Package : mysql-dfsg-4.1
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2558
BugTraq ID : 14509
A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field. The ability to create user-defined
functions is not typically granted to untrusted users.
The following vulnerability matrix explains which version of MySQL in
which distribution has this problem fixed:
woody
sarge
sid
mysql
3.23.49-8.14
n/a
n/a
mysql-dfsg
n/a
4.0.24-10sarge1
4.0.24-10sarge1
mysql-dfsg-4.1
n/a
4.1.11a-4sarge2
4.1.14-2
mysql-dfsg-5.0
n/a
n/a
5.0.11beta-3
This update only covers binary packages for the big endian MIPS
architecture that was mysteriously forgotton in the earlier update.
We recommend that you upgrade your mysql-dfsg-4.1 packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : apachetop
Vulnerability : insecure temporary file
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2660
Eric Romang discovered an insecurely created temporary file in
apachetop, a realtime monitoring tool for the Apache webserver that
could be exploited with a symlink attack to overwrite arbitrary files
with the user id that runs apachetop.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
version 0.12.5-1sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 0.12.5-5.
We recommend that you upgrade your apachetop package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : drupal
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2498
Stefan Esser of the Hardened-PHP Project reported a serious vulnerablility
in the third-party XML-RPC library included with some Drupal versions. An
attacker could execute arbitrary PHP code on a target site. This update
pulls in the latest XML-RPC version from upstream.
The old stable distribution (woody) is not affected by this problem since
no drupal is included.
For the stable distribution (sarge) this problem has been fixed in
version 4.5.3-4.
For the unstable distribution (sid) this problem has been fixed in
version 4.5.5-1.
We recommend that you upgrade your drupal package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : mailutils
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2878
A format string vulnerability has been discovered in GNU mailutils
which contains utilities for handling mail that allows a remote
attacker to execute arbitrary code on the IMAP server.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
version 0.6.1-4sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 0.6.90-3.
We recommend that you upgrade your mailutils package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : egroupware
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2498
Debian Bug : 323350
Stefan Esser discovered a vulnerability in the XML-RPC libraries which
are also present in egroupware, a web-based groupware suite, that
allows injection of arbitrary PHP code into eval() statements.
The old stable distribution (woody) does not contain egroupware packages.
For the stable distribution (sarge) this problem has been fixed in
version 1.0.0.007-2.dfsg-2sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 1.0.0.009.dfsg-1.
We recommend that you upgrade your egroupware packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : arc
Vulnerability : insecure temporary file
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2945 CAN-2005-2992
Two vulnerabilities have been discovered in the ARC archive program
under Unix. The Common Vulnerabilities and Exposures project
identifies the following problems:
CAN-2005-2945
Eric Romang discovered that the ARC archive program under Unix
creates a temporary file with insecure permissions which may lead
to an attacker stealing sensitive information.
CAN-2005-2992
Joey Schulze discovered that the temporary file was created in an
insecure fashion as well, leaving it open to a classic symlink
attack.
The old stable distribution (woody) does not contain arc packages.
For the stable distribution (sarge) these problems have been fixed in
version 5.21l-1sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 5.21m-1.
We recommend that you upgrade your arc package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : mod-auth-shadow
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2963
Debian Bug : 323789
A vulnerability in mod_auth_shadow, an Apache module that lets users
perform HTTP authentication against /etc/shadow, has been discovered.
The module runs for all locations that use the 'require group'
directive which would bypass access restrictions controlled by another
authorisation mechanism, such as AuthGroupFile file, if the username
is listed in the password file and in the gshadow file in the proper
group and the supplied password matches against the one in the shadow
file.
This update requires an explicit "AuthShadow on" statement if website
authentication should be checked against /etc/shadow.
For the old stable distribution (woody) this problem has been fixed in
version 1.3-3.1woody.2.
For the stable distribution (sarge) this problem has been fixed in
version 1.4-1sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 1.4-2.
We recommend that you upgrade your libapache-mod-auth-shadow package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
A local attacker could create a symbolic link in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
gtkdiskfree is executed, this would result in the file being
overwritten with the rights of the user running the application.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
The Berkeley MPEG Tools are a collection of utilities for manipulating
MPEG video technology, including an encoder (mpeg_encode) and various
conversion utilities.
Mike Frysinger of the Gentoo Security Team discovered that mpeg_encode
and the conversion utilities were creating temporary files with
predictable or fixed filenames. The 'test' make target of the MPEG
Tools also relied on several temporary files created insecurely.
