dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, February 12, 2007

Feb 13, 2007, 04:45 (0 Talkback[s])

Today's security advisories: gd, wireshark, and samba (Fedora Core); postgresql and ImageMagick (Mandriva Linux); java-1.5.0-ibm (Red Hat Linux); dbus, dbus-glib, dbus-qt, dbus-x11, gd, ImageMagick, and kernel (rPath Linux); and postgresql-8.1, moin, and moin1.3 (Ubuntu).

Fedora Core


Fedora Update Notification
FEDORA-2007-149
2007-02-12

Product : Fedora Core 6
Name : gd
Version : 2.0.33
Release : 10.fc6
Summary : A graphics library for quick creation of PNG or JPEG images

Description :
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program.


  • Mon Jan 29 2007 Ivana Varekova <varekova@redhat.com> - 2.0.33-10
    • Resolves: #224610
      CVE-2007-0455 gd buffer overrun

This update can be downloaded from:

    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42 SRPMS/gd-2.0.33-10.fc6.src.rpm
feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42 noarch/gd-2.0.33-10.fc6.src.rpm
bba9c7e76f3e2aaf0a9e05b3e324b1acb6d796f9 ppc/gd-2.0.33-10.fc6.ppc.rpm
4c53ab51750622a608e2bf9bb863300d0fa5ffc1 ppc/gd-devel-2.0.33-10.fc6.ppc.rpm
f2b2b126b582d7e7469ecc0f3acf4c43619cd920 ppc/debug/gd-debuginfo-2.0.33-10.fc6.ppc.rpm
785fc0a4d2357f36882e479c65b3625bc95a65cc ppc/gd-progs-2.0.33-10.fc6.ppc.rpm
b91b8f712d63571239dc91fb6f4df260622dbc16 x86_64/debug/gd-debuginfo-2.0.33-10.fc6.x86_64.rpm
2d0294c076559f602f909cec2b7800ce9b7dcc57 x86_64/gd-2.0.33-10.fc6.x86_64.rpm
79ec946c48b8d64d102c9eec81aa3602e5190f8c x86_64/gd-progs-2.0.33-10.fc6.x86_64.rpm
94c9cfba053ebc2940f96cf36668a7d235a5df44 x86_64/gd-devel-2.0.33-10.fc6.x86_64.rpm
9dda1875358b97cbcfeddf7866747ff7a068fea9 i386/gd-devel-2.0.33-10.fc6.i386.rpm
b94f2270165586ce75abff4790a47102f3ca7455 i386/gd-2.0.33-10.fc6.i386.rpm
17ca24b887d547675857f1e80ba1aef5b7d9d18e i386/gd-progs-2.0.33-10.fc6.i386.rpm
d5b6337ca28aa58876db14ef7abda985e98c1754 i386/debug/gd-debuginfo-2.0.33-10.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-150
2007-02-12

Product : Fedora Core 5
Name : gd
Version : 2.0.33
Release : 7.fc5
Summary : A graphics library for quick creation of PNG or JPEG images

Description :
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program.


  • Mon Jan 29 2007 Ivana Varekova <varekova@redhat.com> - 2.0.33-7
    • Resolves: #224610
      CVE-2007-0455 gd buffer overrun

This update can be downloaded from:

    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

f5b3176556d582f3aead7251e444bb39325e67eb SRPMS/gd-2.0.33-7.fc5.src.rpm
f5b3176556d582f3aead7251e444bb39325e67eb noarch/gd-2.0.33-7.fc5.src.rpm
d8efaab38b6829ed03be8fd49a07c69076c935bd ppc/debug/gd-debuginfo-2.0.33-7.fc5.ppc.rpm
32d5ac5ba3554bce9d147211f9908460e5eb2a77 ppc/gd-progs-2.0.33-7.fc5.ppc.rpm
07c6ca3db3c4c00d20bd7caeb27b425f1f0cceae ppc/gd-2.0.33-7.fc5.ppc.rpm
401c7a2beecb667eef295d7e3fa2b226a99af174 ppc/gd-devel-2.0.33-7.fc5.ppc.rpm
0327d9e2082fab529730c8cc3bbfc973715926a4 x86_64/debug/gd-debuginfo-2.0.33-7.fc5.x86_64.rpm
5e80480e03dfec8450b20accb0602d8d0f34a4b9 x86_64/gd-progs-2.0.33-7.fc5.x86_64.rpm
839b0026d0198770d90a6a0c8536318fb842ebbc x86_64/gd-devel-2.0.33-7.fc5.x86_64.rpm
882b62adfb15b48fac779baadf7a7443e11fcc2f x86_64/gd-2.0.33-7.fc5.x86_64.rpm
61e529f58be3552a4ff3990bd8f1631818241401 i386/gd-progs-2.0.33-7.fc5.i386.rpm
c5f6052bf5d36698b5f02335177b152b88a4741e i386/debug/gd-debuginfo-2.0.33-7.fc5.i386.rpm
6aa079c7183d1908263e70fdf8417ffdaaf78688 i386/gd-devel-2.0.33-7.fc5.i386.rpm
e9a4a5e258a33e7d4912324d38128629d5385f65 i386/gd-2.0.33-7.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-216
2007-02-08

