Fixlet Site - PatchesforRedHatEnterpriseLinux
Current Version: 196	Published: Fri, 08 Jun 2007 20:40:14  GMT
***************************************************************
Title: RHSA-2004:402 - Libpng Security Update - Red Hat Enterprise 3.0 (x86_64) (Superseded)
Severity: <N/A>
Fixlet ID: 200440202
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2004-402.html

Fixlet Description: Note: RHSA-2007:0356 supersedes this errata. Updated libpng packages that fix several issues are now available. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During a source code audit, Chris Evans discovered several buffer overflows in libpng.  An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim.  The Common Vulnerabilities and Exposures project (cve. mitre. org) has assigned the name CAN-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. Red Hat would like to thank Chris Evans for discovering these issues. For users of Red Hat Enterprise Linux 2.1 these patches also include a more complete fix for the out of bounds memory access flaw (CAN-2002-1363). All users are advised to update to the updated libpng packages which contain backported security patches and are not vulnerable to these issues.

***************************************************************
Title: RHSA-2006:0117 - Vixie-Cron Security Update - Red Hat Enterprise 3.0 (x86_64) (Superseded)
Severity: Low
Fixlet ID: 200611702
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2006-0117.html

Fixlet Description: Note: RHSA-2007:0345 supersedes this errata.An updated vixie-cron package that fixes a bug and security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A bug was found in the way vixie-cron installs new crontab files. It is possible for a local attacker to execute the crontab command in such a way that they can view the contents of another user's crontab file. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1038 to this issue. This update also fixes an issue where cron jobs could start before their scheduled time. All users of vixie-cron should upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.

***************************************************************
Title: RHSA-2006:0271 - Freeradius Security Update - Red Hat Enterprise 3.0 (AS/ES) (x86_64) (Superseded)
Severity: Important
Fixlet ID: 200627102
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2006-0271.html

Fixlet Description: Note: RHSA-2007:0338 supersedes this errata. An updated freeradius package that fixes an authentication weakness is now available. Please note that FreeRADIUS installations not using the MSCHAP V2 protocol for authentication are not vulnerable to this issue. Users of FreeRADIUS should update to this erratum package, which contains backported patches and is not vulnerable to these issues.

***************************************************************
Title: RHSA-2006:0498 - Xscreensaver Security Update - Red Hat Enterprise 3.0 (x86_64) (Superseded)
Severity: Moderate
Fixlet ID: 200649802
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2006-0498.html

Fixlet Description: Note: RHSA-2007:0322 supersedes this errata. An updated xscreensaver package that fixes two security flaws involving keyboard focus and temporary file creation is now available for Red Hat Enterprise Linux 2.1 and 3. Users of XScreenSaver should upgrade to this updated package, which contains backported patches to correct these issues.

***************************************************************
Title: RHSA-2006:0577 - Mutt Security Update - Red Hat Enterprise 3.0 (x86_64) (Superseded)
Severity: Moderate
Fixlet ID: 200657702
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2006-0577.html

Fixlet Description: Note: RHSA-2007:0386 supersedes this errata. An updated mutt package that fixes a security issue with a buffer overflow is now available. Users of Mutt are advised to upgrade to this package, which contain a backported patch to correct this issue.

***************************************************************
Title: RHEA-2007:0102 - Evolution Enhancement Update - Red Hat Enterprise 3.0 (ES/WS) (x86_64) (Superseded)
Severity: <N/A>
Fixlet ID: 200710202
Fixlet Link: https://rhn.redhat.com/errata/RHEA-2007-0102.html

Fixlet Description: Note: RHSA-2007:0353 supersedes this errata. Updated evolution packages that add daylight savings rule enhancements for various countries are now available. Evolution is the GNOME mailer, calendar, contact manager and communications tool.  The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. This update added daylight savings rule enhancements for various countries. All users requiring evolution should install this newly released packages, which add this enhancement.

