[RedHat-Announcements] BES Auto Notification: New Fixlets Published
in Fixlet Site: PatchesforRedHatEnterpriseLinux
redhat-announcements at bigmail.bigfix.com
redhat-announcements at bigmail.bigfix.com
Wed Jun 1 02:15:16 PDT 2005
Fixlet Site - PatchesforRedHatEnterpriseLinux
Current Version: 29 Published: Tue, 31 May 2005 23:37:00 GMT
***************************************************************
Title: RHSA-2003:317 - Updated Iproute Packages Fix Local Security Vulnerability - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200331701
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2003-317.html
Fixlet Description: An updated iproute package that closes a locally-exploitable denial of service vulnerability is now available.Iproute can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. Users of iproute should upgrade to this erratum package, which contains a patch which checks that the netlink messages actually come from the kernel.
***************************************************************
Title: RHSA-2003:395 - Updated Gnupg Packages Disable Elgamal Keys - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200339501
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2003-395.html
Fixlet Description: An updated gnupg package is now available for Red Hat Enterprise Linux. This update disables the ability to generate ElGamal keys (used for both signing and encrypting) and disables the ability to use ElGamal public keys for encrypting data.This severe bug creates and uses ElGamal keys, when those keys are used both to sign and encrypt data. This vulnerability can be used to trivially recover the private key. While the default behavior of GnuPG generates keys it does not lead to the creation of unsafe keys, by overriding the default settings an unsafe key could have been created.If you are using ElGamal keys, you should revoke those keys immediately.The package included in this update does not make ElGamal keys safe to use; they merely include disable functions that would generate or use ElGamal keys.
***************************************************************
Title: RHSA-2004:005 - Updated Kdepim Packages Resolve Security Vulnerability - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200400501
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-005.html
Fixlet Description: Updated kdepim packages are now available that fix a local buffer overflow vulnerability.The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. Users of kdepim are advised to upgrade to these erratum packages, which contain a backported security patch that corrects this issue.
***************************************************************
Title: RHSA-2004:031 - Updated NetPBM Packages Fix Multiple Temporary File Vulnerabilities - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200403101
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-031.html
Fixlet Description: Updated NetPBM packages are available that fix a number of temporary file vulnerabilities in the netpbm libraries.A number of temporary file bugs have been found in versions of NetPBM. These could make it possible for a local user to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. Users are advised to upgrade to the erratum packages, which contain patches that correct these bugs.
***************************************************************
Title: RHSA-2004:041 - Updated Slocate Packages Fix Vulnerabilities - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200404101
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-041.html
Fixlet Description: An updated slocate package is now available that fixes vulnerabilities allowing a local user to gain "slocate" group privileges.Users of Slocate should upgrade to this erratum package, which contain Slocate version 2.7 that causes slocate to drop privileges before reading a user-supplied database.
***************************************************************
Title: RHSA-2004:047 - Updated Pwlib Packages Fix Protocol Security Issues - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200404701
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-047.html
Fixlet Description: An updated PWLib package that contains fixes for security issues found during protocol testing by the NISCC are now available.A test suite for the H.225 protocol (part of the H.323 family) provided by the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker could trigger these bugs by sending carefully crafted messages to an application. The effects of such an attack can vary depending on the application, but would usually result in a Denial of Service. Users are advised to upgrade to the erratum package, which contain backported security fixes and are not vulnerable to these issues.
***************************************************************
Title: RHSA-2004:050 - Updated Mutt Packages Fix Remotely-Triggerable Crash - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200405001
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-050.html
Fixlet Description: A new mutt package that fix a remotely-triggerable crash in the menu drawing code is now available.A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim. .It is recommended that all mutt users upgrade to this updated package, which contain a backported security patch and are not vulnerable to this issue.
***************************************************************
Title: RHSA-2004:174 - Updated Utempter Package Fixes Vulnerability - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200417401
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-174.html
Fixlet Description: An updated utempter package that fixes a potential symlink vulnerability is now available.Users should upgrade to this new version of utempter, which fixes this vulnerability.
***************************************************************
Title: RHSA-2004:323 - An Updated Lha Package Fixes Security Vulnerability - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200432301
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-323.html
Fixlet Description: An updated lha package that fixes a buffer overflow is now available.Buffer overflows were discovered in the command line processing of all versions of lha up to and including version 1.14. If a malicious user could trick a victim into passing a specially crafted command line to the lha command, it is possible that arbitrary code could be executed. Users of lha should update to this updated package which contains backported patches and is not vulnerable to these issues.
