Red Hat OVAL Patch Definition Merger 2 5.3 2008-07-23T20:03:44 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent DMTF standard that defines a common information model, and communication protocol for monitoring and controlling resources. During a security audit, a stack buffer overflow flaw was found in the PAM authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges. (CVE-2008-0003) Note that the tog-pegasus packages are not installed by default on Red Hat Enterprise Linux. The Red Hat Security Response Team believes that it would be hard to remotely exploit this issue to execute arbitrary code, due to the default SELinux targeted policy on Red Hat Enterprise Linux 4 and 5, and the SELinux memory protection tests enabled by default on Red Hat Enterprise Linux 5. Users of tog-pegasus should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages the tog-pegasus service should be restarted. Critical Copyright 2008 Red Hat, Inc. CVE-2008-0003 cpe://redhat:enterprise_linux:4 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems. Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-5497 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 3 The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the "AddDefaultCharset" directive has been removed from the configuration, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2008-0005 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 4 The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the "AddDefaultCharset" directive has been removed from the configuration, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2008-0005 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 5 The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the "AddDefaultCharset" directive has been removed from the configuration, a cross-site scripting attack might have been possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, a cross-site scripting attack against an authorized user was possible. (CVE-2007-6421) A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-6422) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 3 XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Important Copyright 2008 Red Hat, Inc. CVE-2007-4568 CVE-2007-4990 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 4 The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues. Important Copyright 2008 Red Hat, Inc. CVE-2007-4568 CVE-2007-4990 CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 5 X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11-server should upgrade to these updated packages, which contain backported patches to resolve these issues. Important Copyright 2008 Red Hat, Inc. CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. (CVE-2007-6284) Red Hat would like to thank the Google Security Team for responsibly disclosing this issue. All users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Important Copyright 2008 Red Hat, Inc. CVE-2007-6284 cpe://redhat:enterprise_linux:3 cpe://redhat:enterprise_linux:4 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with "trust" or "ident" authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 cpe://redhat:enterprise_linux:4 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 3 PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with "trust" or "ident" authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.3.21 and resolve these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-3278 CVE-2007-6600 CVE-2007-6601 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 5 Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342) Users of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-5461 CVE-2007-5342 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 4 The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues: A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug: * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the "pvmove /dev/[device] /dev/[device]" command caused a kernel panic. A "kernel: Unable to handle kernel paging request at virtual address [address]" error was logged by syslog. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Important Copyright 2008 Red Hat, Inc. CVE-2007-4130 CVE-2007-5500 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0001 CVE-2007-4130 panic caused by set_mempolicy with MPOL_BIND CVE-2007-5500 kernel hang via userspace PTRACE+waitid CVE-2007-6063 Linux Kernel isdn_net_setcfg buffer overflow CVE-2007-6694 /proc/cpuinfo DoS on some ppc machines CVE-2007-6206 Issue with core dump owner CVE-2007-6151 I4L: fix isdn_ioctl memory issue pvmove causes kernel panic CVE-2008-0001 kernel: filesystem corruption by unprivileged user via directory truncation cpe://redhat:enterprise_linux:4 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451 cpe://redhat:enterprise_linux:4 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 3 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121 CVE-2007-6450 CVE-2007-6451 cpe://redhat:enterprise_linux:3 Red Hat Enterprise Linux 5 The setroubleshoot packages provide tools to help diagnose SELinux problems. When AVC messages occur, an alert is generated that gives information about the problem, and how to create a resolution. A flaw was found in the way sealert wrote diagnostic messages to a temporary file. A local unprivileged user could perform a symbolic link attack, and cause arbitrary files, writable by other users, to be overwritten when a victim runs sealert. (CVE-2007-5495) A flaw was found in the way sealert displayed records from the setroubleshoot database as unescaped HTML. An local unprivileged attacker could cause AVC denial events with carefully crafted process or file names, injecting arbitrary HTML tags into the logs, which could be used as a scripting attack, or to confuse the user running sealert. (CVE-2007-5496) Additionally, the following bugs have been fixed in these update packages: * in certain situations, the sealert process used excessive CPU. These alerts are now capped at a maximum of 30, D-Bus is used instead of polling, threads causing excessive wake-up have been removed, and more robust exception-handling has been added. * different combinations of the sealert '-a', '-l', '-H', and '-v' options did not work as documented. * the SETroubleShoot browser did not allow multiple entries to be deleted. * the SETroubleShoot browser did not display statements that displayed whether SELinux was using Enforcing or Permissive mode, particularly when warning about SELinux preventions. * in certain cases, the SETroubleShoot browser gave incorrect instructions regarding paths, and would not display the full paths to files. * adding an email recipient to the recipients option from the /etc/setroubleshoot/setroubleshoot.cfg file and then generating an SELinux denial caused a traceback error. The recipients option has been removed; email