Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories: October 27, 2005

Oct 28, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 874-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 27th, 2005 http://www.debian.org/security/faq


Package : lynx
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3120

Ulf Härnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in version 2.8.4.1b-3.3.

For the stable distribution (sarge) this problem has been fixed in version 2.8.5-2sarge1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your lynx package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.dsc
     Size/MD5 checksum: 579 117f4e3d95a601741dc672012719042c
    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.diff.gz
     Size/MD5 checksum: 14448 5e5d819520415baa0d91f75f0ee4f0af
    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
     Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a

Alpha architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_alpha.deb
     Size/MD5 checksum: 1610266 c887b1d0598b99fe1e3f45fedaaf3321

ARM architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_arm.deb
     Size/MD5 checksum: 1487698 fb290d8440ef3b2b59f10e270b1d7bb6

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_i386.deb
     Size/MD5 checksum: 1442878 31da62cb1f065acc2f65f2fd4481d530

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_ia64.deb
     Size/MD5 checksum: 1762578 e57e52ed11ea52b55d6a5ede09b466a8

HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_hppa.deb
     Size/MD5 checksum: 1555440 4beb62a33cc2c0f00a45e69bed8b5591

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_m68k.deb
     Size/MD5 checksum: 1405626 7f8d46f3d143781364337b666a55fa42

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mips.deb
     Size/MD5 checksum: 1507782 ae2ce1ddbe4855967d050a3e64e42e26

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mipsel.deb
     Size/MD5 checksum: 1503970 08e80c500a4d57a4e47fc45dbf0ebfe3

PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_powerpc.deb
     Size/MD5 checksum: 1491262 2b58dece4ae0a8a98b31e2f8eba40d13

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_s390.deb
     Size/MD5 checksum: 1463360 1e5419b8db89374ea1c96f1219fe6e15

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_sparc.deb
     Size/MD5 checksum: 1492728 f4da20fe1ac83ee9adf37d49bb896c63

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.dsc
     Size/MD5 checksum: 614 e7d5a14aafd2e9775c3175e44e3f9964
    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.diff.gz
     Size/MD5 checksum: 14891 59cf146b8defbfa1b78df4306b951441
    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
     Size/MD5 checksum: 2984352 5f516a10596bd52c677f9bfd9579bc28

Alpha architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_alpha.deb
     Size/MD5 checksum: 1994554 8a9eb6cd8ee34ad17aa06b912b588659

AMD64 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_amd64.deb
     Size/MD5 checksum: 1881684 5afcd53828326a0cb056681047bd48e6

ARM architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_arm.deb
     Size/MD5 checksum: 1852912 de530d45ce98e68932ec4624abd67201

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_i386.deb
     Size/MD5 checksum: 1852488 ba9125c2da9c21a8bcd173ff82948a28

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_ia64.deb
     Size/MD5 checksum: 2128374 156c023772481f6e9f8629c44082c94d

HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_hppa.deb
     Size/MD5 checksum: 1909574 24bbbc72ab025249a3adaa7717b316ff

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_m68k.deb
     Size/MD5 checksum: 1780590 449249ca3e257a33a5a9d7da16379076

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mips.deb
     Size/MD5 checksum: 1894006 f30b06596b5ed9d881e1f3ba767aca2a

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mipsel.deb
     Size/MD5 checksum: 1889486 0b650edf6ca51547aedd7c7754bbda99

PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_powerpc.deb
     Size/MD5 checksum: 1878284 d90c1dc3fb2d5be179b827c32c14e222

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_s390.deb
     Size/MD5 checksum: 1866758 60f30f0ebd7556799e565b4411a8d429

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_sparc.deb
     Size/MD5 checksum: 1861536 85c12b7bd67f9800b49ab4b6b97a1dfd

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 875-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 27th, 2005 http://www.debian.org/security/faq


Package : openssl094
Vulnerability : cryptographic weakness
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-2969

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

The following matrix explains which version in which distribution has this problem corrected.

  oldstable (woody) stable (sarge) unstable (sid)
openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3
openssl 094 0.9.4-6.woody.4 n/a n/a
openssl 095 0.9.5a-6.woody.6 n/a n/a
openssl 096 n/a 0.9.6m-1sarge1 n/a
openssl 097 n/a n/a 0.9.7g-5