A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
the utilities are executed (or 'make test' is run), this would result
in the file being overwritten with the rights of the user running the
command.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Masanari Yamamoto discovered that Uim uses environment variables
incorrectly. This bug causes a privilege escalation if setuid/setgid
applications are linked to libuim. This bug only affects
immodule-enabled Qt (if you build Qt 3.3.2 or later versions with
USE="immqt" or USE="immqt-bc").
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
texindex is executed, this would result in the file being overwritten
with the rights of the user running the application.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Synopsis: Low: slocate security update
Advisory ID: RHSA-2005:346-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-346.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2499
1. Summary:
An updated slocate package that fixes a denial of service and various bugs
is available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Slocate is a security-enhanced version of locate. Like locate, slocate
searches through a central database (updated nightly) for files that match
a given pattern. Slocate allows you to quickly find files anywhere on your
system.
A bug was found in the way slocate scans the local filesystem. A carefully
prepared directory structure could cause updatedb's file system scan to
fail silently, resulting in an incomplete slocate database. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-2499
to this issue.
Additionally this update addresses the following issues:
- File system type exclusions were processed only when starting updatedb
and did not reflect file systems mounted while updatedb was running
(for example, automounted file systems.)
- File system type exclusions were ignored for file systems that were
mounted to a path containing a symbolic link.
- Databases created by slocate were owned by the slocate group even if they
were created by regular users.
- The default configuration excluded /mnt/floppy, but not /media.
- The default configuration did not exclude nfs4 file systems.
Users of slocate are advised to upgrade to this updated package, which
contains backported patches and is not affected by these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Synopsis: Low: vixie-cron security update
Advisory ID: RHSA-2005:361-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-361.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1038
1. Summary:
An updated vixie-cron package that fixes various bugs and a security issue
is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
A bug was found in the way vixie-cron installs new crontab files. It is
possible for a local attacker to execute the crontab command in such a way
that they can view the contents of another user's crontab file. The Common
Vulnerabilities and Exposures project assigned the name CAN-2005-1038 to
this issue.
Additionally, this update addresses the following issues:
Fixed improper limits on filename and command line lengths
Improved PAM access control conforming to EAL certification requirements
Improved reliability when running in a chroot environment
Mail recipient name checking disabled by default, can be re-enabled
Added '-p' "permit all crontabs" option to disable crontab mode checking
All users of vixie-cron should upgrade to this updated package, which
contains backported patches and is not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
147636 - cron fails to run user jobs and gives vague error message
154920 - CAN-2005-1038 vixie-cron information leak
159216 - vixie-cron updates for new audit system
163881 - Cron no longer allows read-only crontabs, enforces write access
163882 - cron fails with pam_access
163885 - crontab truncates file names greater than 100 characters.
163888 - CAN-2005-1038 vixie-cron information leak
163889 - [PATCH] List corruption when items are removed from /etc/cron.d
Synopsis: Low: net-snmp security update
Advisory ID: RHSA-2005:395-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-395.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1740 CAN-2005-2177
1. Summary:
Updated net-snmp packages that fix two security issues and various bugs
are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
SNMP (Simple Network Management Protocol) is a protocol used for network
management.
A denial of service bug was found in the way net-snmp uses network stream
protocols. It is possible for a remote attacker to send a net-snmp agent a
specially crafted packet that will crash the agent. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-2177 to this issue.
An insecure temporary file usage bug was found in net-snmp's fixproc
command. It is possible for a local user to modify the content of temporary
files used by fixproc that can lead to arbitrary command execution. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned
the name CAN-2005-1740 to this issue.
Additionally, the following bugs have been fixed:
- - The lmSensors are correctly recognized, snmp deamon no longer segfaults
- - The larger swap partition sizes are correctly reported
- - Querying hrSWInstalledLastUpdateTime no longer crashes the snmp deamon
- - Fixed error building ASN.1 representation
- - The 64-bit network counters correctly wrap
- - Large file systems are correctly handled
- - Snmptrapd initscript correctly reads options from its configuration
file /etc/snmp/snmptrapd.options
- - Snmp deamon no longer crashes when restarted using the agentX
protocol
- - snmp daemon now reports gigabit Ethernet speeds correctly
- - MAC adresses are shown when requested instead of IP adresses
All users of net-snmp should upgrade to these updated packages, which
resolve these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory only contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
150084 - snmpd dies when getting enterprises.ucdavis.memory.memTotalSwap.0
150199 - snmpd exits without a diagnostic: SIGSEGV
154455 - 64bit network counters peg instead of wrapping
154798 - /etc/init.d/snmptrapd wrong order in setting variables...
