If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Moderate: initscripts security update
Advisory ID: RHSA-2006:0016-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0016.html
Issue date: 2006-03-07
Updated on: 2006-03-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3629
1. Summary:
An updated initscripts package that fixes a privilege escalation issue and
several bugs is now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The initscripts package contains the basic system scripts used to boot
your Red Hat system, change runlevels, and shut the system down cleanly.
Initscripts also contains the scripts that activate and deactivate most
network interfaces.
A bug was found in the way initscripts handled various environment
variables when the /sbin/service command is run. It is possible for a local
user with permissions to execute /sbin/service via sudo to execute
arbitrary commands as the 'root' user. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) assigned the name CVE-2005-3629 to
this issue.
The following issues have also been fixed in this update:
extraneous characters were logged on bootup
fsck was attempted on file systems marked with _netdev in rc.sysinit
before they were available
the dynamically-linked /sbin/multipath was called instead of the correct
/sbin/multiplath.static
Additionally, this update includes support for partitioned multipath
devices and a technology preview of static IP over InifiniBand.
All users of initscripts should upgrade to this updated package, which
resolves these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
108827 - RHEL4: Infiniband support
168321 - rc.sysinit call dynamicly linked multipath rather than multipath.static
171912 - Bogus messages in system log (/var/log/messages)
172804 - Automount of the emcpower device fails if fsck is enabled for the device in /etc/fstab.
174849 - CVE-2005-3629 root shell can be gained from service if ran through sudo
Synopsis: Low: openssh security update
Advisory ID: RHSA-2006:0044-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0044.html
Issue date: 2006-03-07
Updated on: 2006-03-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0225
1. Summary:
Updated openssh packages that fix bugs in sshd and add auditing of user
logins are now available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This
package includes the core files necessary for both the OpenSSH client and
server.
An arbitrary command execution flaw was discovered in the way scp copies
files locally. It is possible for a local attacker to create a file with a
carefully crafted name that could execute arbitrary commands as the user
running scp to copy files locally. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) assigned the name CVE-2006-0225 to this issue.
The following issue has also been fixed in this update:
If the sshd service was stopped using the sshd init script while the
main sshd daemon was not running, the init script would kill other sshd
processes, such as the running sessions. For example, this could happen
when the 'service sshd stop' command was issued twice.
Additionally, this update implements auditing of user logins through the
system audit service.
All users of openssh should upgrade to these updated packages, which
resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
170466 - CVE-2006-0225 local to local copy uses shell expansion twice
170468 - init script kills all running sshd's if listening server is stopped
170568 - add audit message to sshd
Synopsis: Moderate: squid security update
Advisory ID: RHSA-2006:0052-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0052.html
Issue date: 2006-03-07
Updated on: 2006-03-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2917
1. Summary:
An updated squid package that fixes a security vulnerability as well as
several issues is now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects.
A denial of service flaw was found in the way squid processes certain NTLM
authentication requests. It is possible for a remote attacker to crash the
Squid server by sending a specially crafted NTLM authentication request.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) assigned
the name CVE-2005-2917 to this issue.
The following issues have also been fixed in this update:
An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a
user visits a site that has a bit longer DNS record.
An error introduced in the old package prevented Squid from returning
correct information about large file systems. The new package is compiled
with the IDENT lookup support so that users who want to use it do not
have to recompile it.
Some authentication helpers needed SETUID rights but did not have them.
If administrators wanted to use cache administrator, they had to change
the SETUID bit manually. The updated package sets this bit so the new
package can be updated without manual intervention from administrators.
Squid could not handle a reply from an HTTP server when the reply began
with the new-line character.
An issue was discovered when a reply from an HTTP server was not
HTTP 1.0 or 1.1 compliant.
The updated package keeps user-defined error pages when the package
is updated and it adds new ones.
All users of squid should upgrade to this updated package, which resolves
these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
160704 - squid child processes exit with signal 6.. squid crashes
162660 - pam authentication fails
168378 - CVE-2005-2917 Squid malformed NTLM authentication DoS
170399 - Squid blocks page served by broken server
172375 - Error pages should not be replaced by updates
172392 - One translated Polish language error is missing preventing squid from startup
172697 - Squid doesn't handle headers split across packets
Synopsis: Moderate: spamassassin security update
Advisory ID: RHSA-2006:0129-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0129.html
Issue date: 2006-03-07
Updated on: 2006-03-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3351
1. Summary:
An updated spamassassin package that fixes a denial of service flaw is now
available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.
A denial of service bug was found in SpamAssassin. An attacker could
construct a message in such a way that would cause SpamAssassin to crash.
If a number of these messages are sent, it could lead to a denial of
service, potentially preventing the delivery or filtering of email. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) assigned the
name CVE-2005-3351 to this issue.
The following issues have also been fixed in this update:
service spamassassin restart sometimes fails
Content Boundary "--" throws off message parser
sa-learn: massive memory usage on large messages
High memory usage with many newlines
service spamassassin messages not translated
Numerous other bug fixes that improve spam filter accuracy and safety
Users of SpamAssassin should upgrade to this updated package containing
version 3.0.5, which is not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Synopsis: Moderate: RHAPS security and enhancement update
Advisory ID: RHSA-2006:0161-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0161.html
Issue date: 2006-03-07
Updated on: 2006-03-07
Product: Red Hat Application Server
CVE Names: CVE-2005-3510 CVE-2005-3745
1. Summary:
Red Hat Application Server Release 2 Update 1 is now available.
This update contains an upgrade of several RHAPS components to newer
releases, including JOnAS 4.6.3, Tomcat 5.5.12 and Struts 1.2.8.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Application Server v2 4AS - noarch
Red Hat Application Server v2 4ES - noarch
Red Hat Application Server v2 4WS - noarch
3. Problem description:
Red Hat Application Server packages provide a J2EE Application Server and
Web container as well as the underlying Java stack.
A denial of service flaw was found in the way Apache Tomcat displays
directory listings. A remote attacker could cause Tomcat to consume large
amounts of CPU resources by sending multiple requests for a directory
containing a large number of files. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-3510 to this issue.
This update contains a version of Apache Tomcat that will recover after
the aforementioned attack. Users are also advised to disable directory
listing for web directories that contain very large numbers of files.
A cross-site scripting flaw was found in the way Struts displays error
pages. It may be possible for an attacker to construct a specially crafted
URL which could fool a victim into believing they are viewing a trusted
site. The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-3745 to this issue. Please note that this issue does not
affect Struts running on Tomcat or JOnAS, which is our supported usage of
Struts.
Additionally, this update replaces some other outdated packages with new
versions. Several bug fixes and enhancements are included in these new
versions.
IMPORTANT: Before applying this update, read the detailed
installation/upgrade instructions in the RELEASE_NOTES document.
All users of Red Hat Application Server should upgrade to these updated
packages, which contain packages that are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory only contains
the desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
IMPORTANT: For this errata, use the 'up2date' command (with no arguments).
DO NOT partially upgrade the packages for this errata as this can result
in a non-consistent set of packages being installed.
The update will cause applications to be undeployed from the server.
Redeploy all desired applications after the upgrade -- rerun GenIC for
faster deployment by the server as it will not have to replace stubs
from the previous version on the fly.
The 'jeremie' protocol option for the JOnAS J2EE Application Server is now
deprecated and unsupported. If your JOnAS server is using the 'jeremie'
protocol option, make sure you change the configuration to use the 'jrmp'
protocol instead before restarting the server. A server configured to use
the 'jeremie' protocol may not function properly after the upgrade.