We recommend that you upgrade your libssl packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.dsc
     Size/MD5 checksum: 624 2989b7b16a146a2f9a6ca52887bb2c3f
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.diff.gz
     Size/MD5 checksum: 47116 a4db6a4e53d8f8703da86774768cb21c
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
     Size/MD5 checksum: 1570392 72544daea16d6c99d656b95f77b01b2d

Alpha architecture:

    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_alpha.deb
     Size/MD5 checksum: 445816 1eaa00c5cee084727d23a8169acdb705

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_i386.deb
     Size/MD5 checksum: 358626 2d3f09ec2222ac497180a01facea470c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_powerpc.deb
     Size/MD5 checksum: 378870 58d0d41fa2005b5d05f49c557023c466

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 876-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 27th, 2005 http://www.debian.org/security/faq


Package : lynx-ssl
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3120

Ulf Härnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in version 2.8.4.1b-3.2.

For the stable distribution (sarge) this problem has been fixed in version 2.8.5-2sarge1 of lynx.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your lynx-ssl package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.dsc
     Size/MD5 checksum: 609 6256bc48e63d9120301c6bdae3316675
    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.diff.gz
     Size/MD5 checksum: 87627 69a835be9e783a6788fd3122ec4c51d4
    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
     Size/MD5 checksum: 2557510 053a10f76b871e3944c11c7776da7f7a

Alpha architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_alpha.deb
     Size/MD5 checksum: 1617392 d07cb6f46da183ab5c66860d90dd48c5

ARM architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_arm.deb
     Size/MD5 checksum: 1491792 b20c7575d54e86838ddeff94622ce5ff

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_i386.deb
     Size/MD5 checksum: 1447102 0707d60cdc076a9078ecd198d9e185c5

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_ia64.deb
     Size/MD5 checksum: 1769060 9f621d66228be950732846918afb9b22

HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_hppa.deb
     Size/MD5 checksum: 1559592 c2c35718ba34d173fadefd3ba428695b

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_m68k.deb
     Size/MD5 checksum: 1410534 86eff29224e043788f98a02f4af20402

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mips.deb
     Size/MD5 checksum: 1511892 7fa8c96a81238e524e870dee74d07fa4

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mipsel.deb
     Size/MD5 checksum: 1507808 5c7db52ed5910884679ec9ecc8606593

PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_powerpc.deb
     Size/MD5 checksum: 1497302 f82ae7bc6ee25639bd8c18ab6c644fb5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_s390.deb
     Size/MD5 checksum: 1468622 72b310726d3baecfe26ba27ce9f9f46a

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_sparc.deb
     Size/MD5 checksum: 1497394 83d65399cb15b48bcd9024f01e3f9400

These files will probably be moved into the stable distribution on its next update.


Fedora Core


Fedora Update Notification
FEDORA-2005-1031
2005-10-27

Product : Fedora Core 4
Name : pam
Version : 0.79
Release : 9.6
Summary : A security tool which provides authentication for applications.

Description :
PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication.


Update Information:

This update fixes a security bug in unix_chkpwd allowing brute force attacks against passwords in /etc/shadow by a regular user when SELinux is enabled.


  • Wed Oct 26 2005 Tomas Mraz <tmraz@redhat.com> 0.79-9.6
    • fixed CAN-2005-2977 unix_chkpwd should skip user verification only if run as root (#168181)
    • link pam_loginuid to libaudit
    • remove spurious glib2 dependency
    • support no tty in pam_access (#170467)
    • support new kernel limits and unlimited limit value in pam_limits (#171546)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

