White Box 64 Published by Philipp Esselbach 0

White Box Enterprise Linux 4 Respin 2 is now available for download via http/ftp/bittorrent. This covers Update5 from upstream plus a few errata released since. The recent OO.o and OO.o2 updates ARE included.

The previous policy of skipping every other Update from upstream is being reconsidered in light of the year gap it has caused. Every quarter was a bit often for me to respin, annually seems a mite too far in the other direction.

WBEL4 Respin2 Now available

White Box 64 Published by Philipp Esselbach 0

An updated lha package is available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: An updated lha package fixes security vulnerability
Advisory ID: WBSA-2004:323-01
Issue date: 09-20-2004
Updated on: 09-20-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: WBSA-2004:178
CVE Names: CAN-2004-0769 CAN-2004-0771 CAN-2004-0694 CAN-2004-0745
-----------------------------------------------------------------------

An updated lha package that fixes a buffer overflow is now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-September/msg00000.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated krb5 packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated krb5 packages fix security issues
Advisory ID: WBSA-2004:350-01]
Issue date: 09-20-2004
Updated on: 09-20-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: krb5 client timeout
Cross references:
Obsoletes: WBSA-2004:236
CVE Names: CAN-2004-0642 CAN-2004-0643 CAN-2004-0644
-----------------------------------------------------------------------

Updated krb5 packages that improve client responsiveness and fix several security issues are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-August/msg00015.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated CUPS packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated CUPS packages fix security vulnerability
Advisory ID: WBSA-2004:449-01
Issue date: 09-20-2004
Updated on: 09-20-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: DoS
Cross references:
Obsoletes:
CVE Names: CAN-2004-0558
-----------------------------------------------------------------------

Updated cups packages that fix a denial of service vulnerability are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-September/msg00008.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

An updated gaim package is available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated gaim package fixes security issues
Advisory ID: WBSA-2004:400-01
Issue date: 09-20-2004
Updated on: 09-20-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: RHSA-2004:033
CVE Names: CAN-2004-0500 CAN-2004-0754 CAN-2004-0784 CAN-2004-0785
-----------------------------------------------------------------------

An updated gaim package that fixes several security issues is now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-September/msg00003.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

An updated rsync package is available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated rsync package fixes security issue
Advisory ID: WBSA-2004:436-01
Issue date: 09-20-2004
Updated on: 09-20-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0792
-----------------------------------------------------------------------

An updated rsync package that fixes a path sanitizing bug is now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-September/msg00002.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated qt packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated qt packages fix security issues
Advisory ID: WBSA-2004:414-01
Issue date: 09-20-2004
Updated on: 09-20-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0691 CAN-2004-0692 CAN-2004-0693
-----------------------------------------------------------------------

Updated qt packages that fix security issues in several of the image decoders are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-August/msg00012.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated Mozilla packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated mozilla packages fix security issues
Advisory ID: WBSA-2004:421-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0597 CAN-2004-0599 CAN-2004-0718 CAN-2004-0722 CAN-2004-0757 CAN-2004-0758 CAN-2004-0759 CAN-2004-0760 CAN-2004-0761 CAN-2004-0762 CAN-2004-0763 CAN-2004-0764 CAN-2004-0765
-----------------------------------------------------------------------

This one was released by RH on Aug 4 and is only now making it's way to the WBEL mirrors. Didn't have time to do the trademark fixups before vacation.

Updated mozilla packages based on version 1.4.3 that fix a number of security issues are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-August/msg00005.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated Ethereal packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated Ethereal packages fix security issues
Advisory ID: WBSA-2004:378-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: WBSA-2004:234
CVE Names: CAN-2004-0633 CAN-2004-0634 CAN-2004-0635
-----------------------------------------------------------------------

Updated Ethereal packages that fix various security vulnerabilities are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-August/msg00006.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated sox packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated sox packages fix buffer overflows
Advisory ID: WBSA-2004:409-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: sox wav
Cross references:
Obsoletes:
CVE Names: CAN-2004-0557
-----------------------------------------------------------------------

Another catchup announcement.

Updated sox packages that fix buffer overflows in the WAV file handling code are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-July/msg00007.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated libpng packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated libpng packages fix security issues
Advisory ID: WBSA-2004:402-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: WBSA-2004:249
CVE Names: CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0
-----------------------------------------------------------------------

Another catchup announcement.