Product : Fedora Core 6
Name : wireshark
Version : 0.99.5
Release : 1.fc6
Summary : Network traffic analyzer

Description :
Wireshark is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package.


Update Information:
  • multiple security issues fixed (#227140)
  • CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets
  • CVE-2007-0459 - The HTTP dissector could crash.
  • CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash.
  • CVE-2007-0456 - On some systems, the LLT dissector could crash.

  • Mon Feb 5 2007 Radek Vokál <rvokal@redhat.com> 0.99.5-1
    • multiple security issues fixed (#227140)
    • CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets
    • CVE-2007-0459 - The HTTP dissector could crash.
    • CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash.
    • CVE-2007-0456 - On some systems, the LLT dissector could crash.

This update can be downloaded from:

    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

b48079fe4cb0de76e7be6e9145308513fc1cc6f1 SRPMS/wireshark-0.99.5-1.fc6.src.rpm
b48079fe4cb0de76e7be6e9145308513fc1cc6f1 noarch/wireshark-0.99.5-1.fc6.src.rpm
2b20ce24ffb2f8db09a9216b15d9f08850242134 ppc/debug/wireshark-debuginfo-0.99.5-1.fc6.ppc.rpm
a6ec97bb2518c6c1110bb297f9771a8c99ed3673 ppc/wireshark-0.99.5-1.fc6.ppc.rpm
2014525b87fa4bd073b7fbc9c5dd3523f0b6d5a8 ppc/wireshark-gnome-0.99.5-1.fc6.ppc.rpm
f154c26920aa7234feaac5b31ce7055647cc0bc9 x86_64/wireshark-gnome-0.99.5-1.fc6.x86_64.rpm
7cccb0bc382abb0b096a8cb119122b7d10f78d73 x86_64/wireshark-0.99.5-1.fc6.x86_64.rpm
83178a2c4b4456129ecaf3a8d86c3bb11f449eb6 x86_64/debug/wireshark-debuginfo-0.99.5-1.fc6.x86_64.rpm
07b008421fbe9afe9da90ca5b765fda8a321ce87 i386/wireshark-0.99.5-1.fc6.i386.rpm
4d0c9e81002711b944811cce84420bc981a20663 i386/debug/wireshark-debuginfo-0.99.5-1.fc6.i386.rpm
92c9c59c15c6c8a75068fe54c0f66f5e0fff953c i386/wireshark-gnome-0.99.5-1.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-219
2007-02-08

Product : Fedora Core 5
Name : samba
Version : 3.0.24
Release : 1.fc5
Summary : The Samba SMB server.

Description :

Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.


  • Wed Feb 7 2007 Jay Fenlason <fenlason@redhat.com> 3.0.24-1.fc5
    • New upstream release
    • Update the -man patch to work with 3.0.24
    • This release fixes CVE-2007-0452 Samba smbd denial of service
  • Tue Sep 26 2006 Jay Fenlason <fenlason@redhat.com> 3.0.23c-1.fc5
    • Include the newer smb.init that includes the configtest option
    • Upgrade to 3.0.23c, obsoleting the -samr_alias patch.
  • Wed Aug 9 2006 Jay Fenlason <fenlason@redhat.com> 3.0.23b-1.fc5
    • New upstream release, fixing some annoying bugs.
  • Mon Jul 24 2006 Jay Fenlason <fenlason@redhat.com> 3.0.23a-1.fc5.1
    • Fix the -logfiles patch to close
      bz#199607 Samba compiled with wrong log path.
      bz#199206 smb.conf has incorrect log file path
  • Mon Jul 24 2006 Jay Fenlason <fenlason@redhat.com> 3.0.23a-1.fc5
    • Upgrade to new upstream 3.0.23a
    • include upstream samr_alias patch
  • Wed Jul 12 2006 Jay Fenlason <fenlason@redhat.com> 3.0.23-1.fc5
    • Upgrade to 3.0.23 to close
      bz#197836 CVE-2006-3403 Samba denial of service
    • include related spec file, filter-requires-samba.sh and patch changes from rawhide.
    • include the fixed smb.init file from rawhide, closing
      bz#182560 Wrong retval for initscript when smbd is dead