fb348c5be5d8f694cdbd927681150989 SRPMS/pam-0.79-9.6.src.rpm
4a06122544169a7549639fa52be91bcd ppc/pam-0.79-9.6.ppc.rpm
edf3fc81ac4dfddf44f25dd37142b23c ppc/pam-devel-0.79-9.6.ppc.rpm
873dca1bc06450ede87a40b9d0241398 ppc/debug/pam-debuginfo-0.79-9.6.ppc.rpm
054d2fe06507a3c45c7ef8bcf8a595ac ppc/pam-0.79-9.6.ppc64.rpm
c7a3db12973f5182739d6adae0b25555 ppc/pam-devel-0.79-9.6.ppc64.rpm
6774937168a148b9e63e54711c26c790 x86_64/pam-0.79-9.6.x86_64.rpm
649b875ec7894c2fd855abb9a6547ef0 x86_64/pam-devel-0.79-9.6.x86_64.rpm
a70f55b7f8ce114052362e167984fdb0 x86_64/debug/pam-debuginfo-0.79-9.6.x86_64.rpm
6674a4ea75709a1e5c7f905e617db12b x86_64/pam-0.79-9.6.i386.rpm
f535f175a757f0d7b1dc66b1538fcd1c x86_64/pam-devel-0.79-9.6.i386.rpm
6674a4ea75709a1e5c7f905e617db12b i386/pam-0.79-9.6.i386.rpm
f535f175a757f0d7b1dc66b1538fcd1c i386/pam-devel-0.79-9.6.i386.rpm
d4ec56ab2def5974a103495169442c4c i386/debug/pam-debuginfo-0.79-9.6.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-1032
2005-10-27

Product : Fedora Core 3
Name : gdb
Version : 6.1post
Release : 1.20040607.43.0.1
Summary : A GNU source-level debugger for C, C++ and other languages.

Description :
GDB, the GNU debugger, allows you to debug programs written in C, C++, and other languages, by executing them in a controlled fashion and printing their data.


Update Information:

This is an fc3 update for gdb regarding security issues:

CAN-2005-1704 Integer Overflow in gdb

This problem is that gdb's internal copy of bfd does not protect against heap-based overflow.

CAN-2005-1705 gdb arbitrary command execution

This problem allows unprotected .gdbinit files to execute arbitrary commands during gdb startup.

Fixes for both problems are found in:

gdb-6.1post-1.20040607.43.0.1


  • Tue Oct 4 2005 Jeff Johnston <jjohnstn@redhat.com> 1.200400607.43.0.1
    • Security errata to handle untrusted .gdbinit and bfd integer overflow.
    • Bugzilla 158683 and bugzilla 158686

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

b8b1221e0bee3f36f56d97a5a14f967e SRPMS/gdb-6.1post-1.20040607.43.0.1.src.rpm
5888949940a560c9ba95df6e06d844c1 x86_64/gdb-6.1post-1.20040607.43.0.1.x86_64.rpm
503a943143b7d0493f138db9d3884829 x86_64/debug/gdb-debuginfo-6.1post-1.20040607.43.0.1.x86_64.rpm
1c0c3d31110fef65ebde55bc1c77bde1 i386/gdb-6.1post-1.20040607.43.0.1.i386.rpm
36c25e23d587ebf23099e4bf300e8ae2 i386/debug/gdb-debuginfo-6.1post-1.20040607.43.0.1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-1033
2005-10-27

Product : Fedora Core 4
Name : gdb
Version : 6.3.0.0
Release : 1.84
Summary : A GNU source-level debugger for C, C++, Java and other languages.

Description :
GDB, the GNU debugger, allows you to debug programs written in C, C++, Java, and other languages, by executing them in a controlled fashion and printing their data.


Update Information:

This is an fc4 update for gdb that includes security issues:

CAN-2005-1704 Integer Overflow in gdb

This problem is that gdb's internal copy of bfd does not protect against heap-based overflow.

CAN-2005-1705 gdb arbitrary command execution

This problem allows unprotected .gdbinit files to execute arbitrary commands during gdb startup.

Fixes for both problems are found in:

gdb-6.3.0.0-1.84

This release also contains some additional fixes from the last update.