Updated libpng packages that fix several issues are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-August/msg00002.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the initial location to prevent undue load to the whiteboxlinux.org server, which doesn't have a lot of outbound bandwidth. The config files already have entries for mirror sites commented out.

Up2Date's configuration file is at /etc/sysconfig/rhn/sources

Yum's configuration is in /etc/yum.conf

White Box 64 Published by Philipp Esselbach 0

An updated ipsec-tools package is available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated ipsec-tools package
Advisory ID: WBSA-2004:308-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: IKE racoon X.509
Cross references:
Obsoletes: RHSA-2004:165
CVE Names: CAN-2004-0607
-----------------------------------------------------------------------

Another catchup announcement.

An updated ipsec-tools package that fixes verification of X.509 certificates in racoon is now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-July/msg00008.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated samba packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated samba packages fix vulnerabilities
Advisory ID: WBSA-2004:259-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: smb
Cross references:
Obsoletes:
CVE Names: CAN-2004-0600 CAN-2004-0686
-----------------------------------------------------------------------

Another catchup announcement.

Updated samba packages that fix buffer overflows, as well as other various bugs, are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-July/msg00005.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

GNOME VFS updates are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: GNOME VFS updates address extfs vulnerability
Advisory ID: WBSA-2004:373-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: gnome-vfs gnome-vfs2 extfs
Cross references:
Obsoletes:
CVE Names: CAN-2004-0494
-----------------------------------------------------------------------

Another catchup announcement.

Updated GNOME VFS packages that remove potential extfs-related vulnerabilities are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-August/msg00003.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated kernel packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: WBSA-2004:413-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: kernel security errata
Cross references:
Obsoletes: WBSA-2004:360
CVE Names: CAN-2004-0178 CAN-2004-0415 CAN-2004-0447 CAN-2004-0535 CAN-2004-0587
-----------------------------------------------------------------------

Another catchup announcement.

Updated kernel packages that fix several security issues are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-August/msg00001.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated PHP packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated php packages fix security issues
Advisory ID: WBSA-2004:392-01
Issue date: 08-19-2004
Updated on: 08-19-2004
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references: WBSA-2004:342
Obsoletes:
CVE Names: CAN-2004-0594 CAN-2004-0595
-----------------------------------------------------------------------

Catching up the announcments. This one posted to the primary mirror on July 22nd so if you have been running up2date regularly you already have it.

Updated php packages that fix various security issues are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-July/msg00004.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

John Morris has posted an update on the latest White Box Enterprise Linux updates:

I'm about to be leaving town for a week and have been trying to catch up on the flood of errata that has dropped in the last two days. I know I haven't been posting the notices for the last couple of weeks, I'll catch up on all of them when I get back. Instead of catching up on back annoucements today though, I have new packages for your updating pleasure.

The updates tree should now be current with the following exceptions:

White Box 64 Published by Philipp Esselbach 0

Updtaed kernel packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: [WBSA-2004:360-01]
Issue date: 2004-07-07
Updated on: 2004-07-07
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: kernel security errata
Cross references:
Obsoletes: WBSA-2004:255
CVE Names: CAN-2004-0497
-----------------------------------------------------------------------

Updated kernel packages that fix a security vulnerability affecting the kernel nfs server for Red Hat Enterprise Linux 3 are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-July/msg00000.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated kernel packages are available for White Box Enterprise Linux

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated kernel packages fix security vulnerabilities
Advisory ID: WBSA-2004:255-01
Issue date: 2004-06-21
Updated on: 2004-06-21
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: WBSA-2004:188
CVE Names: CAN-2004-0427 CAN-2004-0495 CAN-2004-0554
-----------------------------------------------------------------------

Updated kernel packages for Red Hat Enterprise Linux 3 that fix security vulnerabilities are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-June/msg00007.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

An updated SquirrelMail package is available for White Box Enterprise Linux

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated SquirrelMail package fixes multiple vulnerabilities
Advisory ID: WBSA-2004:240-01
Issue date: 2004-06-21
Updated on: 2004-06-21
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: cross-site scripting XSS sql injection
Cross references:
Obsoletes:
CVE Names: CAN-2004-0519 CAN-2004-0520 CAN-2004-0521
-----------------------------------------------------------------------