***************************************************************
Title: RHSA-2004:373 - GNOME VFS Updates Address Extfs Vulnerability - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200437301
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-373.html
Fixlet Description: Updated GNOME VFS packages that remove potential extfs-related vulnerabilities are now available.Flaws have been found in several of the GNOME VFS extfs backend scripts. Red Hat Enterprise Linux ships with vulnerable scripts, but they are not used by default. An attacker who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. Users of Red Hat Enterprise Linux should upgrade to these updated packages, which remove these unused scripts.
***************************************************************
Title: RHSA-2004:402 - Updated Libpng Packages Fix Security Issues - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200440201
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-402.html
Fixlet Description: Updated libpng packages that fix several issues are now available.All users are advised to update to the updated libpng packages which contain backported security patches and are not vulnerable to these issues.
***************************************************************
Title: RHSA-2004:409 - Updated Sox Packages Fix Buffer Overflows - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200440901
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-409.html
Fixlet Description: Updated sox packages that fix buffer overflows in the WAV file handling code are now available.Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. All users of sox should upgrade to these updated packages, which resolve these issues and a number of minor bugs.
***************************************************************
Title: RHSA-2004:414 - Updated Qt Packages Fix Security Issues - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200441401
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-414.html
Fixlet Description: Updated qt packages that fix security issues in several of the image decoders are now available.Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim.Users of Qt should update to these updated packages which contain backported patches that are not vulnerable to these issues.
***************************************************************
Title: RHSA-2004:638 - Updated Gd Packages Fix Security Issues - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200463811
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-638.html
Fixlet Description: Updated gd packages that fix security issues with overflow in various memory allocation calls are now available.Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. While researching the fixes to these overflows, additional buffer overflows were discovered in calls to gdMalloc. Users of gd should upgrade to these updated packages, which contain a backported security patch, and are not vulnerable to these issues.
***************************************************************
Title: RHSA-2004:650 - Updated Libxml Package Fixes Security Vulnerabilities - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200465009
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-650.html
Fixlet Description: An updated libxml package that fixes multiple buffer overflows is now available.All users are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
***************************************************************
Title: RHSA-2005:074 - Rsh Security Update - Red Hat Enterprise 3.0
Severity: Low
Fixlet ID: 200507401
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-074.html
Fixlet Description: Updated rsh packages that fix various bugs and a theoretical security issue are now available.All users of rsh should upgrade to these updated packages, which resolve these issues.
***************************************************************
Title: RHSA-2005:106 - Openssh Security Update - Red Hat Enterprise 3.0
Severity: Low
Fixlet ID: 200510601
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-106.html
Fixlet Description: Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 3.Users of openssh should upgrade to these updated packages, which contain backported patches to resolve these issues.
***************************************************************
Title: RHSA-2005:238 - Evolution Security Update - Red Hat Enterprise 3.0
Severity: Low
Fixlet ID: 200523801
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-238.html
Fixlet Description: Updated evolution packages that fix various bugs are now available.A bug was found in Evolution's helper program camel-lock-helper. Thisbug could allow a local attacker to gain root privileges ifcamel-lock-helper has been built to execute with elevated privileges. All users of evolution should upgrade to these updated packages, whichresolve these issues.
***************************************************************
Title: RHSA-2005:256 - Glibc Security Update - Red Hat Enterprise 3.0
Severity: Low
Fixlet ID: 200525601
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-256.html
Fixlet Description: Updated glibc packages that address several bugs are now available.All users of glibc should upgrade to these updated packages, which resolve these issues.
***************************************************************
Title: RHSA-2005:413 - Imagemagick Security Update - Red Hat Enterprise 3.0
Severity: Important
Fixlet ID: 200541301
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-413.html
Fixlet Description: Updated ImageMagick packages that fix a buffer overflow issue are now available.A heap based buffer overflow bug was found in the way ImageMagick parses PNM files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted PNM file. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue.
