Red Hat OVAL Patch Definition Merger 2 5.3 2008-01-23T07:24:08 Red Hat Enterprise Linux 3 BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The bind package provides a DNS server (named), which resolves host names to IP addresses, and tools for control and verification of the DNS server. The bind-libs package provides the libraries used by the DNS server and bind-utils. The bind-utils package provides DNS lookup utilities: host(1), dig(1), and nslookup. The bind-devel package provides header files for development with the BIND libraries. A default set of DNS server configuration files is provided by the caching-nameserver package. This update delivers backports from ISC BIND 9.2.6 to fix these issues: --Fixes to named's thread locking logic This feature in ISC BIND 9.3.0+ was backported and delivered in this update: --edns-udp-size: Users can now set the maximum size of UDP packets used for EDNS0 (RFC 2671), to get past routers / firewalls that enforce a maximum UDP packet size. Miscellaneous bug fixes, including improved support for custom named.conf locations, are also delivered in this update. All BIND users are advised to upgrade to these updated bind packages. Copyright 2006 Red Hat, Inc. CVE-2006-4096 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 4 BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The bind package provides a DNS server (named), which resolves host names to IP addresses, and tools for control and verification of the DNS server. The bind-libs package provides the libraries used by the DNS server and bind-utils. The bind-utils package provides DNS lookup utilities: host(1), dig(1), and nslookup. The bind-devel package provides header files for development with the BIND libraries. A default set of DNS server configuration files is provided by the caching-nameserver package. This update delivers backports from ISC BIND 9.2.6 to apply these fixes: - If a lookup for another name server's addresses returned addresses that were unreachable via local routers, lookups for names in domains for which that server is authoritative could experience a four second delay per name not in the cache. No delay is now incurred for addresses served by servers with unreachable addresses. - Fixes to named's thread locking logic: This feature in ISC BIND 9.3.0+ was backported and delivered in this update. - edns-udp-size: Users can now set the maximum size of UDP packets used for EDNS0 (RFC 2671), to get past routers / firewalls that enforce a maximum UDP packet size. Miscellaneous bug fixes, including improved support for custom named.conf locations, are also delivered in this update. All BIND users are advised to upgrade to the updated bind packages. Copyright 2006 Red Hat, Inc. CVE-2006-4096 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The oprofile package contains a profiling system for systems running the Linux kernel. Profiling runs transparently in the background while profile data is collected. OProfile did not recognize the ppc64 POWER5+ processor. The events for the POWER4 and POWER5 did not match the currently used event names. Users of OProfile are advised to upgrade to these updated packages, which add these enhancements. Copyright 2006 Red Hat, Inc. CVE-2006-0576 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 The initscripts package contains the basic system scripts used to boot your Red Hat system, change runlevels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3629 to this issue. The following issues have also been fixed in this update: * extraneous characters were logged on bootup. * fsck would be attempted on filesystems marked with _netdev in rc.sysinit before they were available. Additionally, support for multi-core Itanium processors has been added to redhat-support-check. All users of initscripts should upgrade to these updated packages, which contain backported patches to resolve these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-3629 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 4 The initscripts package contains the basic system scripts used to boot your Red Hat system, change runlevels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-3629 to this issue. The following issues have also been fixed in this update: * extraneous characters were logged on bootup * fsck was attempted on file systems marked with _netdev in rc.sysinit before they were available * the dynamically-linked /sbin/multipath was called instead of the correct /sbin/multiplath.static Additionally, this update includes support for partitioned multipath devices and a technology preview of static IP over InifiniBand. All users of initscripts should upgrade to this updated package, which resolves these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-3629 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0225 to this issue. The following issue has also been fixed in this update: * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. Additionally, this update implements auditing of user logins through the system audit service. All users of openssh should upgrade to these updated packages, which resolve these issues. Low Copyright 2006 Red Hat, Inc. CVE-2006-0225 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way squid processes certain NTLM authentication requests. A remote attacker could send a specially crafted NTLM authentication request which would cause the Squid server to crash. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2917 to this issue. Several bugs have also been addressed in this update: * An error introduced in 2.5.STABLE3-6.3E.14 where Squid can crash if a user visits a site which has a long DNS record. * Some authentication helpers were missing needed setuid rights. * Squid couldn't handle a reply from a HTTP server when the reply began with the new-line character or wasn't HTTP/1.0 or HTTP/1.1 compliant. * User-defined error pages were not kept when the squid package was upgraded. All users of squid should upgrade to these updated packages, which contain backported patches to resolve these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-2917 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 4 Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2917 to this issue. The following issues have also been fixed in this update: * An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a user visits a site that has a bit longer DNS record. * An error introduced in the old package prevented Squid from returning correct information about large file systems. The new package is compiled with the IDENT lookup support so that users who want to use it do not have to recompile it. * Some authentication helpers needed SETUID rights but did not have them. If administrators wanted to use cache administrator, they had to change the SETUID bit manually. The updated package sets this bit so the new package can be updated without manual intervention from administrators. * Squid could not handle a reply from an HTTP server when the reply began with the new-line character. * An issue was discovered when a reply from an HTTP server was not HTTP 1.0 or 1.1 compliant. * The updated package keeps user-defined error pages when the package is updated and it adds new ones. All users of squid should upgrade to this updated package, which resolves these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-2917 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Important Copyright 2006 Red Hat, Inc. CVE-2002-2185 CVE-2004-1190 CVE-2005-2458 CVE-2005-2709 CVE-2005-2800 CVE-2005-3044 CVE-2005-3106 CVE-2005-3109 CVE-2005-3276 CVE-2005-3356 CVE-2005-3358 CVE-2005-3784 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A bug was found in the way vixie-cron installs new crontab files. It is possible for a local attacker to execute the crontab command in such a way that they can view the contents of another user's crontab file. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1038 to this issue. This update also fixes an issue where cron jobs could start before their scheduled time. All users of vixie-cron should upgrade to this updated package, which contains backported patches and is not vulnerable to these issues. Low Copyright 2006 Red Hat, Inc. CVE-2005-1038 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 4 SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. A denial of service bug was found in SpamAssassin. An attacker could construct a message in such a way that would cause SpamAssassin to crash. If a number of these messages are sent, it could lead to a denial of service, potentially preventing the delivery or filtering of email. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-3351 to this issue. The following issues have also been fixed in this update: * service spamassassin restart sometimes fails * Content Boundary "--" throws off message parser * sa-learn: massive memory usage on large messages * High memory usage with many newlines * service spamassassin messages not translated * Numerous other bug fixes that improve spam filter accuracy and safety Users of SpamAssassin should upgrade to this updated package containing version 3.0.5, which is not vulnerable to these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-3351 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The Linux kernel handles the basic functions of the operating system. This is the third regular kernel update to Red Hat Enterprise Linux 4. New features introduced in this update include: - Open InfiniBand (OpenIB) support - Serial Attached SCSI support - NFS access control lists, asynchronous I/O - IA64 multi-core support and sgi updates - Large SMP CPU limits increased using the largesmp kernel: Up to 512 CPUs in ia64, 128 in ppc64, and 64 in AMD64 and Intel EM64T - Improved read-ahead performance - Common Internet File System (CIFS) update - Error Detection and Correction (EDAC) modules - Unisys support There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following security bug was fixed in this update: - dm-crypt did not clear a structure before freeing it, which could allow local users to discover information about cryptographic keys (CVE-2006-0095) The following device drivers have been upgraded to new versions: cciss: 2.6.8 to 2.6.8-rh1 ipmi_devintf: 33.4 to 33.11 