Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories, March 8, 2006

Mar 09, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 988-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 8th, 2006 http://www.debian.org/security/faq


Package : squirrelmail
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CVE-2006-0377 CVE-2006-0195 CVE-2006-0188
Debian Bug : 354062 354063 354064 355424

Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-0188

Martijn Brinkers and Ben Maurer found a flaw in webmail.php that allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter.

CVE-2006-0195

Martijn Brinkers and Scott Hughes discovered an interpretation conflict in the MagicHTML filter that allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) slashes inside the "url" keyword, which is processed by some web browsers including Internet Explorer.

CVE-2006-0377

Vicente Aguilera of Internet Security Auditors, S.L. discovered a CRLF injection vulnerability, which allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." There's no known way to exploit this yet.

For the old stable distribution (woody) these problems have been fixed in version 1.2.6-5.

For the stable distribution (sarge) these problems have been fixed in version 2:1.4.4-8.

For the unstable distribution (sid) these problems have been fixed in version 2:1.4.6-1.

We recommend that you upgrade your squirrelmail package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.dsc
      Size/MD5 checksum: 582 07fe8ca983ec4bf8a3355a91c79c9d78
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.diff.gz
      Size/MD5 checksum: 24884 a65726611c8f71274582b353e309a9a1
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
      Size/MD5 checksum: 1856087 be9e6be1de8d3dd818185d596b41a7f1

Architecture independent components:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5_all.deb
      Size/MD5 checksum: 1841716 1d246bc2ffe2323e2503202bfc147d9c

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc
      Size/MD5 checksum: 678 140546ee9c0534419ddcaf3c7e632110
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz
      Size/MD5 checksum: 24654 15ddd8f4db234006a1ac290087640dfc
    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
      Size/MD5 checksum: 575871 f50548b6f4f24d28afb5e6048977f4da

Architecture independent components:

    http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb
      Size/MD5 checksum: 570472 2087dcea05cd5e1c4033f15cf120761a

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated XFree86 packages fix security issues
Advisory ID: FLSA:168264-1
Issue date: 2006-03-07
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0605 CVE-2005-2495



1. Topic:

Updated XFree86 packages that fix security issues are now available.

XFree86 is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0605 to this issue.

Several integer overflow bugs were found in the way XFree86 parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-2495 to this issue.

Users of XFree86 should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168264

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/XFree86-4.2.1-16.73.31.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-base-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-cyrillic-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-devel-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-doc-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-font-utils-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-libs-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-tools-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-truetype-fonts-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-twm-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xdm-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xf86cfg-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xfs-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-Xnest-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-Xvfb-4.2.1-16.73.31.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/XFree86-4.3.0-2.90.61.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-base-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-cyrillic-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-devel-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-doc-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-font-utils-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-libs-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-libs-data-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Mesa-libGL-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Mesa-libGLU-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-sdk-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-syriac-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-tools-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-truetype-fonts-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-twm-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xauth-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xdm-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xfs-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Xnest-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Xvfb-4.3.0-2.90.61.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/XFree86-4.3.0-60.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-100dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-75dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-base-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-cyrillic-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-devel-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-doc-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-font-utils-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-libs-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-libs-data-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Mesa-libGL-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Mesa-libGLU-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-sdk-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-syriac-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-tools-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-truetype-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-twm-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xauth-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xdm-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xfs-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Xnest-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Xvfb-4.3.0-60.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