An updated SquirrelMail package that fixes several security vulnerabilities is now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-June/msg00004.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

Updated libpng packages are available for White Box Enterprise Linux

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated libpng packages fix security issue
Advisory ID: WBSA-2004:249-01
Issue date: 2004-06-21
Updated on: 2004-06-21
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2002-1363
-----------------------------------------------------------------------

Updated libpng packages that fix a possible buffer overflow are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-June/msg00008.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

White Box 64 Published by Philipp Esselbach 0

An update utempter package is available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated utempter package fixes vulnerability
Advisory ID: [WBSA-2004:174-01]
Issue date: 2004-06-10
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0233
-----------------------------------------------------------------------

Note: This one went to the mirrors on May 31.

An updated utempter package that fixes a potential symlink vulnerability is now available.

White Box 64 Published by Philipp Esselbach 0

An updated cvs package has been released for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated cvs package fixes security issues
Advisory ID: [WBSA-2004:233-01]
Issue date: 2004-06-09
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: WBSA-2004:190
CVE Names: CAN-2004-0414 CAN-2004-0416 CAN-2004-0417 CAN-2004-041
-----------------------------------------------------------------------

An updated cvs package that fixes several server vulnerabilities, which could be exploited by a malicious client, is now available.

White Box 64 Published by Philipp Esselbach 0

An updated squid package is available for White Box Enterpirse Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated squid package fixes security vulnerability
Advisory ID: [WBSA-2004:242-01]
Issue date: 2004-06-09
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: WBSA-2004:133
CVE Names: CAN-2004-0541
-----------------------------------------------------------------------

An updated squid package that fixes a security vulnerability in the NTLM authentication helper is now available.

White Box 64 Published by Philipp Esselbach 0

Updated Ethereal packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated Ethereal packages fix security issues
Advisory ID: [WBSA-2004:234-01]
Issue date: 2004-06-09
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords:
Cross references:
Obsoletes: WBSA-2004:136
CVE Names: CAN-2004-0504 CAN-2004-0505 CAN-2004-0506
-----------------------------------------------------------------------

Updated Ethereal packages that fix various security vulnerabilities are now available.

White Box 64 Published by Philipp Esselbach 0

Updated krb5 packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated krb5 packages available
Advisory ID: [WBSA-2004:236-01]
Issue date: 2004-06-09
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386, x86_64)
Keywords: krb5 auth_to_local MITKRB5-SA-2004-001
Cross references:
Obsoletes: WBBA-2004:208
CVE Names: CAN-2004-0523
-----------------------------------------------------------------------

Updated Kerberos 5 (krb5) packages which correct buffer overflows in the krb5_aname_to_localname function are now available.

White Box 64 Published by Philipp Esselbach 0

Updated tcpdump packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated tcpdump packages fix various vulnerabilities
Advisory ID: [WBSA-2004:219-01]
Issue date: 2004-06-10
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386)
Keywords: tcpdump buffer overflow libpcap arpwatch
Cross references:
Obsoletes: WBSA-2004:008-09
CVE Names: CAN-2004-0183 CAN-2004-0184
-----------------------------------------------------------------------

Note: This one slipped through the cracks. It was originally issued by RH on 2004-05-26.

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP parsing.

White Box 64 Published by Philipp Esselbach 0

An updated LHA package has been released for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: An updated LHA package fixes security vulnerabilities
Advisory ID: [WBSA-2004:178-01]
Issue date: 2004-06-10
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0234 CAN-2004-0235
-----------------------------------------------------------------------

Note: This one went to the mirrors on May 31.

An updated LHA package that fixes several security vulnerabilities is now available.

White Box 64 Published by Philipp Esselbach 0

Updated kernel packages has been released for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated kernel packages available
Advisory ID: [WBSA-2004:188-01]
Issue date: 2004-06-10
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386)
Keywords: taroon kernel update
Cross references:
Obsoletes: WBSA-2004:017 WBSA-2004:183
CVE Names: CAN-2003-0461 CAN-2003-0465 CAN-2003-0984 CAN-2004-0003 CAN-2004-0010
-----------------------------------------------------------------------

This is the kernel for Update2 from RH. It adds new features in addition to closing a couple of minor security holes.