  • Tue Oct 18 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.84
    • Bump up release number.
  • Tue Oct 18 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.82
    • Modify attach patch to add missing fclose.
    • Bugzilla 166712
  • Tue Oct 11 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.81
    • Bump up release number.
  • Tue Oct 11 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.78
    • Support gdb attaching to a stopped process.
  • Thu Sep 29 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.77
    • Bump up release number.
  • Thu Sep 29 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.74
    • Fix up DSO read logic when process is attached.
  • Mon Sep 26 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.73
    • Bump up release number.
  • Mon Sep 26 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.70
    • Fix frame pointer calculation for ia64 sigtramp frame.
  • Thu Sep 22 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.69
    • Bump up release number.
  • Thu Sep 22 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.66
    • Remove extraneous xfree.
  • Wed Sep 7 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.65
    • Bump up release number.
  • Wed Sep 7 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.62
    • Readd readnever option
  • Wed Jul 27 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.61
    • Bump up release number.
  • Tue Jul 26 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.57
    • Bump up release number.
  • Tue Jul 26 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.54
    • Add testcase to verify printing of inherited members
    • Bugzilla 146835
  • Mon Jul 25 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.53
    • Bump up release number.
  • Mon Jul 25 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.50
    • Fix bug with info frame and cursor address on ia64.
    • Add testcase to verify pseudo-registers calculated for ia64 sigtramp.
    • Bugzilla 160339
  • Fri Jul 22 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.49
    • Bump up release number.
  • Fri Jul 22 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.46
    • Fix attaching to 32-bit processes on 64-bit systems.
    • Bugzilla 160254
  • Thu Jul 14 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.45
    • Bump up release number.
  • Thu Jul 14 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.42
    • Add work-around to make ia64 gcore work faster.
    • Bugzilla 147436
  • Thu Jul 14 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.41
    • Bump up release number.
  • Mon Jul 11 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.38
    • Fix backtracing across sigaltstack for ia64
    • Bugzilla 151741
  • Fri Jul 8 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.37
    • Bump up release number.
  • Fri Jul 8 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.35
    • Build pseudo-registers properly for sigtramp frame.
    • Bugzilla 160339
  • Fri Jul 8 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.34
    • Bump up release number.
  • Thu Jul 7 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.31
    • Modify security errata to include additional bfd robustness updates
    • Bugzilla 158680
  • Fri Jun 10 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.30
    • Bump up release number.
  • Fri Jun 10 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.28
    • Security errata for bfd and .gdbinit file usage
    • Bugzilla 158680
  • Wed May 18 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.24
    • Bump up release number.
  • Wed May 18 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.23
    • Bump up release number.
  • Wed May 18 2005 Jeff Johnston <jjohnstn@redhat.com> 6.3.0.0-1.22
    • Specify SA_RESTART for linux-nat.c handlers and use my_waitpid which handles EINTR.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

13dc7a0519af07517322966a31755c14 SRPMS/gdb-6.3.0.0-1.84.src.rpm
105ad05894d1a6473ac22bf923e59f63 ppc/gdb-6.3.0.0-1.84.ppc.rpm
983c714df523fe92774bc77a99660c47 ppc/debug/gdb-debuginfo-6.3.0.0-1.84.ppc.rpm
b46209774e0b189c93bd45565dbd57a2 x86_64/gdb-6.3.0.0-1.84.x86_64.rpm
ea77f6d39f6e994be2f81335f0925de8 x86_64/debug/gdb-debuginfo-6.3.0.0-1.84.x86_64.rpm
5456f46ec1b03267210b9f045612a9b8 i386/gdb-6.3.0.0-1.84.i386.rpm
fc72f8be341eaf9142aa768de9ad06e1 i386/debug/gdb-debuginfo-6.3.0.0-1.84.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2005:200
http://www.mandriva.com/security/


Package : apache-mod_auth_shadow
Date : October 27, 2005
Affected: 10.1, 10.2, 2006.0


Problem Description:

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

This update requires an explicit "AuthShadow on" statement if website authentication should be checked against /etc/shadow.

The updated packages have been patched to address this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2963


Updated Packages:

Mandriva Linux 10.1:
528cdab76158def18a53ce798f06efbf 10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.i586.rpm
670e7f53e4d7ec420cc0ce529a11a423 10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
43f45a988397a72e7a00485055f00ca1 x86_64/10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.x86_64.rpm
670e7f53e4d7ec420cc0ce529a11a423 x86_64/10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm

Mandriva Linux 10.2:
aa10a068cf7bc453cd8935b48afed141 10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.i586.rpm
c7d15fcb80581c1169366d6ae56f9a1c 10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
caa1cb7195baf33a5ea8e07f31a84825 x86_64/10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.x86_64.rpm
c7d15fcb80581c1169366d6ae56f9a1c x86_64/10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm

Mandriva Linux 2006.0:
e720a14ca9e445ae9aca32a8bd077f59 2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.i586.rpm
29be94c1a29d1c1400d84781fe25fd2d 2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
19778e61e14975aa3f749068d985cf34 x86_64/2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.x86_64.rpm
29be94c1a29d1c1400d84781fe25fd2d x86_64/2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2005:201
http://www.mandriva.com/security/


Package : sudo
Date : October 27, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed.