0cbc1cb6499a8684d19f24cf111b4fea65ba92ae redhat/7.3/updates/i386/XFree86-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
8c2025d75448c2f03b9bd2493cdc42f84741ba14 redhat/7.3/updates/i386/XFree86-4.2.1-16.73.31.legacy.i386.rpm
45d182c851d2d98fcf551ee5f4229ba76f7fe1ae redhat/7.3/updates/i386/XFree86-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
57d848f52c35787175eb7556350cf6202a3acc9e redhat/7.3/updates/i386/XFree86-base-fonts-4.2.1-16.73.31.legacy.i386.rpm
6b7e1499d32cea54eda46c7a23586edff860b01f redhat/7.3/updates/i386/XFree86-cyrillic-fonts-4.2.1-16.73.31.legacy.i386.rpm
5ae4db073a051453c1ea05328ba611820c54ac6e redhat/7.3/updates/i386/XFree86-devel-4.2.1-16.73.31.legacy.i386.rpm
8f5ddf6f2ffc17a706368dbdcd9f6880cf163eca redhat/7.3/updates/i386/XFree86-doc-4.2.1-16.73.31.legacy.i386.rpm
e80034e10d2babcab44f449040556f1c62b9c65b redhat/7.3/updates/i386/XFree86-font-utils-4.2.1-16.73.31.legacy.i386.rpm
67b6b5d8b00a4f53ad300bc07d5c35c6c023280f redhat/7.3/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
c25c85a92e2fb2e80fb9ee2c19b0cb017e92b065 redhat/7.3/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
a54081ce435b2ed6695231f895e8cce95972027f redhat/7.3/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
ceb5c88c82123d553c09ed2dceb7395abf893dfc redhat/7.3/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
9d8a2d217d1161cd8e37187ab82826592fced64b redhat/7.3/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
7b7684a8bca628231f42d04aa545624052ebd59b redhat/7.3/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
dc04b533163d6a61471e2ce404bbce11e8a026de redhat/7.3/updates/i386/XFree86-libs-4.2.1-16.73.31.legacy.i386.rpm
58388c03cb94a1b74c4e65246a21b364e3e9bec0 redhat/7.3/updates/i386/XFree86-tools-4.2.1-16.73.31.legacy.i386.rpm
23d5801937faf0b0033db434d4713719bf13992f redhat/7.3/updates/i386/XFree86-truetype-fonts-4.2.1-16.73.31.legacy.i386.rpm
ea0187127b7e4177c7d1653fe65c86d1b95f2dd9 redhat/7.3/updates/i386/XFree86-twm-4.2.1-16.73.31.legacy.i386.rpm
05d935b6e8e5b2dcc443556a3f15522aaa054278 redhat/7.3/updates/i386/XFree86-xdm-4.2.1-16.73.31.legacy.i386.rpm
7ec5886f06e93eac890fd5c47ed96b811b218b17 redhat/7.3/updates/i386/XFree86-xf86cfg-4.2.1-16.73.31.legacy.i386.rpm
cd5d813aa22857cea4ea75179befad39e643559d redhat/7.3/updates/i386/XFree86-xfs-4.2.1-16.73.31.legacy.i386.rpm
53f7b20ad43180b4b860974a867030c484656b23 redhat/7.3/updates/i386/XFree86-Xnest-4.2.1-16.73.31.legacy.i386.rpm
e0629ed131499721c4384630364fa34a4338614f redhat/7.3/updates/i386/XFree86-Xvfb-4.2.1-16.73.31.legacy.i386.rpm
f28c45eafb4b035d7fa814ed8b23c1270aea4d0b redhat/7.3/updates/SRPMS/XFree86-4.2.1-16.73.31.legacy.src.rpm

fb1a1f39a9372aa0147c508eb5d4db52d581a1cc redhat/9/updates/i386/XFree86-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
562913cdf6f7237b852062d1c6fd8f1a03482f9f redhat/9/updates/i386/XFree86-4.3.0-2.90.61.legacy.i386.rpm
a0a44151d9c0c7b73e2b266b3c81f4e5cd2ba712 redhat/9/updates/i386/XFree86-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
0b6ae5bf6ea0938feadc805890c1b46b5de98870 redhat/9/updates/i386/XFree86-base-fonts-4.3.0-2.90.61.legacy.i386.rpm
6e06fe3b0262230d005020b9176a0601f8fe17fd redhat/9/updates/i386/XFree86-cyrillic-fonts-4.3.0-2.90.61.legacy.i386.rpm
75ec411aeaa191642774ff3d6b2da778849fff86 redhat/9/updates/i386/XFree86-devel-4.3.0-2.90.61.legacy.i386.rpm
9ca5fb3e139559593e1d3b243c03fd660ebf1bde redhat/9/updates/i386/XFree86-doc-4.3.0-2.90.61.legacy.i386.rpm
77f4f6d9d41c8ae72ca152fa8c5d856dd0d14acb redhat/9/updates/i386/XFree86-font-utils-4.3.0-2.90.61.legacy.i386.rpm
8a3282947adcb55f210534fa7930a2caf35ee31b redhat/9/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
00e356bf12d218e3cf4cfd16cbdbb3bb6c1f4ff6 redhat/9/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
ffa1bfa1925f88314a916835609d2567593fee7d redhat/9/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
73ccf11e207edc656b4bb7dfce08ed804290ef4b redhat/9/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
38b67c16ea8b8191edb4b3df890d017b4c498397 redhat/9/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
ec33602ea178f0c9b3133f5224c7230f373a19ff redhat/9/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
b47fb63d7c9dfbe83846a8c016a4e62725d8fad4 redhat/9/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
b9c0e2552ccd4ce1f2cdd3494d38d956cd0e8c52 redhat/9/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
f34539d0acccb62d0c39eda5d8e2f69677594505 redhat/9/updates/i386/XFree86-libs-4.3.0-2.90.61.legacy.i386.rpm
44c71e911bcbc53bf2692bdb4fa39d05b69777ec redhat/9/updates/i386/XFree86-libs-data-4.3.0-2.90.61.legacy.i386.rpm
b65547fc07ae1c1880cbfb2905dbc61a3e97f7d3 redhat/9/updates/i386/XFree86-Mesa-libGL-4.3.0-2.90.61.legacy.i386.rpm
537c5f4aacb6eedd2c508ab2968f013396e52a76 redhat/9/updates/i386/XFree86-Mesa-libGLU-4.3.0-2.90.61.legacy.i386.rpm
2b4c1d714eec3c66cb5b01539ee8d179b49ffcc1 redhat/9/updates/i386/XFree86-sdk-4.3.0-2.90.61.legacy.i386.rpm
97b8aa8cf0cfcb6af5e594819d98486b32f9c965 redhat/9/updates/i386/XFree86-syriac-fonts-4.3.0-2.90.61.legacy.i386.rpm
7898a7ae919e67e4cfe63fd3121d815710240bf0 redhat/9/updates/i386/XFree86-tools-4.3.0-2.90.61.legacy.i386.rpm
d8b6e93b6c4fa6c0563bf9bc4f82b1e4828c9b30 redhat/9/updates/i386/XFree86-truetype-fonts-4.3.0-2.90.61.legacy.i386.rpm
3fdf5b8877cef9d337ae13deff0c72fdea156291 redhat/9/updates/i386/XFree86-twm-4.3.0-2.90.61.legacy.i386.rpm
612a4e120fcd790c5e8a3481e0cadd76fddb1cc7 redhat/9/updates/i386/XFree86-xauth-4.3.0-2.90.61.legacy.i386.rpm
6ceb66f35332408b2a19474533285b3d0fc17c9d redhat/9/updates/i386/XFree86-xdm-4.3.0-2.90.61.legacy.i386.rpm
174dcc7e757da7175b270ff34f8ce9c4efd9563e redhat/9/updates/i386/XFree86-xfs-4.3.0-2.90.61.legacy.i386.rpm
22b32e9c6460e4a52704f43d78675f0cdcce8291 redhat/9/updates/i386/XFree86-Xnest-4.3.0-2.90.61.legacy.i386.rpm
ec25c9cb7a1bff4eccd503fedd3b49862d9c2405 redhat/9/updates/i386/XFree86-Xvfb-4.3.0-2.90.61.legacy.i386.rpm
84bbfb5f2fa13f20d465a0a552041526cb26bc3b redhat/9/updates/SRPMS/XFree86-4.3.0-2.90.61.legacy.src.rpm

2a09c30f05a126480d06220affc808bed0ccd831 fedora/1/updates/i386/XFree86-100dpi-fonts-4.3.0-60.legacy.i386.rpm
d168ebb164d69f9fa0edd668a27e50a4e43ea2dd fedora/1/updates/i386/XFree86-4.3.0-60.legacy.i386.rpm
e6ab23ec2e99a2d6dcbfed6a073402d88e796563 fedora/1/updates/i386/XFree86-75dpi-fonts-4.3.0-60.legacy.i386.rpm
5573af42869b10f104a52ac6fa5221e4c125cd46 fedora/1/updates/i386/XFree86-base-fonts-4.3.0-60.legacy.i386.rpm
0ae445a93ae5b573b2afb72441a712ac858c002e fedora/1/updates/i386/XFree86-cyrillic-fonts-4.3.0-60.legacy.i386.rpm
c453822bd9aa5cdd6d7497bf7e629928a0424ebb fedora/1/updates/i386/XFree86-devel-4.3.0-60.legacy.i386.rpm
b8768066b3f60ae86ab32559748c33590ae58b61 fedora/1/updates/i386/XFree86-doc-4.3.0-60.legacy.i386.rpm
142309e5f990556c9789bbe8e5b29e7b99ce9131 fedora/1/updates/i386/XFree86-font-utils-4.3.0-60.legacy.i386.rpm
02f4ffe56217dac4c263317c754be2221f11c2b1 fedora/1/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-60.legacy.i386.rpm
f5a98a73fcdc0ff03e2b24ed9b8e147c85e55487 fedora/1/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-60.legacy.i386.rpm
7d833db16f028ff40d6ee67e04c03e7bb351a0fd fedora/1/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-60.legacy.i386.rpm
318f747bcdbd0be642d3fe1d52382772dec56634 fedora/1/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-60.legacy.i386.rpm
38395a9806da0e234d74b7c1e6e3dbed5d525726 fedora/1/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-60.legacy.i386.rpm
507cc1c515c2fe3f901704153819bcc62c133b46 fedora/1/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-60.legacy.i386.rpm
e5a19310f393f5fde53a72a7fa3d522e227bc7e7 fedora/1/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-60.legacy.i386.rpm
f65b8b8da1484ce2dd20737cc0279865ab5fdbd8 fedora/1/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-60.legacy.i386.rpm
1bbdad4b6bd3117c6495d7c3bdef3da6bcb9ab0b fedora/1/updates/i386/XFree86-libs-4.3.0-60.legacy.i386.rpm
8a55ec0a7a0564c3cd3f4263b6cc8e4ed151ba8e fedora/1/updates/i386/XFree86-libs-data-4.3.0-60.legacy.i386.rpm
c9eb4e6054d2159b1ff28a5ce52b640a4e9b0359 fedora/1/updates/i386/XFree86-Mesa-libGL-4.3.0-60.legacy.i386.rpm
5e9c2f7390b7200e573a77bd9051ec36eb67621f fedora/1/updates/i386/XFree86-Mesa-libGLU-4.3.0-60.legacy.i386.rpm
9cde04ebb5610324b158a9ae2b5f0d04d56ed7cb fedora/1/updates/i386/XFree86-sdk-4.3.0-60.legacy.i386.rpm
339d8521270468753b9db696306acd64cb8bbab1 fedora/1/updates/i386/XFree86-syriac-fonts-4.3.0-60.legacy.i386.rpm
c011244e0b99ce7d3929c3ad6958f409de1f6139 fedora/1/updates/i386/XFree86-tools-4.3.0-60.legacy.i386.rpm
36ba1b374ee3fae3b65712e2cd2a6b1e131524a5 fedora/1/updates/i386/XFree86-truetype-fonts-4.3.0-60.legacy.i386.rpm
36f807093616e0615f4a70dc46ebd91b256ce8d2 fedora/1/updates/i386/XFree86-twm-4.3.0-60.legacy.i386.rpm
5f82fea2f05c74f2433ebc6bc2e4db188ad9e7d2 fedora/1/updates/i386/XFree86-xauth-4.3.0-60.legacy.i386.rpm
2b5768e46ce851b22564cc3b824d0987d027b8d1 fedora/1/updates/i386/XFree86-xdm-4.3.0-60.legacy.i386.rpm
c11d8de359322a543e8876163581bc38fa06b954 fedora/1/updates/i386/XFree86-xfs-4.3.0-60.legacy.i386.rpm
a3b20af14a192aa110f0fe247d7c6d0478cebd98 fedora/1/updates/i386/XFree86-Xnest-4.3.0-60.legacy.i386.rpm
ba4f2c18b58be48594a48eafc97564d31aec0286 fedora/1/updates/i386/XFree86-Xvfb-4.3.0-60.legacy.i386.rpm
d1fe795457c17ae1348c63e859414623d8fd5c02 fedora/1/updates/SRPMS/XFree86-4.3.0-60.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated X.org packages fix security issue
Advisory ID: FLSA:168264-2
Issue date: 2006-03-07
Product: Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2495



1. Topic:

Updated X.org packages that fix a security issue are now available.

X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon.

2. Relevant releases/architectures:

Fedora Core 2 - i386

3. Problem description:

Several integer overflow bugs were found in the way X.org parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-2495 to this issue.

Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168264

6. RPMs required:

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-base-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-cyrillic-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-font-utils-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Mesa-libGL-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Mesa-libGLU-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-syriac-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-truetype-fonts-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


fb2e8bbd5c2f1132d19ee20bd773be9d3179db9d fedora/2/updates/i386/xorg-x11-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
02ff368c88f7907764b2da5e385f2e079f3849cd fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm
c81dda89910ea896c7070eab733df161dba54a39 fedora/2/updates/i386/xorg-x11-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
501f87e1196be0a33d95f0d52ead826677a34f22 fedora/2/updates/i386/xorg-x11-base-fonts-6.7.0-14.1.legacy.i386.rpm
1e0c6b43d3965b5e7d2d049bbc790d9a8c73a7d0 fedora/2/updates/i386/xorg-x11-cyrillic-fonts-6.7.0-14.1.legacy.i386.rpm
82eb2326f5b8494f96761e6092e34056e700a809 fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm
c0d1461ddb2c070cdabddf6b3ebccc34ec66d3ef fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm
3f6382954c75e22ab177abbe1707140feea0170d fedora/2/updates/i386/xorg-x11-font-utils-6.7.0-14.1.legacy.i386.rpm
6f0c373860e9d64c5efea95e77d3e6d5872dacc0 fedora/2/updates/i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
c861aa4032a4f169929f225d46e798f5e0f18890 fedora/2/updates/i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
83eb270f4395c14edd17cc55a1d78965e5f602e8 fedora/2/updates/i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
a99b042654bd86640eea6e7e1b76bda402d49b85 fedora/2/updates/i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
52b7c9ff7e29265605c4bb1d08a735b279287fc5 fedora/2/updates/i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
4e3900230a90728563f1173c8af82af2272dec03 fedora/2/updates/i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
5091477dffb64324caae7d3d558882ab73e26609 fedora/2/updates/i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
9ef03f7f4355a5e1d3f19f71d597e541cad3e831 fedora/2/updates/i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
f1ea8740e9802ad98b194284e8afb3eee8e1106d fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm
222037711ead385d31fac145142c10c9c93f8c51 fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm
c21a7c11d52eaabe8bae5145e270c5301fcf8c17 fedora/2/updates/i386/xorg-x11-Mesa-libGL-6.7.0-14.1.legacy.i386.rpm
3314b29f2bc32e4ccd837b7973fc07847d073df0 fedora/2/updates/i386/xorg-x11-Mesa-libGLU-6.7.0-14.1.legacy.i386.rpm
3eac8219f4e3753644511090657ddc513a75c0c8 fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm
f99d01e683755302d4ed5ea8a03f09b4828b7ea0 fedora/2/updates/i386/xorg-x11-syriac-fonts-6.7.0-14.1.legacy.i386.rpm
d265d17e698e8d2e3a40c9b8519fe70cd01a1ca2 fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm
ff8ff747514e3b9bf7945aac37ed19ab00293fbd fedora/2/updates/i386/xorg-x11-truetype-fonts-6.7.0-14.1.legacy.i386.rpm
e6141cfe3188c556c6e8ba54eba44d5e8645f09b fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm
05fc596a5a8956e8fcbd1ac788bbba855e87fbba fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm
70b47f7e0e944ef7402437135a044209cba064ae fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm
f6b74e278a54a2477bbda52155daad7787721a81 fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm
c362a7d289c0c8d56ad63f0364e879819185871f fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm
fd3251aec6f906005c34d5a6e3324e38a0dcc510 fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm
af4f7aea4c1b550d1a0389c0f3213bc6c74d87e6 fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated pcre packages fix a security issue
Advisory ID: FLSA:168516
Issue date: 2006-03-07
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2491



1. Topic:

Updated pcre packages are now available to correct a security issue.

PCRE is a Perl-compatible regular expression library.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue.

Users should update to these erratum packages that contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168516

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/pcre-3.9-2.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/pcre-3.9-2.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/pcre-devel-3.9-2.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/pcre-3.9-10.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/pcre-3.9-10.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/pcre-devel-3.9-10.1.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/pcre-4.4-1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/pcre-4.4-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/pcre-devel-4.4-1.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/pcre-4.5-2.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/pcre-4.5-2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/pcre-devel-4.5-2.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


9b641aa989639c706065bafc146d34bb6e282a22 redhat/7.3/updates/i386/pcre-3.9-2.1.legacy.i386.rpm
7d8b094083c7a85991d194d6741a0a664204a19d redhat/7.3/updates/i386/pcre-devel-3.9-2.1.legacy.i386.rpm
9a49145385042483532254fb5d05fae6c3f252f3 redhat/7.3/updates/SRPMS/pcre-3.9-2.1.legacy.src.rpm

d876a7f4cdb3a936b2f72fb629fae928d3db6e96 redhat/9/updates/i386/pcre-3.9-10.1.legacy.i386.rpm
9e516b5e44944b25a47171b15c0229423b10f99d redhat/9/updates/i386/pcre-devel-3.9-10.1.legacy.i386.rpm
55de51292b97aacbad6c375b4ad8578561ac5fe3 redhat/9/updates/SRPMS/pcre-3.9-10.1.legacy.src.rpm

4edc206f1e0fc0c3df459b6f8de289f27417974b fedora/1/updates/i386/pcre-4.4-1.2.legacy.i386.rpm
0fcc5801dc238bb1fac0d59b8403e6cdcc72f126 fedora/1/updates/i386/pcre-devel-4.4-1.2.legacy.i386.rpm
57b3a2c5c2bb3435d3c7971daf29c665fb2c1687 fedora/1/updates/SRPMS/pcre-4.4-1.2.legacy.src.rpm

bff4b330e8c9a76262020c7ddb2b48f71bf01788 fedora/2/updates/i386/pcre-4.5-2.2.legacy.i386.rpm
8354926500e18905dd94dddc1e6bf44cd236df68 fedora/2/updates/i386/pcre-devel-4.5-2.2.legacy.i386.rpm
9f43e7d484412d93734dfe4b08f87d2ef133100a fedora/2/updates/SRPMS/pcre-4.5-2.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491

9. Contact:

The Fedora Legacy security contact is <