ipmi_msghandler: 33.4 to 33.11 ipmi_poweroff: 33.4 to 33.11 ipmi_si: 33.4 to 33.11 ipmi_watchdog: 33.4 to 33.11 mptbase: 3.02.18 to 3.02.60.01rh e1000: 6.0.54-k2-NAPI to 6.1.16-k2-NAPI ixgb: 1.0.95-k2-NAPI to 1.0.100-k2-NAPI tg3: 3.27-rh to 3.43-rh aacraid: 1.1.2-lk2 to 1.1-5[2412] ahci: 1.01 to 1.2 ata_piix: 1.03 to 1.05 iscsi_sfnet: 4:0.1.11-1 to 4:0.1.11-2 libata: 1.11 to 1.20 qla2100: 8.01.00b5-rh2 to 8.01.02-d3 qla2200: 8.01.00b5-rh2 to 8.01.02-d3 qla2300: 8.01.00b5-rh2 to 8.01.02-d3 qla2322: 8.01.00b5-rh2 to 8.01.02-d3 qla2xxx: 8.01.00b5-rh2 to 8.01.02-d3 qla6312: 8.01.00b5-rh2 to 8.01.02-d3 sata_nv: 0.6 to 0.8 sata_promise: 1.01 to 1.03 sata_svw: 1.06 to 1.07 sata_sx4: 0.7 to 0.8 sata_vsc: 1.0 to 1.1 cifs: 1.20 to 1.34 Added drivers: bnx2: 1.4.25 dell_rbu: 0.7 hangcheck-timer: 0.9.0 ib_mthca: 0.06 megaraid_sas: 00.00.02.00 qla2400: 8.01.02-d3 typhoon: 1.5.7 All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Moderate Copyright 2006 Red Hat, Inc. CVE-2006-0095 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. Important Copyright 2006 Red Hat, Inc. CVE-2002-2185 CVE-2004-1057 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973 CVE-2005-3044 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 3 The Linux kernel handles the basic functions of the operating system. This is the seventh regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include: - addition of the bnx2, dell_rbu, and megaraid_sas device drivers - support for multi-core, multi-threaded Intel Itanium processors - upgrade of the SATA subsystem to include ATAPI and SMART support - optional tuning via the new numa_memory_allocator, arp_announce, and printk_ratelimit sysctls There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include the networking subsystem, the VM subsystem, NPTL handling, autofs4, the USB subsystem, CPU enumeration, and 32-bit-exec-mode handling on 64-bit architectures. The following device drivers have been upgraded to new versions: aacraid -------- 1.1.5-2412 bnx2 ----------- 1.4.30 (new) dell_rbu ------- 2.1 (new) e1000 ---------- 6.1.16-k3 emulex --------- 7.3.3 fusion --------- 2.06.16.02 ipmi ----------- 35.11 megaraid2 ------ v2.10.10.1 megaraid_sas --- 00.00.02.00 (new) tg3 ------------ 3.43RH The following security bugs were fixed in this update: - a flaw in gzip/zlib handling internal to the kernel that allowed a local user to cause a denial of service (crash) (CVE-2005-2458,low) - a flaw in ext3 EA/ACL handling of attribute sharing that allowed a local user to gain privileges (CVE-2005-2801, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-2458 CVE-2005-2801 CVE-2005-3276 CVE-2005-4798 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Ethereal is a program for monitoring network traffic. Two denial of service bugs were found in Ethereal's IRC and GTP protocol dissectors. Ethereal could crash or stop responding if it reads a malformed IRC or GTP packet off the network. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585 to these issues. A buffer overflow bug was found in Ethereal's OSPF protocol dissector. Ethereal could crash or execute arbitrary code if it reads a malformed OSPF packet off the network. (CVE-2005-3651) Users of ethereal should upgrade to these updated packages containing version 0.10.14, which is not vulnerable to these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-3313 CVE-2005-3651 CVE-2005-4585 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 The Apache HTTP Server is a popular and freely-available Web server. A memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM. A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352) A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357) Users of httpd should update to these erratum packages which contain backported patches to correct these issues along with some additional bugs. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-2970 CVE-2005-3352 CVE-2005-3357 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Several flaws were discovered in the teTeX PDF parsing library. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these issues. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Chris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. All users of CUPS should upgrade to these updated packages, which contain backported patches to resolve these issues. Important Copyright 2006 Red Hat, Inc. CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database. Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue. This issue does not affect the mod_auth_pgsql package supplied with Red Hat Enterprise Linux 2.1. Red Hat would like to thank iDefense for reporting this issue. Critical Copyright 2006 Red Hat, Inc. CVE-2005-3656 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 gpdf is a GNOME based viewer for Portable Document Format (PDF) files. Chris Evans discovered several flaws in the way gpdf processes PDF files. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Important Copyright 2006 Red Hat, Inc. CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A shell command injection flaw was found in ImageMagick's "display" command. It is possible to execute arbitrary commands by tricking a user into running "display" on a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-4601 to this issue. A format string flaw was discovered in the way ImageMagick handles filenames. It may be possible to execute arbitrary commands by tricking a user into running a carefully crafted ImageMagick command. (CVE-2006-0082) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-4601 CVE-2006-0082 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 kdelibs contains libraries for the K Desktop Environment (KDE). A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. NOTE: this issue does not affect KDE in Red Hat Enterprise Linux 3 or 2.1. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue as well as two bug fixes. Critical Copyright 2006 Red Hat, Inc. CVE-2006-0019 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Several buffer overflow flaws were found in the way gd allocates memory. An attacker could create a carefully crafted image that could execute arbitrary code if opened by a victim using a program linked against the gd library. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2004-0941 to these issues. Users of gd should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2004-0941 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. In 2002, a path traversal flaw was found in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access (CVE-2002-0399). Red Hat included a backported security patch to correct this issue in Red Hat Enterprise Linux 3, and an erratum for Red Hat Enterprise Linux 2.1 users was issued. During internal testing, we discovered that our backported security patch contained an incorrect optimization and therefore was not sufficient to completely correct this vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1918 to this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue. Low Copyright 2006 Red Hat, Inc. CVE-2005-1918 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. Users of Python should upgrade to these updated packages, which contain a backported patch that is not vulnerable to this issue. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-2491 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary javascript when a user runs Mozilla. (CVE-2006-0296) A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time the next time it is run. (CVE-2005-4134) Note that the Red Hat Enterprise Linux 3 packages also fix a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Mozilla to throw an exception. Users of Mozilla are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Critical Copyright 2006 Red Hat, Inc. CVE-2005-4134 CVE-2006-0292 CVE-2006-0296 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's Javascript interpreter derefernces objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary javascript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time the next time it is run. (CVE-2005-4134) This update also fixes a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Firefox to throw an exception. Users of Firefox are advised to upgrade to this updated package, which contains backported patches to correct these issues. Critical Copyright 2006 Red Hat, Inc. CVE-2005-4134 CVE-2006-0292 CVE-2006-0296 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch. Important Copyright 2006 Red Hat, Inc. CVE-2006-0301 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues. Moderate Copyright 2006 Red Hat, Inc. CVE-2005-3573 CVE-2005-4153 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-0481 to this issue. Please note that the vunerable libpng function is only used by TeTeX and XEmacs on Red Hat Enterprise Linux 4. All users of libpng are advised to update to these updated packages which contain a backported patch that is not vulnerable to this issue. Moderate Copyright 2006 Red Hat, Inc. CVE-2006-0481 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A heap based buffer overflow bug was discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. Important Copyright 2006 Red Hat, Inc. CVE-2006-0301 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue. In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue. Important Copyright 2006 Red Hat, Inc. CVE-2006-0645 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Jim Meyering discovered a buffer overflow bug in the way GNU tar extracts malformed archives. By tricking a user into extracting a malicious tar archive, it is possible to execute arbitrary code as the user running tar. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0300 to this issue. Users of tar should upgrade to this updated package, which contains a backported patch to correct this issue. Moderate Copyright 2006 Red Hat, Inc. CVE-2006-0300 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer. Marcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627, was incomplete. Red Hat issued kdegraphics packages with this incomplete fix in RHSA-2005:868. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0746 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. Important Copyright 2006 Red Hat, Inc. CVE-2006-0746 cpe://redhat:enterprise_linux:4