dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories: May 11, 2005

May 12, 2005, 04:45 (0 Talkback[s])

Fedora Core


Fedora Update Notification
FEDORA-2005-369
2005-05-11

Product : Fedora Core 3
Name : gaim
Version : 1.3.0
Release : 1.fc3
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers.


Update Information:

Many bug fixes and two important security fixes.


  • Tue May 10 2005 Warren Togami <wtogami@redhat.com> 1:1.3.0-1
    • "1.3.0 many bug fixes and two security fixes long URL crash fix (#157017) CAN-2005-1261 MSN bad messages crash fix (#157202) CAN-2005-1262
  • Thu Apr 7 2005 Warren Togami <wtogami@redhat.com> 1:1.2.1-4
    • use mozilla-nss everywhere because gnutls is buggy (#135778)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

657b6db50b3e2dcc8f6de28949da4db0 SRPMS/gaim-1.3.0-1.fc3.src.rpm
5de6efcfe212fde2bc3495ad9766d256 x86_64/gaim-1.3.0-1.fc3.x86_64.rpm
69e1bdfcbb08b4dcd52b6739d629713f
x86_64/debug/gaim-debuginfo-1.3.0-1.fc3.x86_64.rpm
2a3459bf8322df5702b619bd29236cc8 i386/gaim-1.3.0-1.fc3.i386.rpm
579b449572cc0dbf2fe5fde5f1c4c9d6
i386/debug/gaim-debuginfo-1.3.0-1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Red Hat Linux


Red Hat Security Advisory

Synopsis: Moderate: openmotif security update
Advisory ID: RHSA-2005:412-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-412.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0605


1. Summary:

Updated openmotif packages that fix a flaw in the Xpm image library are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenMotif provides libraries which implement the Motif industry standard graphical user interface.

An integer overflow flaw was found in libXpm, which is used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0605 to this issue.

Users of OpenMotif are advised to upgrade to these erratum packages, which contains a backported security patch to the embedded libXpm library.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1 openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782 openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097
openmotif-devel-2.1.30-13.21AS.5.i386.rpm

ia64:
23a97afe7a12979b59436b7331e737e2 openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d
openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1 openmotif-2.1.30-13.21AS.5.src.rpm

ia64:
23a97afe7a12979b59436b7331e737e2 openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d
openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1 openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782 openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097
openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm
fc696f8839bf611ea0f3ea23fa2abbc1 openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782 openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097
openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69 openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96 openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0 openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ppc:
aa579c6cd9b990c200649c8e486080a6 openmotif-2.2.3-5.RHEL3.2.ppc.rpm
b20b1e8f68630389cb394bfb7c40155f
openmotif-2.2.3-5.RHEL3.2.ppc64.rpm
5ce626584cb7aa546f5fcd10f6c56a19 openmotif-devel-2.2.3-5.RHEL3.2.ppc.rpm

s390:
08b1bea796c5d86b014b567edb5087cc openmotif-2.2.3-5.RHEL3.2.s390.rpm
cc2134a36b90a4359698f6c1999c1425
openmotif-devel-2.2.3-5.RHEL3.2.s390.rpm

s390x:
bd621dc1992af0815be37a0f63d446e8 openmotif-2.2.3-5.RHEL3.2.s390x.rpm
08b1bea796c5d86b014b567edb5087cc
openmotif-2.2.3-5.RHEL3.2.s390.rpm
86c61331a3388af93c39cd5e823595cd openmotif-devel-2.2.3-5.RHEL3.2.s390x.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260 openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69 openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96 openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260 openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69 openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96 openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
47c7fb4596b78c973deb7c2988808f96 openmotif-2.2.3-5.RHEL3.2.i386.rpm
ab4961edbf87f51127e6f491a4da9eea
openmotif-2.2.3-5.RHEL3.2.ia64.rpm
ee6f6ea8384e1d6e75e31a30167a44e0 openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260 openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm
3cd7bf76e1135f650e80ca6522412c69 openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm
fc9c3cdfe2888fbb732ebe1e2a4af65f openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96 openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0 openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260 openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8 openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1 openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675 openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58 openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83 openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675 openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ppc:
c332f25632c26bf2b5d55960bc93f9c1 openmotif-2.2.3-9.RHEL4.1.ppc.rpm
4f98953c059ffe207e12159128927006
openmotif-2.2.3-9.RHEL4.1.ppc64.rpm
5c96da3bcfbc5cfd01a60bc0a3ee8e0c openmotif-devel-2.2.3-9.RHEL4.1.ppc.rpm

s390:
4f764a6ad8dc046b16b578c71a9dd733 openmotif-2.2.3-9.RHEL4.1.s390.rpm
e9f3bd11e16b08fb2d87d052f90923bc
openmotif-devel-2.2.3-9.RHEL4.1.s390.rpm

s390x:
4e2615987a0ab95371f0d979db6eff0d openmotif-2.2.3-9.RHEL4.1.s390x.rpm
4f764a6ad8dc046b16b578c71a9dd733
openmotif-2.2.3-9.RHEL4.1.s390.rpm
52affcfcf476d51deaa3fd775aa5646b openmotif-devel-2.2.3-9.RHEL4.1.s390x.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90 openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234 openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8 openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1 openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675 openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90 openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234 openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8 openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1 openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675 openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58 openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83 openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675 openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90 openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234 openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm
33a7a4ad7fe6ec6960f4ec09972954c8 openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm
36c7d95bc2d6cedec3ada3eeb575def1 openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675 openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58 openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83 openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675 openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90 openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234 openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Moderate: tcpdump security update
Advisory ID: RHSA-2005:417-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-417.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1278 CAN-2005-1279 CAN-2005-1280


1. Summary:

Updated tcpdump packages that fix several security issues are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

This updated package also adds support for output files larger than 2 GB.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Tcpdump is a command-line tool for monitoring network traffic.

Several denial of service bugs were found in the way tcpdump processes certain network packets. It is possible for an attacker to inject a carefully crafted packet onto the network, crashing a running tcpdump session. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280 to these issues.

The tcpdump utility can now write a file larger than 2 GB.

Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

ia64:
c946c22b1dd85ebdd683ba32a0b90c81 arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm

ppc:
75881a67766b2b6691d5226e171fdc10 arpwatch-2.1a13-9.RHEL4.ppc.rpm
b4a41e93577c6f82f149431977ef61e5 libpcap-0.8.3-9.RHEL4.ppc.rpm
a14f89e586397f85008157fa19878911 libpcap-0.8.3-9.RHEL4.ppc64.rpm
9420bb4d746827512ee887401312440a tcpdump-3.8.2-9.RHEL4.ppc.rpm

s390:
7ea94c620e5af6e475b4b27f26e470f2 arpwatch-2.1a13-9.RHEL4.s390.rpm
1976770e47c521297f649f1b42e49898 libpcap-0.8.3-9.RHEL4.s390.rpm
e7da5aebbed8819f14b5879e11c2be6e tcpdump-3.8.2-9.RHEL4.s390.rpm

s390x:
7cfc13ab028787fa75ad5e8247d1880c arpwatch-2.1a13-9.RHEL4.s390x.rpm
4a86ff37bfc19be6081f382660a92cdc libpcap-0.8.3-9.RHEL4.s390x.rpm
1976770e47c521297f649f1b42e49898 libpcap-0.8.3-9.RHEL4.s390.rpm
13d794d2c859d3ea562487b88e216f1a tcpdump-3.8.2-9.RHEL4.s390x.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

ia64:
c946c22b1dd85ebdd683ba32a0b90c81 arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm
5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3 arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

ia64:
c946c22b1dd85ebdd683ba32a0b90c81 arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1 libpcap-0.8.3-9.RHEL4.x86_64.rpm/
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e tcpdump-3.8.2-9.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Moderate: tcpdump security update
Advisory ID: RHSA-2005:421-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-421.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1278 CAN-2005-1279 CAN-2005-1280


1. Summary:

Updated tcpdump packages that fix several security issues are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

These updated packages also add support for output files larger than 2 GB, add support for some new VLAN IDs, and fix message parsing on 64bit architectures.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Tcpdump is a command-line tool for monitoring network traffic.

Several denial of service bugs were found in the way tcpdump processes certain network packets. It is possible for an attacker to inject a carefully crafted packet onto the network, crashing a running tcpdump session. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280 to these issues.

Additionally, the tcpdump utility can now write a file larger than 2 GB, parse some new VLAN IDs, and parse messages on 64bit architectures.

Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm

ppc:
2758662cc702f6a4410a60d1601a153a libpcap-0.7.2-7.E3.5.ppc.rpm
7a568efb8187cfc7c6b559161cf9e18c libpcap-0.7.2-7.E3.5.ppc64.rpm
07c067ffd17e53819cefd8456e7a7509 tcpdump-3.7.2-7.E3.5.ppc.rpm

s390:
e3ef1f0253d92389bdd051cba0ddaae9 libpcap-0.7.2-7.E3.5.s390.rpm
37a66b594884b745c7bada003825aef9 tcpdump-3.7.2-7.E3.5.s390.rpm

s390x:
69a4d6ad073863c16b4b5ca0a083fbfc libpcap-0.7.2-7.E3.5.s390x.rpm
e3ef1f0253d92389bdd051cba0ddaae9 libpcap-0.7.2-7.E3.5.s390.rpm
368c077fe312d95ce20e350fd5a6704d tcpdump-3.7.2-7.E3.5.s390x.rpm

x86_64:
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

x86_64:
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm

x86_64:
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm
0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm

x86_64:
9bda0e806e916b7dab298317097a3325 tcpdump-3.7.2-7.E3.5.x86_64.rpm
157bceaebd99a87bd8dc797d1d509f33 libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Critical: gaim security update
Advisory ID: RHSA-2005:429-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-429.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1261 CAN-2005-1262


1. Summary:

An updated gaim package that fixes two security issues is now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Gaim application is a multi-protocol instant messaging client.

A stack based buffer overflow bug was found in the way gaim processes a message containing a URL. A remote attacker could send a carefully crafted message resulting in the execution of arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-1261 to this issue.

A bug was found in the way gaim handles malformed MSN messages. A remote attacker could send a carefully crafted MSN message causing gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-1262 to this issue.

Users of Gaim are advised to upgrade to this updated package which contains backported patches and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm

ppc:
742c7971f07ba2a83af5023ac4283f02 gaim-1.2.1-6.el3.ppc.rpm

s390:
987db3f09037b9f8deeaaafd51fe76c3 gaim-1.2.1-6.el3.s390.rpm

s390x:
16d7c8d5fe4dd0f99f1bd6418f3e03c7 gaim-1.2.1-6.el3.s390x.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm
bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm

ppc:
f596381eb4b924a8b43df623ac2011ae gaim-1.2.1-6.el4.ppc.rpm

s390:
c72eb22cda05c6f23caabc458a6b3132 gaim-1.2.1-6.el4.s390.rpm

s390x:
6a64c4e6cd546fd98d2ee0f44c04f6bb gaim-1.2.1-6.el4.s390x.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm
8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Critical: gaim security update
Advisory ID: RHSA-2005:432-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-432.html
Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0472 CAN-2005-1261


1. Summary:

An updated gaim package that fixes security issues is now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The Gaim application is a multi-protocol instant messaging client.

A stack based buffer overflow bug was found in the way gaim processes a message containing a URL. A remote attacker could send a carefully crafted message resulting in the execution of arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-1261 to this issue.

A bug in the way Gaim processes SNAC packets was discovered. It is possible that a remote attacker could send a specially crafted SNAC packet to a Gaim client, causing the client to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0472 to this issue.

Users of Gaim are advised to upgrade to this updated package which contains gaim version 0.59.9 with backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm

ia64:
5f32a394431f368a7c9e049f4ebb7494 gaim-0.59.9-4.el2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

ia64:
5f32a394431f368a7c9e049f4ebb7494 gaim-0.59.9-4.el2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm
f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: ethereal
Advisory ID: MDKSA-2005:083
Date: May 10th, 2005
Affected versions: 10.1, 10.2


Problem Description:

A number of vulnerabilities were discovered in previous version of Ethereal that have been fixed in the 0.10.11 release, including:

  • The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities.
  • The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP and Presentation dissectors are vulnerable to buffer overflows.
  • The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB NETLOGON dissectors are vulnerable to pointer handling errors.
  • The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and L2TP dissectors are vulnerable to looping problems.
  • The Telnet and DHCP dissectors could abort.
  • The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a segmentation fault.
  • The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2, RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.
  • The DICOM, NDPS and ICEP dissectors are vulnerable to memory handling errors.
  • The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP dissectors could terminate abnormallly.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466