Fixlet Site - PatchesforRedHatEnterpriseLinux Current Version: 192 Published: Wed, 16 May 2007 17:13:46 GMT *************************************************************** Title: RHSA-2007:0065 - Bluez-Utils Security Update - Red Hat Enterprise 4.0 Severity: Moderate Fixlet ID: 200706501 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0065.html Fixlet Description: Updated bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. Please see patch page for more detailed information. *************************************************************** Title: RHSA-2007:0166 - Java-1.4.2-Ibm Security Update - Red Hat Enterprise 3.0 Severity: Critical Fixlet ID: 200716601 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0166.html Fixlet Description: Updated java-1.4.2-ibm packages to correct a security issue are now available for Red Hat Enterprise Linux. A flaw in GIF image handling was found in the SUN Java Runtime Environment that has now been reported as also affecting IBM Java 2. Please see patch page for more details. *************************************************************** Title: RHSA-2007:0220 - Gcc Security and Bug Fix Update - Red Hat Enterprise 4.0 Severity: Moderate Fixlet ID: 200722001 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0220.html Fixlet Description: Updated gcc packages that fix a security issue and various bugs are now available. All users of gcc should upgrade to these updated packages, which contain backported patches to resolve these issues. *************************************************************** Title: RHSA-2007:0220 - Dependencies Needed - Red Hat Enterprise 4.0 Severity: Moderate Fixlet ID: 200722003 Fixlet Description: Updated gcc packages that fix a security issue and various bugs are now available. However, this update requires that the package "binutils" be installed and at least version "2.15.92.0.2-18" *************************************************************** Title: RHSA-2007:0257 - OpenSSH Security and Bug Fix Update - Red Hat Enterprise 4.0 Severity: Low Fixlet ID: 200725701 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0257.html Fixlet Description: Updated openssh packages that fix a security issue and various bugs are now available. All users of openssh should upgrade to these updated packages. *************************************************************** Title: RHSA-2007:0257 - Dependencies Needed - Red Hat Enterprise 4.0 Severity: Low Fixlet ID: 200725703 Fixlet Description: Updated openssh packages that fix a security issue and various bugs are now available. However, this update requires that the package "audit-libs" be installed and at least version "1.0.12", the package "pam" be installed and at least version "0.77-66.11" and the package "pam-devel" be installed and at least version "0.77-66.11". *************************************************************** Title: RHBA-2007:0283 - Xscreensaver Bug Fix Update - Red Hat Enterprise 4.0 (Superseded) Severity: Fixlet ID: 200728301 Fixlet Link: https://rhn.redhat.com/errata/RHBA-2007-0283.html Fixlet Description: Note: RHSA-2007:0322 supersedes this errata. Updated xscreensaver packages that fix various bugs are now available. The xscreensaver packages contain a variety of amusing and interesting screen savers. This erratum includes the following bug fixes: - a crash in rd-bomb screen saver - a client resource leak for custom screen savers that add pixmaps to the save-set and store pixmap id on screen saver virtual root window. All users of xscreensaver should upgrade to these updated packages, which resolve these issues. *************************************************************** Title: RHSA-2007:0322 - Xscreensaver Security Update - Red Hat Enterprise 3.0 Severity: Important Fixlet ID: 200732201 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0322.html Fixlet Description: An updated xscreensaver package that fixes a security flaw in the way XScreenSaver verifies user passwords is now available for Red Hat Enterprise Linux. Please see patch page for more detailed information. *************************************************************** Title: RHSA-2007:0336 - PostgreSQL Security Update - Red Hat Enterprise 3.0 Severity: Moderate Fixlet ID: 200733601 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0336.html Fixlet Description: Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux. A flaw was found in the way PostgreSQL allows authenticated users to execute security-definer functions. Please see patch page for more detailed information. *************************************************************** Title: RHSA-2007:0338 - Freeradius Security Update - Red Hat Enterprise 3.0 (AS/ES) Severity: Moderate Fixlet ID: 200733801 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0338.html Fixlet Description: Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux. A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. Please see patch page for more detailed information. *************************************************************** Title: RHSA-2007:0338 - Freeradius Security Update - Red Hat Enterprise 4.0 (AS/ES) Severity: Moderate Fixlet ID: 200733803 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0338.html Fixlet Description: Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux. A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. Please see patch page for more detailed information. *************************************************************** Title: RHSA-2007:0338 - Dependencies Needed - Red Hat Enterprise 4.0 (AS/ES) Severity: Moderate Fixlet ID: 200733805 Fixlet Description: Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux. however, this update requires that the package "mysql" be installed and at least version "4.1.20-1.RHEL4.1". *************************************************************** Title: RHSA-2007:0354 - Samba Security Update - Red Hat Enterprise 3.0 Severity: Critical Fixlet ID: 200735401 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0354.html Fixlet Description: Updated samba packages that fix several security flaws are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, on Red Hat Enterprise Linux 5 only, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default "username map script" option. (CVE-2007-2447) Users of Samba should upgrade to these packages, which contain backported patches to correct these issues. After upgrading, Samba should be restarted using "service smb restart" On Red Hat Enterprise Linux 5 the impact of these issues is reduced as Samba is constrained by the default SELinux "targeted" policy. Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues. *************************************************************** Title: RHSA-2007:0354 - Samba Security Update - Red Hat Enterprise 4.0 Severity: Critical Fixlet ID: 200735403 Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0354.html Fixlet Description: Updated samba packages that fix several security flaws are now available. Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. Please see patch page for more detailed information. *************************************************************** Title: RHSA-2007:0354 - Dependencies Needed - Red Hat Enterprise 3.0 Severity: Critical Fixlet ID: 200735405 Fixlet Description: Updated samba packages that fix several security flaws are now available. However, this update requires that the packages "krb5-workstation" and package "krb5-libs" be installed and at least version "1.2.7-31".