155038 - x86_64: net-snmp dies when querying hrSWInstalledLastUpdateTime
158769 - CAN-2005-1740 net-snmp insecure temporary file usage
163688 - CAN-2005-2177 net-snmp denial of service
Synopsis: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2
Advisory ID: RHSA-2005:514-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-514.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0756 CAN-2005-1265 CAN-2005-1761 CAN-2005-1762 CAN-2005-1763 CAN-2005-2098 CAN-2005-2099 CAN-2005-2100 CAN-2005-2456 CAN-2005-2490 CAN-2005-2492 CAN-2005-2555 CAN-2005-2801 CAN-2005-2872
1. Summary:
Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 4. This is the
second regular update.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
This is the second regular kernel update to Red Hat Enterprise Linux 4.
New features introduced in this update include:
- - Audit support
- - systemtap - kprobes, relayfs
- - Keyring support
- - ISCI - iscsi_sfnet 4:0.1.11-1
- - Device mapper mirroring and multipath support
- - Intel dual core support
- - esb2 chipset support
- - Increased exec-shield coverage
- - Dirty page tracking for HA systems
- - Diskdump -- allow partial diskdumps and directing to swap
There were several bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement
in the reliability and scalability of Red Hat Enterprise Linux 4.
The following security bugs were fixed in this update, detailed below with
corresponding CAN names available from the Common Vulnerabilities and
Exposures project (cve.mitre.org/):
- flaws in ptrace() syscall handling on 64-bit systems that allowed a local
user to cause a denial of service (crash) (CAN-2005-0756, CAN-2005-1761,
CAN-2005-1762, CAN-2005-1763)
- flaws in IPSEC network handling that allowed a local user to cause a
denial of service or potentially gain privileges (CAN-2005-2456, CAN-2005-2555)
- a flaw in sendmsg() syscall handling on 64-bit systems that allowed a
local user to cause a denial of service or potentially gain privileges
(CAN-2005-2490)
- a flaw in sendmsg() syscall handling that allowed a local user to cause a
denial of service by altering hardware state (CAN-2005-2492)
- a flaw that prevented the topdown allocator from allocating mmap areas
all the way down to address zero (CAN-2005-1265)
- flaws dealing with keyrings that could cause a local denial of service
(CAN-2005-2098, CAN-2005-2099)
- a flaw in the 4GB split patch that could allow a local denial of service
(CAN-2005-2100)
- a xattr sharing bug in the ext2 and ext3 file systems that could cause
default ACLs to disappear (CAN-2005-2801)
- a flaw in the ipt_recent module on 64-bit architectures which could allow
a remote denial of service (CAN-2005-2872)
The following device drivers have been upgraded to new versions:
qla2100 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2200 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2300 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2322 --------- 8.00.00b21-k to 8.01.00b5-rh2
qla2xxx --------- 8.00.00b21-k to 8.01.00b5-rh2
qla6312 --------- 8.00.00b21-k to 8.01.00b5-rh2
megaraid_mbox --- 2.20.4.5 to 2.20.4.6
megaraid_mm ----- 2.20.2.5 to 2.20.2.6
lpfc ------------ 0:8.0.16.6_x2 to 0:8.0.16.17
cciss ----------- 2.6.4 to 2.6.6
ipw2100 --------- 1.0.3 to 1.1.0
tg3 ------------- 3.22-rh to 3.27-rh
e100 ------------ 3.3.6-k2-NAPI to 3.4.8-k2-NAPI
e1000 ----------- 5.6.10.1-k2-NAPI to 6.0.54-k2-NAPI
3c59x ----------- LK1.1.19
mptbase --------- 3.01.16 to 3.02.18
ixgb ------------ 1.0.66 to 1.0.95-k2-NAPI
libata ---------- 1.10 to 1.11
sata_via -------- 1.0 to 1.1
sata_ahci ------- 1.00 to 1.01
sata_qstor ------ 0.04
sata_sil -------- 0.8 to 0.9
sata_svw -------- 1.05 to 1.06
s390: crypto ---- 1.31 to 1.57
s390: zfcp ------
s390: CTC-MPC ---
s390: dasd -------
s390: cio -------
s390: qeth ------
All Red Hat Enterprise Linux 4 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
114578 - RHEL4 U1: File Delegation, at least read-only.
130914 - RHEL4: keyring support (OpenAFS enabler)
134790 - Inspiron 8500 practically hangs when configuring b44 NIC with 1.5G memory
135669 - tcsendbreak fails in compat mode
137343 - RH40-beta1, embedded IDE/PCI drivers not honoring Sub ID's/Class code
140002 - [PATCH] i2o_block timeout Adaptec 2400A raid card
141783 - domain validation fails on DVD-305 when CD in drive
142989 - Terminated threads' resource usage is hidden from procps
144668 - System doesn't reboot even if kernel.panic is > 0 on RHEL-4 Beta-2.