***************************************************************
Title: RHSA-2007:0166 - Java-1.4.2-Ibm Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Critical
Fixlet ID: 200716602
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0166.html

Fixlet Description: Updated java-1.4.2-ibm packages to correct a security issue are now available for Red Hat Enterprise Linux. A flaw in GIF image handling was found in the SUN Java Runtime Environment that has now been reported as also affecting IBM Java 2. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0322 - Xscreensaver Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Important
Fixlet ID: 200732202
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0322.html

Fixlet Description: An updated xscreensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0336 - PostgreSQL Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Moderate
Fixlet ID: 200733602
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0336.html

Fixlet Description: Updated postgresql packages that fix a flaw in the way PostgreSQL allows authenticated users to execute security-definer functions, is now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0338 - Freeradius Security Update - Red Hat Enterprise 3.0 (AS/ES) (x86_64)
Severity: Moderate
Fixlet ID: 200733802
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0338.html

Fixlet Description: An updated freeradius package that fixes a memory leak flaw is now available for Red Hat Enterprise Linux. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0343 - Gimp Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Moderate
Fixlet ID: 200734302
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0343.html

Fixlet Description: Updated gimp packages that fix a security issue are now available for Red Hat Enterprise Linux. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0345 - Vixie-Cron Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Moderate
Fixlet ID: 200734502
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0345.html

Fixlet Description: An updated vixie-cron package that fixes a denial of service issue is now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0353 - Evolution Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Moderate
Fixlet ID: 200735302
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0353.html

Fixlet Description: Updated evolution packages that fix a flaw was found in the way Evolution processed certain APOP authentication requests are now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0354 - Samba Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Critical
Fixlet ID: 200735402
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0354.html

Fixlet Description: Updated samba packages that fix several security flaws are now available. Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0354 - Dependencies Needed - Red Hat Enterprise 3.0 (x86_64)
Severity: Critical
Fixlet ID: 200735406

Fixlet Description: Updated samba packages that fix several security flaws are now available. However, this update requires that the package "krb5-libs" be installed and at least version "1.2.7-31".

***************************************************************
Title: RHSA-2007:0356 - Libpng Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Moderate
Fixlet ID: 200735602
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0356.html

Fixlet Description: Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. Please see patch page for more detailed information.

***************************************************************
Title: RHSA-2007:0386 - Mutt Security Update - Red Hat Enterprise 3.0 (x86_64)
Severity: Moderate
Fixlet ID: 200738602
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0386.html

Fixlet Description: An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0389 - Quagga Security Update - Red Hat Enterprise 3.0 (AS/ES)
Severity: Moderate
Fixlet ID: 200738901
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0389.html

Fixlet Description: An updated quagga package that fixes an out of bounds memory read flaw was discovered in Quagga's bgpd is now available.  Please see bulletin page for detailed information.

***************************************************************
Title: RHSA-2007:0389 - Quagga Security Update - Red Hat Enterprise 4.0
Severity: Moderate
Fixlet ID: 200738903
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0389.html

Fixlet Description: An updated quagga package that fixes an out of bounds memory read flaw was discovered in Quagga's bgpd are now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0391 - File Security Update - Red Hat Enterprise 4.0
Severity: Moderate
Fixlet ID: 200739101
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0391.html

Fixlet Description: An updated file package that fixes a new integer underflow flaw in the file utility is now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0400 - Firefox Security Update - Red Hat Enterprise 4.0
Severity: Critical
Fixlet ID: 200740001
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0400.html

Fixlet Description: An updated firefox package that fixes several security bugs is now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0401 - Thunderbird Security Update - Red Hat Enterprise 4.0
Severity: Critical
Fixlet ID: 200740101
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0401.html

Fixlet Description: An updated thunderbird package that fixes several security bugs is now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0402 - Seamonkey Security Update - Red Hat Enterprise 3.0
Severity: Critical
Fixlet ID: 200740201
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0402.html

Fixlet Description: Updated seamonkey packages that fix several flaws in the way SeaMonkey processed certain malformed JavaScript code are now available. Please see bulletin page for more detailed information.

***************************************************************
Title: RHSA-2007:0402 - Seamonkey Security Update - Red Hat Enterprise 4.0
Severity: Critical
Fixlet ID: 200740203
Fixlet Link: https://rhn.redhat.com/errata/RHSA-2007-0402.html

Fixlet Description: Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux. Please see bulletin page for more detailed information.