This update can be downloaded from:

    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

9bbc8a4bb1a453d59bd8782f80f649915d34f911 SRPMS/samba-3.0.24-1.fc5.src.rpm
9bbc8a4bb1a453d59bd8782f80f649915d34f911 noarch/samba-3.0.24-1.fc5.src.rpm
ab6a77e6c718b5fd52070ade6ffb4d6d1b98f415 ppc/debug/samba-debuginfo-3.0.24-1.fc5.ppc.rpm
579f8f08f022010d62507e8837bae78c09297b95 ppc/samba-common-3.0.24-1.fc5.ppc.rpm
f38df05256e67eec1acbcc1a422dbe8ff96b8c57 ppc/samba-swat-3.0.24-1.fc5.ppc.rpm
130be42d37bcbbc7e635f764b98f8c075102a96c ppc/samba-3.0.24-1.fc5.ppc.rpm
a1fec57230163279fdeeebb483f9e33b16497b61 ppc/samba-client-3.0.24-1.fc5.ppc.rpm
1a463c5b5e0971b472ee9c52249ba2ad4eb73a96 x86_64/debug/samba-debuginfo-3.0.24-1.fc5.x86_64.rpm
0e033bf26b950a97863aac665e068d9235ba6b80 x86_64/samba-3.0.24-1.fc5.x86_64.rpm
5131e2bb48f3fc90890152be4c023bd5c609af92 x86_64/samba-swat-3.0.24-1.fc5.x86_64.rpm
469f90101adbb9ac32b80ecdb5009b07fe6c07fb x86_64/samba-client-3.0.24-1.fc5.x86_64.rpm
8dd3cd56064330ff3db3b443f5df8fe70b65dff6 x86_64/samba-common-3.0.24-1.fc5.x86_64.rpm
2cd55ad1de3678bf3d905791b78ab3495cb49244 i386/samba-3.0.24-1.fc5.i386.rpm
53f6e3e290b6a6fd18ec4949b03a598cbc3d6e40 i386/samba-client-3.0.24-1.fc5.i386.rpm
6c70800d282539cde2c61c59497759f861f187d3 i386/debug/samba-debuginfo-3.0.24-1.fc5.i386.rpm
8651a03ac90aaf7d2d2ce33a5f86eebf08ba8599 i386/samba-common-3.0.24-1.fc5.i386.rpm
c3ced49da43eb2636f18f78338535fc7a132323e i386/samba-swat-3.0.24-1.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-220
2007-02-08

Product : Fedora Core 6
Name : samba
Version : 3.0.24
Release : 1.fc6
Summary : The Samba SMB server.

Description :

Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.


  • Thu Nov 16 2006 Jay Fenlason <fenlason@redhat.com> 3.0.24-1.fc6
    • New upstream release
    • Update the -man patch to work with 3.0.24
    • This release fixes CVE-2007-0452 Samba smbd denial of service

This update can be downloaded from:

