Red Hat Linux 6.1 Security Advisory

Back to Security Advisories

~   Package ORBit, esound, and gnome-core Synopsis new ORBit, esound, and gnome-core packages Advisory ID RHSA-1999:058-01 Issue Date 1999-12-03 Updated On Keywords 1. Topic: ORBit and gnome-session each contained a denial-of-service hole. ORBit and esound each contained a security hole. 2. Problem description: ORBit and esound used a source of random data that was easily guessable, possibly allowing an attacker with local access to guess the authentication keys used to control access to these services. ORBit and gnome-session contained a bug that allowed attackers to remotely crash a program under unusual circumstances. In addition to fixing these problems, TCP Wrappers support has been added to gnome-session. ORBit already makes use of TCP Wrappers. It is recommended that this functionality be used when additional access controls are desired on network access to these services. 3. Bug IDs fixed: (see bugzilla for more information) 4. Relevant releases/architectures: Red Hat Linux 6.1, Intel and SPARC 5. Obsoleted by: None 6. Conflicts with: None 7. RPMs required: Intel: ftp://updates.redhat.com/6.1/en/os/i386/ ORBit-0.5.0-2.i386.rpm ORBit-devel-0.5.0-2.i386.rpm esound-0.2.17-1.i386.rpm esound-devel-0.2.17-1.i386.rpm gnome-core-1.0.54-2.i386.rpm gnome-core-devel-1.0.54-2.i386.rpm SPARC: ftp://updates.redhat.com/6.1/en/os/sparc ORBit-0.5.0-2.sparc.rpm ORBit-devel-0.5.0-2.sparc.rpm esound-0.2.17-1.sparc.rpm esound-devel-0.2.17-1.sparc.rpm gnome-core-1.0.54-2.sparc.rpm gnome-core-devel-1.0.54-2.sparc.rpm Source: ftp://updates.redhat.com/6.1/en/os/SRPMS ORBit-0.5.0-2.src.rpm esound-0.2.17-1.src.rpm gnome-core-1.0.54-2.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the name of the RPM. 9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- 35cb261853a01711fb47ee6d48149bd4 i386/ORBit-0.5.0-2.i386.rpm 808e9dca462f8ef765b454b25e017614 i386/ORBit-devel-0.5.0-2.i386.rpm 261e7063065c50f5eb4235cb373c85f1 i386/esound-0.2.17-1.i386.rpm fa44e546df9b307cec6557cac0112eff i386/esound-devel-0.2.17-1.i386.rpm d8c3814f4b8c19c38af526271dd1c294 i386/gnome-core-1.0.54-2.i386.rpm a689359b3ff0bbe3ebc908a4ab5aaaad i386/gnome-core-devel-1.0.54-2.i386.rpm 4ce667c72a33146c5280cc7fecba0f4d sparc/ORBit-0.5.0-2.sparc.rpm 473056e09906fe49914c1d79dd30dc98 sparc/ORBit-devel-0.5.0-2.sparc.rpm 8ed14577fb93f8c684a98962c564b772 sparc/esound-0.2.17-1.sparc.rpm 0f8965c2d13bc000a87ed26ab5459ffb sparc/esound-devel-0.2.17-1.sparc.rpm 11a28ec13e110cbaabb403333efe27c1 sparc/gnome-core-1.0.54-2.sparc.rpm 7b86b6bb257376242e88096f1aafc722 sparc/gnome-core-devel-1.0.54-2.sparc.rpm 9fa749891ed4e9505b07cac512e80808 SRPMS/ORBit-0.5.0-2.src.rpm 4d34ef79104c3b754f368900a1f09370 SRPMS/esound-0.2.17-1.src.rpm 48f5b99bc92048e99e159a026b314871 SRPMS/gnome-core-1.0.54-2.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact.html You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename Note that you need RPM >= 3.0 to check GnuPG keys. 10. References: