dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Red Hat Linux Advisories: openssl, vsftpd, samba

Apr 01, 2003, 19:43 (3 Talkback[s])

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated OpenSSL packages fix vulnerabilities
Advisory ID:       RHSA-2003:101-01
Issue date:        2003-04-01
Updated on:        2003-04-01
Product:           Red Hat Linux
Keywords:          OpenSSL Bleichenbacher attack RSA keys blinding
Cross references:  
Obsoletes:         RHSA-2003:062
CVE Names:         CAN-2003-0147 CAN-2003-0131
---------------------------------------------------------------------

1. Topic:

Updated OpenSSL packages are available that fix a potential timing-based
attack and a modified Bleichenbacher attack.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386
Red Hat Linux 7.0 - i386
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, i686, ia64
Red Hat Linux 7.3 - i386, i686
Red Hat Linux 8.0 - i386, i686
Red Hat Linux 9 - i386, i686

3. Problem description:

OpenSSL is a commercial-grade, full-featured, and open source toolkit that 
implements Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library.

Researchers discovered a timing attack on RSA keys.  Applications making
use of OpenSSL are generally vulnerable to such an attack, unless RSA
blinding has been turned on.  OpenSSL does not use RSA blinding by default
and most applications do not enable RSA blinding.  

A local or remote attacker could use this attack to obtain the server's
private key by determining factors using timing differences on (1) the
number of extra reductions during Montgomery reduction, and (2) the use of
different integer multiplication algorithms ("Karatsuba" and normal).

In order for an attack to be sucessful, an attacker must have good
network conditions that allow small changes in timing to be reliably
observed.

Additionally, the SSL and TLS components for OpenSSL allow remote attackers
to perform an unauthorized RSA private key operation via a modified
Bleichenbacher attack. This attack uses a large number of SSL or TLS
connections, using PKCS #1 v1.5 padding, and causes OpenSSL to leak
information regarding the relationship between ciphertext and the
associated plaintext, aka the "Klima-Pokorny-Rosa attack."

These erratum packages contain a patch provided by the OpenSSL group that
enables RSA blinding by default and protects against the
"Klima-Pokorny-Rosa attack."

Because server applications are affected by these vulnerabilities, users
are advised to restart all services that use OpenSSL functionality or
reboot their systems after installing these updates.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory only contains
the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

86112 - New timing attack on OpenSSL applications

6. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/openssl-0.9.5a-33.src.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/openssl-0.9.5a-33.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-devel-0.9.5a-33.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-perl-0.9.5a-33.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-python-0.9.5a-33.i386.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl-0.9.6-16.src.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-devel-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-perl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-python-0.9.6-16.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl-0.9.6-16.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-devel-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-perl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-python-0.9.6-16.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl096-0.9.6-16.7.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl-0.9.6b-32.7.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl096-0.9.6-16.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-devel-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-perl-0.9.6b-32.7.i386.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/openssl-0.9.6b-32.7.i686.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssl095a-0.9.5a-20.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl096-0.9.6-16.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-0.9.6b-32.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-32.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-32.7.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl096-0.9.6-16.7.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl-0.9.6b-32.7.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl096-0.9.6-16.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-devel-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-perl-0.9.6b-32.7.i386.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/openssl-0.9.6b-32.7.i686.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssl095a-0.9.5a-21.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssl096-0.9.6-16.8.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssl-0.9.6b-33.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/openssl095a-0.9.5a-21.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl096-0.9.6-16.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-0.9.6b-33.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-devel-0.9.6b-33.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-perl-0.9.6b-33.i386.rpm

i686:
ftp://updates.redhat.com/8.0/en/os/i686/openssl-0.9.6b-33.i686.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/openssl096-0.9.6-17.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/openssl096b-0.9.6b-6.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/openssl-0.9.7a-5.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/openssl096-0.9.6-17.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl096b-0.9.6b-6.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-0.9.7a-5.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-devel-0.9.7a-5.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-perl-0.9.7a-5.i386.rpm

