updated mc packages that fix remote buffer overflow vulnerabilities are now available.
2. Relevent releases/architectures:
Red Hat Linux 7.2 - i386
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