addresses are now managed through the SETroubleShoot browser by navigating to File -> Edit Email Alert List, or by editing the /var/lib/setroubleshoot/email_alert_recipients file. * the setroubleshoot browser incorrectly displayed a period between the httpd_sys_content_t context and the directory path. * on the PowerPC architecture, The get_credentials() function in access_control.py would generate an exception when it called the socket.getsockopt() function. * The code which handles path information has been completely rewritten so that assumptions on path information which were misleading are no longer made. If the path information is not present, it will be presented as "<Unknown>". * setroubleshoot had problems with non-English locales under certain circumstances, possibly causing a python traceback, an sealert window pop-up containing an error, a "RuntimeError: maximum recursion depth exceeded" error after a traceback, or a "UnicodeEncodeError" after a traceback. * sealert ran even when SELinux was disabled, causing "attempt to open server connection failed" errors. Sealert now checks whether SELinux is enabled or disabled. * the database setroubleshoot maintains was world-readable. The setroubleshoot database is now mode 600, and is owned by the root user and group. * setroubleshoot did not validate requests to set AVC filtering options for users. In these updated packages, checks ensure that requests originate from the filter owner. * the previous setroubleshoot packages required a number of GNOME packages and libraries. setroubleshoot has therefore been split into 2 packages: setroubleshoot and setroubleshoot-server. * a bug in decoding the audit field caused an "Input is not proper UTF-8, indicate encoding!" error message. The decoding code has been rewritten. * a file name mismatch in the setroubleshoot init script would cause a failure to shut down. Users of setroubleshoot are advised to upgrade to these updated packages, which resolve these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-5495 CVE-2007-5496 setroubleshoot browser doesn't allow multiple entry deletion setroubleshoot gives bad suggestions Adding recipents entry to config file crashes setroubleshoot typo in sealert / setroubleshoot suggestion missing filename in setroubleshoot (AVC.get_path() returns incomplete path) Runtime Error: maximum recursion depth exceeded CVE-2007-5495 setroubleshoot insecure logging CVE-2007-5496 setroubleshoot log injection setroubleshoot failure when httpd is trying to access rpm_log_t setroubleshoot requires gnome to run setroubleshoot - audit_listener_database.xml:3029: parser error in xmlParseDoc() socket.getsockopt() on ppc generates exception cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 5 The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. Important Copyright 2008 Red Hat, Inc. CVE-2008-0006 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 5 The kernel packages contain the Linux kernel, the core of any Linux operating system. These new kernel packages fix the following security issues: A flaw was found in the virtual filesystem (VFS). An unprivileged local user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the Xen PAL emulation on Intel 64 platforms. A guest Hardware-assisted virtual machine (HVM) could read the arbitrary physical memory of the host system, which could make information available to unauthorized users. (CVE-2007-6416, Important) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file, potentially containing sensitive information. (CVE-2007-6206, Moderate) A buffer overflow flaw was found in the CIFS virtual file system. A remote,authenticated user could issue a request that could lead to a denial of service. (CVE-2007-5904, Moderate) A flaw was found in the "sysfs_readdir" function. A local user could create a race condition which would cause a denial of service (kernel oops). (CVE-2007-3104, Moderate) As well, these updated packages fix the following bugs: * running the "strace -f" command caused strace to hang, without displaying information about child processes. * unmounting an unresponsive, interruptable NFS mount, for example, one mounted with the "intr" option, may have caused a system crash. * a bug in the s2io.ko driver prevented VLAN devices from being added. Attempting to add a device to a VLAN, for example, running the "vconfig add [device-name] [vlan-id]" command caused vconfig to fail. * tux used an incorrect open flag bit. This caused problems when building packages in a chroot environment, such as mock, which is used by the koji build system. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Important Copyright 2008 Red Hat, Inc. CVE-2007-3104 CVE-2007-5904 CVE-2007-6206 CVE-2007-6416 CVE-2008-0001 cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux 5 The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues. Important Copyright 2008 Red Hat, Inc. CVE-2007-4770 CVE-2007-4771 CVE-2007-4770 libicu poor back reference validation CVE-2007-4771 libicu incomplete interval handling cpe://redhat:enterprise_linux:5 Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker could induce a server application to process a specially crafted image file, the attacker could potentially cause a denial-of-service or execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processed font data. An applet viewed via the "appletviewer" application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the "appletviewer" application. The same flaw could, potentially, crash a server application which processed untrusted font information from a third party. (CVE-2007-4381) A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Untrusted Java Applets were able to drag and drop files to a desktop application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display over-sized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Please note: the vulnerabilities noted above concerned with applets can only be triggered in java-1.4.2-bea by calling the "appletviewer" application. All users of java-1.4.2-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.4.2_16 release which resolves these issues. Moderate Copyright 2008 Red Hat, Inc. CVE-2007-4381 CVE-2007-2788 CVE-2007-2789 CVE-2007-3698 CVE-2007-5232 CVE-2007-5240 CVE-2007-5273 CVE-2007-5239 CVE-2007-3698 Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition CVE-2007-2788 Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit CVE-2007-2789 BMP image parser vulnerability CVE-2007-4381 java: Vulnerability in the font parsing code CVE-2007-5232 Security Vulnerability in Java Runtime Environment With Applet Caching CVE-2007-5240 Applets or Applications are allowed to display an oversized window CVE-2007-5273 Anti-DNS Pinning and Java Applets with HTTP proxy cpe://redhat:rhel_extras:3 cpe://redhat:rhel_extras:4 cpe://redhat:rhel_extras:5 <