***************************************************************
Title: RHSA-2005:427 - Ethereal Security Update - Red Hat Enterprise 3.0
Severity: Moderate
Fixlet ID: 200542701
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-427.html
Fixlet Description: Updated Ethereal packages that fix various security vulnerabilities are nowavailable.A number of security flaws have been discovered in Ethereal. On a systemwhere Ethereal is running, a remote attacker could send malicious packetsto trigger these flaws and cause Ethereal to crash or potentially executearbitrary code. Users of ethereal should upgrade to these updated packages, which containversion 0.10.11 which is not vulnerable to these issues.
***************************************************************
Title: RHSA-2005:435 - Mozilla Security Update - Red Hat Enterprise 3.0
Severity: Important
Fixlet ID: 200543501
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-435.html
Fixlet Description: Updated mozilla packages that fix various security bugs are now available.Several bugs were found in the way Mozilla executes javascript code.Javascript executed from a web page should run with a restricted accesslevel, preventing dangerous actions. It is possible that a malicious webpage could execute javascript code with elevated privileges, allowingaccess to protected data and functions. Users of Mozilla are advised to upgrade to this updated package, whichcontains Mozilla version 1.7.8 to correct these issues.
***************************************************************
Title: RHSA-2005:435 - Mozilla Security Update - Red Hat Enterprise 3.0
Severity: Important
Fixlet ID: 200543502
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-435.html
Fixlet Description: Updated mozilla packages that fix various security bugs are now available.Several bugs were found in the way Mozilla executes javascript code.Javascript executed from a web page should run with a restricted accesslevel, preventing dangerous actions. It is possible that a malicious webpage could execute javascript code with elevated privileges, allowingaccess to protected data and functions. Users of Mozilla are advised to upgrade to this updated package, whichcontains Mozilla version 1.7.8 to correct these issues.
***************************************************************
Title: RHSA-2005:472 - Kernel Security Update - Red Hat Enterprise 3.0 (i686)
Severity: Important
Fixlet ID: 200547201
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-472.html
Fixlet Description: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.These new kernel packages contain fixes for the three security issues described below as well as an important fix for a problem that could lead to data corruption on x86-architecture SMP systems with greater than 4GB of memory through heavy usage of multi-threaded applications.All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
***************************************************************
Title: RHSA-2005:472 - Kernel Security Update - Red Hat Enterprise 3.0 (Athlon)
Severity: Important
Fixlet ID: 200547202
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-472.html
Fixlet Description: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. These new kernel packages contain fixes for the three security issues described below as well as an important fix for a problem that could lead to data corruption on x86-architecture SMP systems with greater than 4GB of memory through heavy usage of multi-threaded applications. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
***************************************************************
Title: RHEA-2005:191 - Anaconda Enhancement Update - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200519102
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2005-191.html
Fixlet Description: Updated anaconda packages that add various enhancements are now available.All users of anaconda should upgrade to these updated packages, which add these enhancements, as well as resolve these bugs.
***************************************************************
Title: RHEA-2005:253 - Tzdata Enhancement Update - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200525302
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2005-253.html
Fixlet Description: An updated tzdata package that adds daylight savings rule enhancements for various countries is now available.This update adjusts timezone files for Israel and Paraguay where daylight savings rules have recently changed, and a correction for Azerbaijan daylight saving rules in autumn 1992.Users in the above mentioned countries should upgrade to this updated package and rerun system-config-date to update the local timezone in /etc/localtime.
***************************************************************
Title: RHEA-2005:272 - Ltrace Enhancement Update - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200527202
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2005-272.html
Fixlet Description: An updated ltrace package that adds support for tracing of 32-bit binaries on AMD64 systems is now available.This update adds support for tracing both 64-bit and 32-bit binaries on AMD64 by the same ltrace binary, as well as fixes some bugs in the 64-bit binary tracing support.All users of ltrace should upgrade to this updated package, which resolves this issue.
***************************************************************
Title: RHEA-2005:305 - New Redhat-Release Package for Red Hat Enterprise Linux 3 Update 5 - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200530502
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2005-305.html
Fixlet Description: New redhat-release packages are available for Red Hat Enterprise Linux 3 Update 5.Users of Red Hat Enterprise Linux 3 should upgrade to these updated packages.
***************************************************************
Title: RHEA-2005:312 - New Rpmdb-Redhat Package for Red Hat Enterprise Linux 3 Update 5 - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200531202
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2005-312.html
Fixlet Description: A new rpmdb-redhat package is now available for Red Hat Enterprise Linux 3Update 5.Users of Red Hat Enterprise Linux 3 should upgrade to this updated package.