White Box 64 Published by Philipp Esselbach 0

Updated libpng packages are available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated libpng packages fix crash
Advisory ID: [WBSA-2004:180-01]
Issue date: 2004-06-10
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0421
-----------------------------------------------------------------------

Note: This one went to the mirrors on May 31.

Updated libpng packages that fix a out of bounds memory access are now available.

White Box 64 Published by Philipp Esselbach 0

An updated ipsec-tools package is available for White Box Enterprise Linux 3.0

----------------------------------------------------------------------
Security Advisory

Synopsis: Updated ipsec-tools package fixes vulnerabilities in ISAKMP daemon
Advisory ID: [WBSA-2004:165-01]
Issue date: 2004-06-10
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386)
Keywords: SA x509
Cross references:
Obsoletes:
CVE Names: CAN-2004-0155 CAN-2004-0164 CAN-2004-0403
----------------------------------------------------------------------

Note: This one has actually been on the mirrors since May 17-18.

An updated ipsec-tools package that fixes vulnerabilities in racoon (the ISAKMP daemon) is now available.

White Box 64 Published by Philipp Esselbach 0

An updated rsync package is available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated rsync package fixes security issue
Advisory ID: [WBSA-2004:192-01]
Issue date: 2004-06-10
Updated on: 2004-06-10
Product: White Box Enterprise Linux 3.0 (i386)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0426
-----------------------------------------------------------------------

An updated rsync package that fixes a directory traversal security flaw is now available.

White Box 64 Published by Philipp Esselbach 0

From whiteboxlinux.org:

A large batch of errata packages (the bulk of Update2) were posted without GPG signatures. Some have been mirrored out to the mirror sites already. The problem has just been fixed and corrected packages will sync out very soon. There is nothing known to be wrong with the unsigned packages other than my forgetting to sign them but if you are the cautious type you should hold off on running up2date for a day or so.

White Box 64 Published by Philipp Esselbach 0

Updated OpenOffice packages are now available for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated OpenOffice packages fix security vulnerability in neon
Advisory ID: [WBSA-2004:160-01]
Issue date: 2004-04-14
Updated on: 2004-04-19
Product: White Box Enterprise Linux 3.0 (i386)
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0179
-----------------------------------------------------------------------

NOTICE: This package is not just a security fix. RedHat has released OpenOffice.org 1.1 as a patch for this security problem. Besides being a new version, the name of the package has changed from openoffice to openoffice.org so up2date over Yum will NOT automatically detect it. This means you are going to have to manually obtain and install this errata. Due to it's size, PLEASE use a mirror.

White Box 64 Published by Philipp Esselbach 0

Updated squid packages has been released for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated squid package fixes security vulnerability
Advisory ID: [WBSA-2004:133-01]
Issue date: 2004-04-14
Updated on: 2004-04-19
Product: White Box Enterprise Linux 3.0 (i386)
Keywords: Phishing Spoofing
Cross references:
Obsoletes:
CVE Names: CAN-2004-0189
-----------------------------------------------------------------------

An updated squid package is avaliable that fixes a security vulnerability in URL decoding and provides a new ACL type for protecting vulnerable clients.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-April/msg00000.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the initial location to prevent undue load to the whiteboxlinux.org server, which doesn't have a lot of outbound bandwidth. The config files already have entries for mirror sites commented out.

Up2Date's configuration file is at /etc/sysconfig/rhn/sources

Yum's configuration is in /etc/yum.conf

White Box 64 Published by Philipp Esselbach 0

Updated CVS packages has been released for White Box Enterprise Linux 3.0

-----------------------------------------------------------------------
Security Advisory

Synopsis: Updated CVS packages fix security issue
Advisory ID: [WBSA-2004:153-01]
Issue date: 2004-04-14
Updated on: 2004-04-19
Product: White Box Enterprise Linux 3.0 (i386)
Keywords:
Cross references:
Obsoletes: WBSA-2004:004
CVE Names: CAN-2004-0180
-----------------------------------------------------------------------

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-April/msg00001.html

To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the initial location to prevent undue load to the whiteboxlinux.org server, which doesn't have a lot of outbound bandwidth. The config files already have entries for mirror sites commented out.

Up2Date's configuration file is at /etc/sysconfig/rhn/sources

Yum's configuration is in /etc/yum.conf