The updated packages have been patched to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2959


Updated Packages:

Corporate Server 2.1:
f7a973c064788876a3927e23698165e7 corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.i586.rpm
9d41a3e0d779287d5d6defe3effeadb6 corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
11dee7cd0ef65739fbcb74eb4435abb7 x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.x86_64.rpm
9d41a3e0d779287d5d6defe3effeadb6 x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm

Mandriva Linux 10.1:
3ac90a3cd189ea0326d927370fdb250e 10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.i586.rpm
d0f1e39453c3efa42829959452b10f85 10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
e4522d2cc1241b549143cdfd384b1e84 x86_64/10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.x86_64.rpm
d0f1e39453c3efa42829959452b10f85 x86_64/10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm

Corporate 3.0:
7f961e981298b0e17db2206b0c173c94 corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.i586.rpm
541ec48ae7f199c9e02209552541c93a corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
0baca1e5dd528d9a0746812c3f70b6aa x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.x86_64.rpm
541ec48ae7f199c9e02209552541c93a x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
73f5119120b2f173d2a5b529bc4b94b1 mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.3.M20mdk.i586.rpm
6711bd6886115f5e5ec429eb739af719 mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.3.M20mdk.src.rpm

Mandriva Linux 10.2:
d1145addcb3d305aa1149baaad74bee4 10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.i586.rpm
7cfd46cb455cc00b091849726d4763f5 10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
9d59bab72f413dd21013add16252a48a x86_64/10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.x86_64.rpm
7cfd46cb455cc00b091849726d4763f5 x86_64/10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm

Mandriva Linux 2006.0:
bf2035af2ac556c3bcb013e80c4fbbd9 2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.i586.rpm
4c708ebf20c38db338e909e6e461888f 2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
569e58db33c0a58b0548e3ea699e86fa x86_64/2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.x86_64.rpm
4c708ebf20c38db338e909e6e461888f x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2005:808-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-808.html
Issue date: 2005-10-27
Updated on: 2005-10-27
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2005:514
CVE Names: CVE-2005-3053 CVE-2005-3108 CVE-2005-3110 CVE-2005-3119 CVE-2005-3180 CVE-2005-3181


1. Summary:

Updated kernel packages that fix several security issues and a page attribute mapping bug are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

An issue was discovered that affects how page attributes are changed by the kernel. Video drivers, which sometimes map kernel pages with a different caching policy than write-back, are now expected to function correctly. This change affects the x86, AMD64, and Intel EM64T architectures.

In addition the following security bugs were fixed:

The set_mempolicy system call did not check for negative numbers in the policy field. An unprivileged local user could use this flaw to cause a denial of service (system panic). (CVE-2005-3053)

A flaw in ioremap handling on AMD 64 and Intel EM64T systems. An unprivileged local user could use this flaw to cause a denial of service or minor information leak. (CVE-2005-3108)

A race condition in the ebtables netfilter module. On a SMP system that is operating under a heavy load this flaw may allow remote attackers to cause a denial of service (crash). (CVE-2005-3110)

A memory leak was found in key handling. An unprivileged local user could use this flaw to cause a denial of service. (CVE-2005-3119)

A flaw in the Orinoco wireless driver. On systems running the vulnerable drive, a remote attacker could send carefully crafted packets which would divulge the contents of uninitialized kernel memory. (CVE-2005-3180)

A memory leak was found in the audit system. An unprivileged local user could use this flaw to cause a denial of service. (CVE-2005-3181)