***************************************************************
Title: RHEA-2005:454 - Updated Gnome-Panel and Metacity Packages - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200545402
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2005-454.html
Fixlet Description: Updated gnome-panel and metacity packages that enable the window manager to ignore partial width panels are now available.These updated packages allow the window manager to detect when a panel does not occupy the full screen width or height.All users of gnome-panel and metacity should upgrade to these updated packages, which include this enhancement.
***************************************************************
Title: RHEA-2005:455 - Updated Wget Package - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200545502
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2005-455.html
Fixlet Description: An updated wget package that adds large file support is now available.This updated package adds support for downloads of files larger than 2 GB.All users of wget should upgrade to this updated package, which adds this enhancement.
***************************************************************
Title: RHBA-2005:028 - Zsh Bug Fix Update - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200502802
Fixlet Link: https://rhn.redhat.com/errata/RHBA-2005-028.html
Fixlet Description: An updated zsh package that fixes a bug is now available.Previously, zsh did not automatically source /etc/profile (and /etc/profile.d/*) if a user overwrote the sample .zshrc. This package corrects that issue by automatically sourcing /etc/profile in /etc/zprofile.All users of zsh should upgrade to this updated package, which resolves this issue.
***************************************************************
Title: RHBA-2005:131 - Strace Bug Fix Update - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200513101
Fixlet Link: https://rhn.redhat.com/errata/RHBA-2005-131.html
Fixlet Description: An updated strace package that fixes several bugs is now available.The previous version of strace had multiple bugs resulting in incorrect or incomplete output for certain system calls. On the AMD64 platform, while tracing a 32-bit (i386) process, incorrect values were shown for the third and later arguments to a system call. On the Itanium platform, several system calls were not recognized. Several ioctl commands used with networking sockets are now displayed in more detail.Users of strace should upgrade to this updated package, which resolves these issues.
***************************************************************
Title: RHBA-2005:187 - Gdb Bug Fix Update - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200518702
Fixlet Link: https://rhn.redhat.com/errata/RHBA-2005-187.html
Fixlet Description: An updated gdb package that fixes various bugs is now available.All users of gdb should upgrade to this updated package, which resolves these issues.
***************************************************************
Title: RHBA-2005:428 - Updated Bonobo-Activation Packages - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200542801
Fixlet Link: https://rhn.redhat.com/errata/RHBA-2005-428.html
Fixlet Description: Updated bonobo-activation packages that fix various evolution interaction bugs are now available.All users of bonobo-activation should upgrade to these updated packages, which resolve these issues.
***************************************************************
Title: RHBA-2005:441 - Updated Myodbc Package - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200544101
Fixlet Link: https://rhn.redhat.com/errata/RHBA-2005-441.html
Fixlet Description: An updated MyODBC package that fixes a bug is now available.This update fixes a build problem that caused the driver to be nonfunctional on AMD64 and IBM eServer zSeries architectures.All users of MyODBC on the AMD64 and IBM eServer zSeries architectures should upgrade to this updated package, which resolves this issue.
***************************************************************
Title: RHBA-2005:448 - Updated Dvd+Rw-Tools Package - Red Hat Enterprise 3.0
Severity: <N/A>
Fixlet ID: 200544801
Fixlet Link: https://rhn.redhat.com/errata/RHBA-2005-448.html
Fixlet Description: An updated dvd+rw-tools package that fixes a bug is now available for Red Hat Enterprise Linux 3.This erratum fixes a bug that caused a write failure when burning DVD media.Users of the dvd+rw-tools package should upgrade to this updated package, which resolves this issue.
***************************************************************
Title: RHSA-2005:294 - Updated Kernel Packages Available for Red Hat Enterprise Linux 3 Update 5 - Red Hat Enterprise 3.0 (i686)
Severity: <N/A>
Fixlet ID: 200529401
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-294.html
Fixlet Description:
***************************************************************
Title: RHSA-2005:294 - Updated Kernel Packages Available for Red Hat Enterprise Linux 3 Update 5 - Red Hat Enterprise 3.0 (Athlon)
Severity: <N/A>
Fixlet ID: 200529402
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2005-294.html
Fixlet Description:
More information about the RedHat-Announcements
mailing list