    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

f6c7a14016e459630e1cc73052ff37181f9a3b10 SRPMS/samba-3.0.24-1.fc6.src.rpm
f6c7a14016e459630e1cc73052ff37181f9a3b10 noarch/samba-3.0.24-1.fc6.src.rpm
e8f05955b2cc639be239c92b8253b9bf3282d136 ppc/samba-3.0.24-1.fc6.ppc.rpm
bc19b1ee344ccd33452f0e7b4d259794fc522178 ppc/samba-swat-3.0.24-1.fc6.ppc.rpm
f1dc0c2d251ceecb5a47ea4054b249d83c8aa76b ppc/samba-common-3.0.24-1.fc6.ppc.rpm
79c4c7599d455c6565e6dcf4cf96f38ca80c2478 ppc/debug/samba-debuginfo-3.0.24-1.fc6.ppc.rpm
a3f63dee82cd5d66dcc08dea4b050e86474e43a3 ppc/samba-client-3.0.24-1.fc6.ppc.rpm
f0260fcefa74852842385ce7bd3e879f675d5bed x86_64/samba-common-3.0.24-1.fc6.x86_64.rpm
839173461bbc3c8a34c9bb8aaed3271752dfe08b x86_64/samba-3.0.24-1.fc6.x86_64.rpm
570e0e4b20b4663742d1c2f7d73049639f336ecf x86_64/samba-client-3.0.24-1.fc6.x86_64.rpm
80c22f7e3618db604b29fcde6c63bcd7926769c6 x86_64/samba-swat-3.0.24-1.fc6.x86_64.rpm
051225214717e536e526fc208aabb27593442e02 x86_64/debug/samba-debuginfo-3.0.24-1.fc6.x86_64.rpm
3b77affb18a3bd2507b62700211bd630883fd412 i386/samba-common-3.0.24-1.fc6.i386.rpm
4dcad843014a95f1cbb133d9f52cfdda7aa4aced i386/samba-swat-3.0.24-1.fc6.i386.rpm
e19fe883b50563116aba366351b9df59d5800a25 i386/samba-client-3.0.24-1.fc6.i386.rpm
4b4a77cad2bc14010e5b6d127be850a87adb1ae6 i386/debug/samba-debuginfo-3.0.24-1.fc6.i386.rpm
df5865ed8299bf459d2457d96112d455a5822649 i386/samba-3.0.24-1.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2007:037-1
http://www.mandriva.com/security/


Package : postgresql
Date : February 8, 2007
Affected: 2007.0, Corporate 4.0


Problem Description:

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this (CVE-2007-0555).

As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploted to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this (CVE-2007-0556).

Update:

The previous update updated PostgreSQL to upstream versions, including 8.1.7 which contained a bug with typemod data types used with check constraints and expression indexes. This regression has been corrected in the new 8.1.8 version that is being provided.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556


Updated Packages:

Mandriva Linux 2007.0:
c90747c3f8b528b85b16642928752c59 2007.0/i586/libecpg5-8.1.8-1.1mdv2007.0.i586.rpm
02a28236dbd9aa5d1060fddeb3c6f656 2007.0/i586/libecpg5-devel-8.1.8-1.1mdv2007.0.i586.rpm
9113ea83c03b369d32c57e0b68325278 2007.0/i586/libpq4-8.1.8-1.1mdv2007.0.i586.rpm
dff91d9381a47da6a3bfe5d6c3fe2519 2007.0/i586/libpq4-devel-8.1.8-1.1mdv2007.0.i586.rpm
51969dfad9ba7a74e22882e1db7f559b 2007.0/i586/postgresql-8.1.8-1.1mdv2007.0.i586.rpm
affaf35323d0583d759dbdc832792cc5 2007.0/i586/postgresql-contrib-8.1.8-1.1mdv2007.0.i586.rpm
c25d7922f0984ea6947399dca9ec71c9 2007.0/i586/postgresql-devel-8.1.8-1.1mdv2007.0.i586.rpm
de46e08411f5eb3d2349d9032b7a3b55 2007.0/i586/postgresql-docs-8.1.8-1.1mdv2007.0.i586.rpm
64732375d78f10a418aaf84a843072a6 2007.0/i586/postgresql-pl-8.1.8-1.1mdv2007.0.i586.rpm
443d82af4b6dec2df4955675913c1c57 2007.0/i586/postgresql-plperl-8.1.8-1.1mdv2007.0.i586.rpm
4a38fd10cbc9ebb175710accdb265606 2007.0/i586/postgresql-plpgsql-8.1.8-1.1mdv2007.0.i586.rpm
6f95a8cdae62756195214f593e47c16b 2007.0/i586/postgresql-plpython-8.1.8-1.1mdv2007.0.i586.rpm
e19c9b2ecc7137ef425013f06a408647 2007.0/i586/postgresql-pltcl-8.1.8-1.1mdv2007.0.i586.rpm
c25c09078350d7e44e04eca1bbf48247 2007.0/i586/postgresql-server-8.1.8-1.1mdv2007.0.i586.rpm
5be6ca33b73216b8d84cfe3695c9f45e 2007.0/i586/postgresql-test-8.1.8-1.1mdv2007.0.i586.rpm c2d53fbc9eace270498003c9bc6db702 2007.0/SRPMS/postgresql-8.1.8-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9fa0cf41fc100317651fd335e42e89d8 2007.0/x86_64/lib64ecpg5-8.1.8-1.1mdv2007.0.x86_64.rpm
ac631e1f5b06d734a14036e53e6c9799 2007.0/x86_64/lib64ecpg5-devel-8.1.8-1.1mdv2007.0.x86_64.rpm
cc6a13d12741ee555d2e57795421db2c 2007.0/x86_64/lib64pq4-8.1.8-1.1mdv2007.0.x86_64.rpm
96bdec5afaa2e0ecc39ce1234de157fd 2007.0/x86_64/lib64pq4-devel-8.1.8-1.1mdv2007.0.x86_64.rpm
fe56c10801c62d066ffef1dfb3759478 2007.0/x86_64/postgresql-8.1.8-1.1mdv2007.0.x86_64.rpm
bddf713d296a712ef564ef2386da28e7 2007.0/x86_64/postgresql-contrib-8.1.8-1.1mdv2007.0.x86_64.rpm
8fae942233a8dd1d09d5decb79f0d42d 2007.0/x86_64/postgresql-devel-8.1.8-1.1mdv2007.0.x86_64.rpm
66f8de3e958cbdd3c4a54ab33b3cd65b 2007.0/x86_64/postgresql-docs-8.1.8-1.1mdv2007.0.x86_64.rpm
e10f521991c2a344b83dc41404a7bdc8 2007.0/x86_64/postgresql-pl-8.1.8-1.1mdv2007.0.x86_64.rpm
0ee1f3f8b2a5ad525059a84411fa77cd 2007.0/x86_64/postgresql-plperl-8.1.8-1.1mdv2007.0.x86_64.rpm
3bfd69ae9819b20d6e3b2d0f2f2914ee 2007.0/x86_64/postgresql-plpgsql-8.1.8-1.1mdv2007.0.x86_64.rpm
d43c59da2cc8b94d29cba08dbb8dc5d7 2007.0/x86_64/postgresql-plpython-8.1.8-1.1mdv2007.0.x86_64.rpm
cb4ca5a0639f6156c93d2847aee768e8 2007.0/x86_64/postgresql-pltcl-8.1.8-1.1mdv2007.0.x86_64.rpm
4daa3593803d7e0b16f610ff0ba3140c 2007.0/x86_64/postgresql-server-8.1.8-1.1mdv2007.0.x86_64.rpm
3fe5c0e800801ac0aad676c6d9c49cd7 2007.0/x86_64/postgresql-test-8.1.8-1.1mdv2007.0.x86_64.rpm c2d53fbc9eace270498003c9bc6db702 2007.0/SRPMS/postgresql-8.1.8-1.1mdv2007.0.src.rpm

Corporate 4.0:
3646b7d3426103702434428a67144dea corporate/4.0/i586/libecpg5-8.1.8-0.1.20060mlcs4.i586.rpm
1c5bd6440fe39f52fb085295807d99b8 corporate/4.0/i586/libecpg5-devel-8.1.8-0.1.20060mlcs4.i586.rpm
85ca75e8c44c87f9721f91da8fcff8c2 corporate/4.0/i586/libpq4-8.1.8-0.1.20060mlcs4.i586.rpm
edcd0beb041c7453734c5c16a789a157 corporate/4.0/i586/libpq4-devel-8.1.8-0.1.20060mlcs4.i586.rpm
9a7878356b498bed4489d75770c1d276 corporate/4.0/i586/postgresql-8.1.8-0.1.20060mlcs4.i586.rpm
8656f3a7c9c2bb9dfff47d84cd7bca71 corporate/4.0/i586/postgresql-contrib-8.1.8-0.1.20060mlcs4.i586.rpm
a1f44fd61edfb309c2f0477d18b4f25e corporate/4.0/i586/postgresql-devel-8.1.8-0.1.20060mlcs4.i586.rpm
3d4f14265c27d64d01cea5b1d87c2ca3 corporate/4.0/i586/postgresql-docs-8.1.8-0.1.20060mlcs4.i586.rpm
0870c7e4c4f1c9948d4fa89a9755d344 corporate/4.0/i586/postgresql-pl-8.1.8-0.1.20060mlcs4.i586.rpm
f430b170ee5798155c8e30c1da041d72 corporate/4.0/i586/postgresql-plperl-8.1.8-0.1.20060mlcs4.i586.rpm
b5875fd10fe7e2296431762e95e1433e corporate/4.0/i586/postgresql-plpgsql-8.1.8-0.1.20060mlcs4.i586.rpm
b163388a7e53e73dc11164cb2ffb6069 corporate/4.0/i586/postgresql-plpython-8.1.8-0.1.20060mlcs4.i586.rpm
8d34cb89cd0fb36c1d1f59fc94c296f5 corporate/4.0/i586/postgresql-pltcl-8.1.8-0.1.20060mlcs4.i586.rpm
13c6da736f8d3cd712629435b2f97acd corporate/4.0/i586/postgresql-server-8.1.8-0.1.20060mlcs4.i586.rpm
fb84b767af0906777a463cc52c96ae82 corporate/4.0/i586/postgresql-test-8.1.8-0.1.20060mlcs4.i586.rpm ecec0536648eedafd8d14c05f530a713 corporate/4.0/SRPMS/postgresql-8.1.8-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
de38a16b9ea4740ce062537e407f8dba corporate/4.0/x86_64/lib64ecpg5-8.1.8-0.1.20060mlcs4.x86_64.rpm
11bc707a0e4632ef7c2b4b0178ee41a3 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.8-0.1.20060mlcs4.x86_64.rpm
be32ff79999384264518fc36cddf6557 corporate/4.0/x86_64/lib64pq4-8.1.8-0.1.20060mlcs4.x86_64.rpm
2a29c2a494239f4e868a26eb21d10fc1 corporate/4.0/x86_64/lib64pq4-devel-8.1.8-0.1.20060mlcs4.x86_64.rpm
94e0e3b49c4dd3fe7c5ff53a16684ac6 corporate/4.0/x86_64/postgresql-8.1.8-0.1.20060mlcs4.x86_64.rpm
6b98440fa37a0c36583338f21dab0ba5 corporate/4.0/x86_64/postgresql-contrib-8.1.8-0.1.20060mlcs4.x86_64.rpm
437e389ba99fba84f0b0dd4498a2b065 corporate/4.0/x86_64/postgresql-devel-8.1.8-0.1.20060mlcs4.x86_64.rpm
af7ff5bf6e597521678bdac8434db561 corporate/4.0/x86_64/postgresql-docs-8.1.8-0.1.20060mlcs4.x86_64.rpm
a1df29f5b0aa54c60febfe6088c5a978 corporate/4.0/x86_64/postgresql-pl-8.1.8-0.1.20060mlcs4.x86_64.rpm
dde134fa8ca3771556d30fa08de48065 corporate/4.0/x86_64/postgresql-plperl-8.1.8-0.1.20060mlcs4.x86_64.rpm
1f3373ac4d916f8877c9e6bf7c534320 corporate/4.0/x86_64/postgresql-plpgsql-8.1.8-0.1.20060mlcs4.x86_64.rpm
9808c3922aa7a331a004ba6bf73b5f75 corporate/4.0/x86_64/postgresql-plpython-8.1.8-0.1.20060mlcs4.x86_64.rpm
bdc3c99b92b9273c5498e884b0a8cb89 corporate/4.0/x86_64/postgresql-pltcl-8.1.8-0.1.20060mlcs4.x86_64.rpm
5a4a8a94afe80e38cc625f1a6e8ef8a0 corporate/4.0/x86_64/postgresql-server-8.1.8-0.1.20060mlcs4.x86_64.rpm
2fe0e23d6f77d5761ed5feca78cb8868 corporate/4.0/x86_64/postgresql-test-8.1.8-0.1.20060mlcs4.x86_64.rpm ecec0536648eedafd8d14c05f530a713 corporate/4.0/SRPMS/postgresql-8.1.8-0.1.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2007:041
http://www.mandriva.com/security/


Package : ImageMagick
Date : February 9, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and ImageMagick allows user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