i686:
ftp://updates.redhat.com/9/en/os/i686/openssl-0.9.7a-5.i686.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
5b18dd23c08f698d4190a8ece2b3167f 6.2/en/os/SRPMS/openssl-0.9.5a-33.src.rpm
4603bdefd96d82d175b093b30614e02b 6.2/en/os/i386/openssl-0.9.5a-33.i386.rpm
da36dafc17769e729618550c0cb0ea4a 6.2/en/os/i386/openssl-devel-0.9.5a-33.i386.rpm
4dca145d74e2c19d6c61a873cdfa4f57 6.2/en/os/i386/openssl-perl-0.9.5a-33.i386.rpm
39121ad8d81f395f1b8a78bb48add695 6.2/en/os/i386/openssl-python-0.9.5a-33.i386.rpm
61a8dcc09dd6deb22873e86d5674c054 7.0/en/os/SRPMS/openssl-0.9.6-16.src.rpm
5ca6550f8ac5068ee74ff3e8878c122d 7.0/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
8a225b9cb704c1c8d55fdc9128d4a965 7.0/en/os/i386/openssl-0.9.6-16.i386.rpm
166f2a495bfdd5b9dec82872bbc2a0d1 7.0/en/os/i386/openssl-devel-0.9.6-16.i386.rpm
249846dd8034d0923643f1e296683353 7.0/en/os/i386/openssl-perl-0.9.6-16.i386.rpm
7031de82572cf6dcd68b33273dea1c82 7.0/en/os/i386/openssl-python-0.9.6-16.i386.rpm
0dba680affa927eceb890f7ea2ca5347 7.0/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
61a8dcc09dd6deb22873e86d5674c054 7.1/en/os/SRPMS/openssl-0.9.6-16.src.rpm
5ca6550f8ac5068ee74ff3e8878c122d 7.1/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
8a225b9cb704c1c8d55fdc9128d4a965 7.1/en/os/i386/openssl-0.9.6-16.i386.rpm
166f2a495bfdd5b9dec82872bbc2a0d1 7.1/en/os/i386/openssl-devel-0.9.6-16.i386.rpm
249846dd8034d0923643f1e296683353 7.1/en/os/i386/openssl-perl-0.9.6-16.i386.rpm
7031de82572cf6dcd68b33273dea1c82 7.1/en/os/i386/openssl-python-0.9.6-16.i386.rpm
0dba680affa927eceb890f7ea2ca5347 7.1/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
e998276b64905803ab43e52fa96f89dd 7.2/en/os/SRPMS/openssl-0.9.6b-32.7.src.rpm
5ca6550f8ac5068ee74ff3e8878c122d 7.2/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
5a0236175fcd6141bad13103e69d84d7 7.2/en/os/SRPMS/openssl096-0.9.6-16.7.src.rpm
8a9f793cc9fc713551c307072fe718d6 7.2/en/os/i386/openssl-0.9.6b-32.7.i386.rpm
29714991bb3d36718c2cba5c4f945c9f 7.2/en/os/i386/openssl-devel-0.9.6b-32.7.i386.rpm
210f404351a8b4da656b87c745d74901 7.2/en/os/i386/openssl-perl-0.9.6b-32.7.i386.rpm
0dba680affa927eceb890f7ea2ca5347 7.2/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
b1d1807fd6f8afb2955f87fd0e1484e3 7.2/en/os/i386/openssl096-0.9.6-16.7.i386.rpm
c68a5311f1aaa36279517de2b942f80f 7.2/en/os/i686/openssl-0.9.6b-32.7.i686.rpm
3060596923e12eb8bef8707f411aee6a 7.2/en/os/ia64/openssl-0.9.6b-32.7.ia64.rpm
bc25a74463aecff055051935f7900a6b 7.2/en/os/ia64/openssl-devel-0.9.6b-32.7.ia64.rpm
ed840ac83f68fd141a09308eccdfeda6 7.2/en/os/ia64/openssl-perl-0.9.6b-32.7.ia64.rpm
d87303a2d6f572eab968d783be1241df 7.2/en/os/ia64/openssl095a-0.9.5a-20.7.ia64.rpm
925b88dbb21251467473b82610c255b3 7.2/en/os/ia64/openssl096-0.9.6-16.7.ia64.rpm
e998276b64905803ab43e52fa96f89dd 7.3/en/os/SRPMS/openssl-0.9.6b-32.7.src.rpm
5ca6550f8ac5068ee74ff3e8878c122d 7.3/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
5a0236175fcd6141bad13103e69d84d7 7.3/en/os/SRPMS/openssl096-0.9.6-16.7.src.rpm
8a9f793cc9fc713551c307072fe718d6 7.3/en/os/i386/openssl-0.9.6b-32.7.i386.rpm
29714991bb3d36718c2cba5c4f945c9f 7.3/en/os/i386/openssl-devel-0.9.6b-32.7.i386.rpm
210f404351a8b4da656b87c745d74901 7.3/en/os/i386/openssl-perl-0.9.6b-32.7.i386.rpm
0dba680affa927eceb890f7ea2ca5347 7.3/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
b1d1807fd6f8afb2955f87fd0e1484e3 7.3/en/os/i386/openssl096-0.9.6-16.7.i386.rpm
c68a5311f1aaa36279517de2b942f80f 7.3/en/os/i686/openssl-0.9.6b-32.7.i686.rpm
479d5f93a6dc28936f7e31b9f55dfe79 8.0/en/os/SRPMS/openssl-0.9.6b-33.src.rpm
0b0acec1a90aeb0acef5239687bbb4c5 8.0/en/os/SRPMS/openssl095a-0.9.5a-21.src.rpm
a4706dec1418200d30f98e0093adff81 8.0/en/os/SRPMS/openssl096-0.9.6-16.8.src.rpm
4fb96db51bf3da39e5b55a647ada7954 8.0/en/os/i386/openssl-0.9.6b-33.i386.rpm
c303cbf4f81e75a7e7cb2b8e32d0505f 8.0/en/os/i386/openssl-devel-0.9.6b-33.i386.rpm
0d2212d818c0cb65a382d1f69e4d11b7 8.0/en/os/i386/openssl-perl-0.9.6b-33.i386.rpm
16b70cfb654b63a11ab4b59027ebae99 8.0/en/os/i386/openssl095a-0.9.5a-21.i386.rpm
6ffaf08722105ea29f888eeacf32421a 8.0/en/os/i386/openssl096-0.9.6-16.8.i386.rpm
99ab9d437ab913eec09b29c8f41005a2 8.0/en/os/i686/openssl-0.9.6b-33.i686.rpm
e30fa13f4d1365a192be91c07a3b379f 9/en/os/SRPMS/openssl-0.9.7a-5.src.rpm
a63d8f70a8869798b32d8cd6dd59063e 9/en/os/SRPMS/openssl096-0.9.6-17.src.rpm
5f95500fd79d099b79a1640cb7232018 9/en/os/SRPMS/openssl096b-0.9.6b-6.src.rpm
f4e95f889af8356a57ccc8d107b8019e 9/en/os/i386/openssl-0.9.7a-5.i386.rpm
3f7358c3cc1006be9e975c21fd01004c 9/en/os/i386/openssl-devel-0.9.7a-5.i386.rpm
70b2d3b41404b83c074e2057a41b9ba0 9/en/os/i386/openssl-perl-0.9.7a-5.i386.rpm
4c17eeaa8a9a70021c7e119ee085c192 9/en/os/i386/openssl096-0.9.6-17.i386.rpm
6309eaac219c2c4ac1474bfcb7cbc174 9/en/os/i386/openssl096b-0.9.6b-6.i386.rpm
2481086e38bb9cfcff10131c4311a030 9/en/os/i686/openssl-0.9.7a-5.i686.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available at http://www.redhat.com/solutions/security/news/publickey/