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

160135 - kernel panic in ioremap with four 1GB DIMMs (2.6.9-11.ELsmp)
168217 - CAN-2005-3108 [RHEL 4] ioremap_nocache causes panic, only on one motherboard, not on upstream 2.6.12.5 or later at least
168936 - System instability when using the NVIDIA driver (i.e bad caching on address)
168993 - CAN-2005-3053 RHEL 4 sys_set_mempolicy allows invalid policy leading to panic
170264 - CAN-2005-3108 ioremap x86_64 DoS
170268 - CAN-2005-3110 ebtables race
170274 - CAN-2005-3119 config_keys memleak
170277 - CAN-2005-3180 orinoco driver information leakage
170283 - CAN-2005-3181 names_cache memory leak
170563 - kernel crash in HP Compaq dc7100 CMT(DX438AV)
171154 - RHEL4 [NETFILTER]: Fix deadlock in ip4_queue.

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52 kernel-2.6.9-22.0.1.EL.src.rpm

i386:
7b6290bc039c15259d579a06c395896c kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64
kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631 kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54
kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm

ia64:
5a51ab10cffc50cb078bd13fc8a5414a kernel-2.6.9-22.0.1.EL.ia64.rpm
c31e6f11fedeecda7d22ffc1d4844fc3
kernel-devel-2.6.9-22.0.1.EL.ia64.rpm

noarch:
fad9b931780bd1ac8939de42f45ff97b kernel-doc-2.6.9-22.0.1.EL.noarch.rpm

ppc:
b42d460c270ebcef5b7060326bbc5605 kernel-2.6.9-22.0.1.EL.ppc64.rpm
09f2f62975e14f2c3548216ac213b81b
kernel-2.6.9-22.0.1.EL.ppc64iseries.rpm
057920195917f3e207c89528ddcd671e kernel-devel-2.6.9-22.0.1.EL.ppc64.rpm
ed97b76d4d5c4030e8534fa2490b1dd5
kernel-devel-2.6.9-22.0.1.EL.ppc64iseries.rpm

s390:
1683e74a2788aaacd97c37e377531053 kernel-2.6.9-22.0.1.EL.s390.rpm
87032a8964416a5528d6ada8c73bd516
kernel-devel-2.6.9-22.0.1.EL.s390.rpm

s390x:
073b6e7e7ab0c75f6f7eee3ab9e5c978 kernel-2.6.9-22.0.1.EL.s390x.rpm
7aa4a6814166a3d21dc368a63f7a3a29
kernel-devel-2.6.9-22.0.1.EL.s390x.rpm

x86_64:
1df1f4b6332f734de942ee24ac392dab kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52 kernel-2.6.9-22.0.1.EL.src.rpm

i386:
7b6290bc039c15259d579a06c395896c kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c
kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64 kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631
kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54 kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c
kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm

noarch:
fad9b931780bd1ac8939de42f45ff97b kernel-doc-2.6.9-22.0.1.EL.noarch.rpm

x86_64:
1df1f4b6332f734de942ee24ac392dab kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52 kernel-2.6.9-22.0.1.EL.src.rpm

i386:
7b6290bc039c15259d579a06c395896c kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c
kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64 kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631
kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54 kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c
kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm

ia64:
5a51ab10cffc50cb078bd13fc8a5414a kernel-2.6.9-22.0.1.EL.ia64.rpm
c31e6f11fedeecda7d22ffc1d4844fc3
kernel-devel-2.6.9-22.0.1.EL.ia64.rpm

noarch:
fad9b931780bd1ac8939de42f45ff97b kernel-doc-2.6.9-22.0.1.EL.noarch.rpm

x86_64:
1df1f4b6332f734de942ee24ac392dab kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52 kernel-2.6.9-22.0.1.EL.src.rpm

i386:
7b6290bc039c15259d579a06c395896c kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c
kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64 kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631
kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54 kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c
kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm

ia64:
5a51ab10cffc50cb078bd13fc8a5414a kernel-2.6.9-22.0.1.EL.ia64.rpm
c31e6f11fedeecda7d22ffc1d4844fc3
kernel-devel-2.6.9-22.0.1.EL.ia64.rpm

noarch:
fad9b931780bd1ac8939de42f45ff97b kernel-doc-2.6.9-22.0.1.EL.noarch.rpm

x86_64:
1df1f4b6332f734de942ee24ac392dab kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.