145575 - [RHEL4-U2][Diskdump] Partial dump
145648 - Socket option IP_FREEBIND has no effect on SCTP socket.
145659 - Socket option SO_BINDTODEVICE problems with SCTP listening socket.
145976 - Sub-second mtime changes without modifying file
146187 - [RHEL4RC1] chicony usb keyboard fails, with side effects
147233 - NFSv3 over Kerberos: gss_get_mic FAILED during xdm login attempt
147496 - Sense data errors are seen when trying to access a travan tape device
149478 - Bug / data corruption on error handling in Ext3 under I/O failure condition
149919 - highmem.c: fix bio error propagation
149979 - kernel panic when tar'ing data to IDE Tape device
150152 - nfsv4 callback authentication patch
151222 - smp_apic_timer_interrupt() executes on kernel thread stack
151315 - kernel BUG() at pageattr:107 with rmmod e1000
151323 - Kernel BUG at pageattr:107
151429 - Fusion MPT doesn't handle multiple PCI domains correctly
152162 - LVM snapshots over md raid1 cause corruption
152440 - ppc64 arches can crash when single setpping a debugger through syscall return code
152619 - openipmi drivers missing compat_ioctl's on x86_64 kernel
152982 - fail to mount nfs4 servers
154055 - RHEL4 U1 Oracle 10G 10.0.3 aio hang running tpc-c
154100 - assertion failrue in semaphore.h caused by perfmon
154347 - spin_lock already locked by xfrm4_output
154435 - kernel dm-emc: Fix spinlock reset
154442 - kernel dm-multipath: multiple pg_inits can be issued in parallel
154451 - CAN-2005-1762 x86_64 sysret exception leads to DoS
154733 - oops when catting /proc/net/ip_conntrack_expect
155278 - Debugger killed by kernel when looking at the lowest addressed vmalloc page
155354 - 20050313 SCSI tape security
155706 - CAN-2005-2801 xattr sharing bug
155932 - [RHEL4-U2][Diskdump] hangs when SCSI drive is busy
156010 - [RHEL4-U2] Diskdump - swap partition support
156705 - Serial console corrupt on boot
157239 - Systemtap patches to be ported to RHEL4 U2 kernel
157725 - sysctl -A returns an error
157900 - [not quite PATCH] tg3 driver crashes kernel with BCM5752 chip, newer driver is OK
158107 - Serial console turns into garbage after initialising 16550A
158293 - nfs server intermitently claims ENOENT on existing files or directories
158878 - CAN-2005-1265 Prevent NULL mmap in topdown model
158883 - Annoying i2o_config kernel module messages during raidutil run
158930 - 32-bit GETBLKSIZE ioctl overflows incorrectly on 64-bit hosts.
158974 - [Patch] modprobling a module signed with a key not known to the kernel can result in a panic.
159640 - proc and sysctl interface for lockd grace period do not work
159671 - CAN-2005-1761 local user can use ptrace to crash system
159739 - [Stratus RHEL4U2] csb5 functions are tagged with __init. This causes a crash in a hot-plug environment
159765 - RHEL4 Data corruption in spite of using O_SYNC
159918 - CAN-2005-0756 x86_64 crash (ptrace-check-segment)
159921 - CAN-2005-1763 x86_64 crash (x86_64-ptrace-overflow)
160028 - Kernel BUG at pageattr:107
160518 - audit: file system and user space filtering by auid
160522 - audit: teach OOM killer about auditd
160524 - audit: file system attribute change tracking
160526 - audit:PATH record mode flags are wrong sometimes
160528 - audit: file system watch on block device
160547 - when removing scsi hosts commands are not leaked
160548 - when removing scsi hosts commands are not leaked
160654 - audit: kernel audits auditd
160663 - cable link state ignored on ethernet card (b44).
160812 - fixes exec-shield to not randomize to between end-of-binary and start-of-brk
160882 - i2o RAID monitoring memory leak
161143 - Need export of generic_drop_inode for OCFS2 support
161156 - 'mt tell' fails - backported kernel bug likely
161314 - Bluetooth paring did not work anymore since update to 2.6.9-11.EL
161789 - GET_INDEX macro in aspm pci fixup code can overwrite end of the array
161995 - kernel panic when rm -rf directory structure on tmpfs filesystem
162108 - only the main thread is shown by top(1)
162257 - irq stacks not being used for hardirqs
162548 - interrupt handlers run on thread's kernel stack
162728 - JBD race during shutdown of a journal
163528 - /dev/tty won't open during blocking /dev/ttyS1 open
164094 - Placeholder for 2.6.x SATA update 20050724-1
164228 - Export sys_recvmesg for cluster snapshot
164338 - fix aio hang when reading beyond EOF
164449 - RHEL4 [NETFILTER]: Fix deadlock in ip6_queue.