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


8. References:

http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
http://eprint.iacr.org/2003/052/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131

9. Contact:

The Red Hat security contact is <<A HREF="mailto:security@redhat.com">security@redhat.com>.  More contact
details at http://www.redhat.com/solutions/security/news/contact/

Copyright 2003 Red Hat, Inc.



_____________________________________________

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated vsftpd packages re-enable tcp_wrappers support
Advisory ID:       RHSA-2003:084-01
Issue date:        2003-04-01
Updated on:        2003-04-01
Product:           Red Hat Linux
Keywords:          vsftpd tcp_wrappers
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0135
---------------------------------------------------------------------

1. Topic:

Updated vsftpd packages that re-enable tcp_wrappers support are available
for Red Hat Linux 9.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

In Red Hat Linux 9, the vsftpd FTP daemon switched from being run by xinetd
to being run as a standalone service. In doing so, it was accidentally
not compiled against tcp_wrappers.

Users of vsftpd who make use of tcp_wrappers features are advised to
upgrade to these errata packages.

This issue only affects Red Hat Linux 9 boxed sets manufactured for
distribution within the United States.  The part numbers, which can be
found on the bottom flap of the box, are RHF0120US and  RHF0121US.
Copies of Red Hat Linux 9 obtained through other means (such as from Red
Hat Network, FTP, or international boxed sets) already contain the packages
referenced by this erratum, and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory only contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/vsftpd-1.1.3-8.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/vsftpd-1.1.3-8.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
31bf5c2e87909c74f8ad9e76b2e46fea 9/en/os/SRPMS/vsftpd-1.1.3-8.src.rpm
d2e807f808c45407f08528f50d29933b 9/en/os/i386/vsftpd-1.1.3-8.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available at http://www.redhat.com/solutions/security/news/publickey/

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0135

8. Contact:

The Red Hat security contact is <<A HREF="mailto:security@redhat.com">security@redhat.com>.  More contact
details at http://www.redhat.com/solutions/security/news/contact/

Copyright 2003 Red Hat, Inc.



_____________________________________________


---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          New samba packages fix security vulnerabilities
Advisory ID:       RHSA-2003:095-03
Issue date:        2003-03-17
Updated on:        2003-04-01
Product:           Red Hat Linux
Keywords:          smb
Cross references:  
Obsoletes:         RHSA-2002:266
CVE Names:         CAN-2003-0085 CAN-2003-0086
---------------------------------------------------------------------

1. Topic:

Updated Samba packages are now available to fix security vulnerabilities
found during a code audit.

[Updated 24 March 2003]
Updated Samba packages for Red Hat Linux 6.2, 7, and 7.1 are now included.
These packages contain Samba version 2.0.10 with a backported security fix.

[Updated 1 April 2003]
Updated Samba packages for Red Hat Linux 9 are now included.  Please note
that this issue only affects Red Hat Linux 9 boxed sets manufactured for
distribution within the United States. The part numbers, which can be
found on the bottom flap of the box, are RHF0120US and RHF0121US.
Copies of Red Hat Linux 9 obtained through other means (such as from Red
Hat Network, FTP, or international boxed sets) already contain the 
packages referenced by this erratum, and are not vulnerable to this issue.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386
Red Hat Linux 7.0 - i386
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386

3. Problem description:

Samba is a suite of utilities which provides file and printer sharing
services to SMB/CIFS clients.

Sebastian Krahmer discovered a security vulnerability present
in unpatched versions of Samba prior to 2.2.8. An anonymous user could
exploit the vulnerability to gain root access on the target machine. 

Additionally, a race condition was discovered which could allow an attacker
to overwrite critical system files.

All users of Samba are advised to update to the packages listed in this
errata which correct these vulnerabilities.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory only contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/samba-2.0.10-1.62.src.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/samba-2.0.10-1.62.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/samba-common-2.0.10-1.62.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/samba-client-2.0.10-1.62.i386.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/samba-2.0.10-1.7.0.src.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/samba-2.0.10-1.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/samba-common-2.0.10-1.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/samba-client-2.0.10-1.7.0.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/samba-2.0.10-4.7.1.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/samba-2.0.10-4.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/samba-common-2.0.10-4.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/samba-client-2.0.10-4.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/samba-swat-2.0.10-4.7.1.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/samba-2.2.7-2.7.2.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/samba-2.2.7-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/samba-common-2.2.7-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/samba-client-2.2.7-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/samba-swat-2.2.7-2.7.2.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/samba-2.2.7-2.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/samba-common-2.2.7-2.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/samba-client-2.2.7-2.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/samba-swat-2.2.7-2.7.2.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/samba-2.2.7-2.7.3.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/samba-2.2.7-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/samba-common-2.2.7-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/samba-client-2.2.7-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/samba-swat-2.2.7-2.7.3.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/samba-2.2.7-4.8.0.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/samba-2.2.7-4.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/samba-common-2.2.7-4.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/samba-client-2.2.7-4.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/samba-swat-2.2.7-4.8.0.i386.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/samba-2.2.7a-7.9.0.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/samba-2.2.7a-7.9.0.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/samba-common-2.2.7a-7.9.0.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/samba-client-2.2.7a-7.9.0.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/samba-swat-2.2.7a-7.9.0.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
4ab086c2b7b1b36842a3fe679da8a62c 6.2/en/os/SRPMS/samba-2.0.10-1.62.src.rpm
e2f1c0eb7756eaaabb061456a3b9976b 6.2/en/os/i386/samba-2.0.10-1.62.i386.rpm
286d2586c20036c4c8c68448543c02c6 6.2/en/os/i386/samba-client-2.0.10-1.62.i386.rpm
0c59d519c586504f07de0a3084a90a3b 6.2/en/os/i386/samba-common-2.0.10-1.62.i386.rpm
901979ccb2ab895f2e04f01032f87a1c 7.0/en/os/SRPMS/samba-2.0.10-1.7.0.src.rpm
0e3c942b9babe1628f894e5d7d3b6f31 7.0/en/os/i386/samba-2.0.10-1.7.0.i386.rpm
8c14ad19b31ef0f40b076c440a5295ce 7.0/en/os/i386/samba-client-2.0.10-1.7.0.i386.rpm
d0a56d30c125bbc253fd0cb368176f93 7.0/en/os/i386/samba-common-2.0.10-1.7.0.i386.rpm
aaff2aa1209064157ee75e6cfb62345c 7.1/en/os/SRPMS/samba-2.0.10-4.7.1.src.rpm
ef31ad88c20642ebefa53772a4597ce6 7.1/en/os/i386/samba-2.0.10-4.7.1.i386.rpm
ecad16dd1971f948ff719a25bdc13c87 7.1/en/os/i386/samba-client-2.0.10-4.7.1.i386.rpm
b966c85535f4d4d7b8c1154f6bf71812 7.1/en/os/i386/samba-common-2.0.10-4.7.1.i386.rpm
7d89a94cb3dd473b7c83ea4cd8c20ced 7.1/en/os/i386/samba-swat-2.0.10-4.7.1.i386.rpm
d69bb56093e7331df997d659ca2ea9e8 7.2/en/os/SRPMS/samba-2.2.7-2.7.2.src.rpm
260f20116ee659b3ae90f0ddddd62cf9 7.2/en/os/i386/samba-2.2.7-2.7.2.i386.rpm
73d30c36d6bd66e46bd6748c75b66d95 7.2/en/os/i386/samba-client-2.2.7-2.7.2.i386.rpm
f0b0c21452d61a3a6b2c9678c2ff21e5 7.2/en/os/i386/samba-common-2.2.7-2.7.2.i386.rpm
5bc9e1065133519be8f8ad1217a91c28 7.2/en/os/i386/samba-swat-2.2.7-2.7.2.i386.rpm
5baa777197d842e5b3c9d6aa8aed42c3 7.2/en/os/ia64/samba-2.2.7-2.7.2.ia64.rpm
60815d802212e7c1d81578202483da1b 7.2/en/os/ia64/samba-client-2.2.7-2.7.2.ia64.rpm
42dc373237a120ebff3d3e2f0a75ccfc 7.2/en/os/ia64/samba-common-2.2.7-2.7.2.ia64.rpm
4869acd937643d1ebd47c08a124d4a6d 7.2/en/os/ia64/samba-swat-2.2.7-2.7.2.ia64.rpm
1a8b4d5ecf465a7b77002b9491a7e634 7.3/en/os/SRPMS/samba-2.2.7-2.7.3.src.rpm
e28cae0c58825bb3361cd91062e3b4f4 7.3/en/os/i386/samba-2.2.7-2.7.3.i386.rpm
da6798c92ea24bf85a676adf17e9084a 7.3/en/os/i386/samba-client-2.2.7-2.7.3.i386.rpm
34d8b1a219edd1891d0ea371c06a02d7 7.3/en/os/i386/samba-common-2.2.7-2.7.3.i386.rpm
852d956fc9ae7c16553d3803617888d4 7.3/en/os/i386/samba-swat-2.2.7-2.7.3.i386.rpm
69efd966ca49b534e213d10467adb3f8 8.0/en/os/SRPMS/samba-2.2.7-4.8.0.src.rpm
28fbffa7571d2e77ed6e6eb11a2f553a 8.0/en/os/i386/samba-2.2.7-4.8.0.i386.rpm
db4faec9250a12ab30edcc62cddaeb43 8.0/en/os/i386/samba-client-2.2.7-4.8.0.i386.rpm
63072e475355d39479b6d755123523bc 8.0/en/os/i386/samba-common-2.2.7-4.8.0.i386.rpm
d5fe4f9b3c1fa92a6b0d17b7e4042f2d 8.0/en/os/i386/samba-swat-2.2.7-4.8.0.i386.rpm
53d02b05110000ef81b6cd757049caa5 9/en/os/SRPMS/samba-2.2.7a-7.9.0.src.rpm
238851c68cf7a1607545b833ee05fe39 9/en/os/i386/samba-2.2.7a-7.9.0.i386.rpm
8d8990bc23ffb78ac17dec62bea10787 9/en/os/i386/samba-client-2.2.7a-7.9.0.i386.rpm
abd0c024db96914c9778505449896e7c 9/en/os/i386/samba-common-2.2.7a-7.9.0.i386.rpm
8f9ad3786f30de21356403fb255c68b1 9/en/os/i386/samba-swat-2.2.7a-7.9.0.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available at http://www.redhat.com/solutions/security/news/publickey/

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


7. References:

http://www.samba.org/samba/whatsnew/samba-2.2.8.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086

8. Contact:

The Red Hat security contact is <<A HREF="mailto:security@redhat.com">security@redhat.com>.  More contact
details at http://www.redhat.com/solutions/security/news/contact/

Copyright 2003 Red Hat, Inc.