164450 - [NETFILTER]: Fix potential memory corruption in NAT code (aka memory NAT)
164628 - pci_scan_device can cause master abort
164630 - panic while running fsstress to a filesystem on a mirror
164979 - CAN-2005-2098 Error during attempt to join key management session can leave semaphore pinned
164991 - CAN-2005-2099 Destruction of failed keyring oopses
165127 - acpi_processor_get_performance_states fails on empty table entries (_PSS)
165163 - audit - syscall performance
165242 - mirrors possibly reporting invalid blocks to the filesystem
165384 - cpufreq driver hangs when using SMP Powernow
165547 - CAN-2005-2100 4G/4G split bounds checking
165560 - CAN-2005-2456 IPSEC overflow
165717 - ext on top of mirror attempts to access beyond end of device: dm-5: rw=0, want=16304032720, limit=20971520
166131 - CAN-2005-2555 IPSEC lacks restrictions
166248 - CAN-2005-2490 sendmsg compat stack overflow
166830 - CAN-2005-2492 sendmsg DoS
167126 - bad elf check in module-verify.c
167412 - [RFC] [RHEL4 U2 patch] dual-core detection gap for i386 build
167668 - LTC17960-Kernel panic at key_put+0x4/0x19 [REGRESSION]
167703 - CAN-2005-2872 ipt_recent crash
167711 - LTC18014-powernow-k8 debug messages are enabled
Synopsis: Moderate: openssh security update
Advisory ID: RHSA-2005:527-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-527.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2798
1. Summary:
Updated openssh packages that fix a security issue, bugs, and add support
for recording login user IDs for audit are now available for Red Hat
Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
An error in the way OpenSSH handled GSSAPI credential delegation was
discovered. OpenSSH as distributed with Red Hat Enterprise Linux 4 contains
support for GSSAPI user authentication, typically used for supporting
Kerberos. On OpenSSH installations which have GSSAPI enabled, this flaw
could allow a user who sucessfully authenticates using a method other than
GSSAPI to be delegated with GSSAPI credentials. The Common Vulnerabilities
and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-2798
to this issue.
Additionally, the following bugs have been addressed:
The ssh command incorrectly failed when it was issued by the root user with
a non-default group set.
The sshd daemon could fail to properly close the client connection if
multiple X clients were forwarded over the connection and the client
session exited.
The sshd daemon could bind only on the IPv6 address family for X forwarding
if the port on IPv4 address family was already bound. The X forwarding did
not work in such cases.
This update also adds support for recording login user IDs for the auditing
service. The user ID is attached to the audit records generated from the
user's session.
All users of openssh should upgrade to these updated packages, which
contain backported patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Synopsis: Low: binutils security update
Advisory ID: RHSA-2005:673-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-673.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1704
1. Summary:
An updated binutils package that fixes several bugs and minor security
issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Binutils is a collection of utilities used for the creation of executable
code. A number of bugs were found in various binutils tools.
If a user is tricked into processing a specially crafted executable with
utilities such as readelf, size, strings, objdump, or nm, it may allow the
execution of arbitrary code as the user. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name CAN-2005-1704 to
this issue.
In addition, the following bugs have been fixed:
-- by default issue an error if IA-64 hint@pause instruction is
put into the B slot, add assembler command line switch to
override this behaviour
-- fix linker's --emit-relocs with .gnu.warning.* section symbols
-- fix gprof on 64-bit ppc binaries and libraries
-- fix gas mapping of register names to dwarf2 register numbers
in CFI directives
All users of binutils should upgrade to this updated package, which
contains patches to resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Synopsis: Low: perl security update
Advisory ID: RHSA-2005:674-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-674.html
Issue date: 2005-10-05
Updated on: 2005-10-05
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0448
1. Summary:
Updated Perl packages that fix security issues and contain several bug
fixes are now available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module
removed directory trees. If a local user has write permissions to a
subdirectory within the tree being removed by File::Path::rmtree, it is
possible for them to create setuid binary files. The Common Vulnerabilities
and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0448
to this issue.
This update also addresses the following issues:
-- Perl interpreter caused a segmentation fault when environment
changes occurred during runtime.
-- Code in lib/FindBin contained a regression that caused problems with
MRTG software package.
-- Perl incorrectly declared it provides an FCGI interface where it in fact
did not.
Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