This is related to an earlier fix for CVE-2006-5456 that did not fully correct the issue.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770


Updated Packages:

Mandriva Linux 2006.0:
193c4bcc7fa385bc4582095a3bdc362e 2006.0/i586/ImageMagick-6.2.4.3-1.5.20060mdk.i586.rpm
b412617cbd2bee1ac4b7e5dd9dc7f669 2006.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mdk.i586.rpm
20fc4eec284af86b076bbcbebaee0bb3 2006.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mdk.i586.rpm
f79d82b2e5e4043ccb2871259de495e1 2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk.i586.rpm
ab5a38478c7c022197edc5d4f5128aaf 2006.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mdk.i586.rpm 8a4d8538baa0065458ba630aaed9976d 2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a73886f426de014a97adfb746e4565f8 2006.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mdk.x86_64.rpm
bf0d3317021d77551e1154f7e222915c 2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mdk.x86_64.rpm
d8f7a2b02a6324579ac78daddb0e6a7e 2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mdk.x86_64.rpm
dfb8b167a0070da2d2f9e4ffe28023fe 2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk.x86_64.rpm
3739eede5d60601d1dc1d73d01b37202 2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mdk.x86_64.rpm 8a4d8538baa0065458ba630aaed9976d 2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm

Mandriva Linux 2007.0:
6ab89c972478c2c023da37b93f594d24 2007.0/i586/ImageMagick-6.2.9.2-1.2mdv2007.0.i586.rpm
28f69c54db80c27a101491330f66b662 2007.0/i586/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.i586.rpm
03b4d5956d8877694faac5865d48a520 2007.0/i586/libMagick10.4.0-6.2.9.2-1.2mdv2007.0.i586.rpm
776a23f71fb316acdf5cff805971c34e 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0.i586.rpm
93f2614af3719718cac1d1879d12d12a 2007.0/i586/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.i586.rpm 3116010a2047074e801e22d425c9a9d5 2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
51380bf4ebf6e0b04c4f4288661ae213 2007.0/x86_64/ImageMagick-6.2.9.2-1.2mdv2007.0.x86_64.rpm
69b0a59488540fdf0f28442f964fd104 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.x86_64.rpm
8fb388fc56a213a28351c9c561861329 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0.x86_64.rpm
ec518f1e4a63e66c2fb352b41760028e 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0.x86_64.rpm
08b01e7f371a53bec64e6beeb5f3ab53 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.x86_64.rpm 3116010a2047074e801e22d425c9a9d5 2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm

Corporate 3.0:
471cef35e46eeb61d6591e13b446479e corporate/3.0/i586/ImageMagick-5.5.7.15-6.10.C30mdk.i586.rpm
70c7d71b8880e5c333c339d5a647268f corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.10.C30mdk.i586.rpm
1cc8b03ddd796be711feb96369129351 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.10.C30mdk.i586.rpm
f6ac22c4a8b964d16a945a058a11018c corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.10.C30mdk.i586.rpm
65c9c8f0d3f8a126a78aa42c4e938143 corporate/3.0/i586/perl-Magick-5.5.7.15-6.10.C30mdk.i586.rpm 3443a491b2e8d8cdde7b9d75a7ff26eb corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm

Corporate 3.0/X86_64:
b63e6de0c85935b92b9d7c9694a834f3 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.10.C30mdk.x86_64.rpm
8e5277702700da02eb6e05a150035770 corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.10.C30mdk.x86_64.rpm
b07b76e7e0a8d66d2d79f712d09958e1 corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.10.C30mdk.x86_64.rpm
9212e9b660e22225a53a98036bc3fcb8 corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.10.C30mdk.x86_64.rpm
c7b43627ef24177dd52a375d6b9f21d4 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.10.C30mdk.x86_64.rpm 3443a491b2e8d8cdde7b9d75a7ff26eb corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm

Corporate 4.0:
e4ba1f2b9651d72c1cd4cb6dd776d751 corporate/4.0/i586/ImageMagick-6.2.4.3-1.5.20060mlcs4.i586.rpm
26d72e8cafcbc76087c7631e8bedd6e5 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.i586.rpm
b18d2e5aefe0fc96f6dfef405ac75d1d corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mlcs4.i586.rpm
7ed9b663192e24fd723a238dce7261c3 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.i586.rpm
c7e27a51fc8ee6b3dbf3926be899b028 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.i586.rpm ccf643955298a3d36be65f9958360da6 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
7511f0e4b203f7217774ae3133f6ac97 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
12996cab922873b18717bceeac05f4d0 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
9f63d066ad11524a5855c69f951b87ba corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
4750be3ba0b5fa37378402d80376b168 corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
b004eeb51659686cb5cfdfa125ee4102 corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm ccf643955298a3d36be65f9958360da6 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: java-1.5.0-ibm security update
Advisory ID: RHSA-2007:0073-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0073.html
Issue date: 2007-02-09
Updated on: 2007-02-09
Product: Red Hat Enterprise Linux Extras
Obsoletes: RHEA-2007:0027
CVE Names: CVE-2006-4339 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745


1. Summary:

java-1.5.0-ibm packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Problem description:

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

Vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these vulnerabilities to access data from other applets. (CVE-2006-6736, CVE-2006-6737)

Serialization flaws were discovered in the Java Runtime Environment. An untrusted applet or application could use these flaws to elevate its privileges. (CVE-2006-6745)

Buffer overflow vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these flaws to elevate its privileges, possibly reading and writing local files or executing local applications. (CVE-2006-6731)

Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. (CVE-2006-4339)

All users of java-ibm-1.5.0 should upgrade to these packages, which contain IBM's 1.5.0 SR3 Java release which resolves these issues.

Please note that the packages in this erratum are identical to those we released on January 24th 2007 in advisory RHEA-2007:0027. We have issued this security update because when we released RHEA-2007:0027 we were not aware that it contained fixes for security issues. If you have already updated to those packages you will not need to apply this update.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

227990 - CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)

6. RPMs required:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
b67fc6c6d9feea933d088dc62c6f4cbc java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5 java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734 java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm

ppc:
2fe83ca7ec1ca133b3f8317547e3f273 java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.ppc.rpm
eb516a10d2470b9a418a36d4f21f9a78
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.ppc.rpm
0ccf358682c76242ea60662ff40e7c43 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.ppc.rpm
b500aad75868c075e16788c1d786dccf
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.ppc.rpm
b619093731e096af4949b72ff982b6ca java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.ppc.rpm
db04baa7ecc079981f8d2a19af81ace1
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.ppc.rpm
6c4d83eee888f0c7665e01b416c264ae java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.ppc.rpm

s390:
4ba21c2cdae2a1ef4e58840ad833e9a0 java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.s390.rpm
115c4afc374dc7c02479c9a5b94922a0
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.s390.rpm
64da33008e9d625bf50d0824832caba2 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.s390.rpm
161710bcac5f0c3492f141e3316828e7
java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.s390.rpm
281cff793123a37c13160aa819417124 java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.s390.rpm

s390x:
55ececa007e534f5e27ac5291c6ffb48 java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.s390x.rpm
22d24231609afff610dc089415b4a91a
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.s390x.rpm
236ca00cb7add0571df0985381a377eb java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.s390x.rpm
e49a180a24e81be67bab59f52769c597
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.s390x.rpm

x86_64:
9534b0f12f981f71a94103f90ec80b60 java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
b67fc6c6d9feea933d088dc62c6f4cbc java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5 java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734 java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm

x86_64:
9534b0f12f981f71a94103f90ec80b60 java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
b67fc6c6d9feea933d088dc62c6f4cbc java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5 java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734 java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm

x86_64:
9534b0f12f981f71a94103f90ec80b60 java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
b67fc6c6d9feea933d088dc62c6f4cbc java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5 java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734 java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm

x86_64:
9534b0f12f981f71a94103f90ec80b60 java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397 java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

rPath Linux

rPath Security Advisory: 2006-0233-1
Published: 2007-02-09
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Local Deterministic Denial of Service
Updated Versions: dbus=/conary.rpath.com@rpl:devel//1/0.50-2.2-1
dbus-glib=/conary.rpath.com@rpl:devel//1/0.50-2.2-1
dbus-qt=/conary.rpath.com@rpl:devel//1/0.50-2.2-1
dbus-x11=/conary.rpath.com@rpl:devel//1/0.50-2.2-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6107

    https://issues.rpath.com/browse/RPL-860

Description:

Previous versions of the dbus package are vulnerable to a local denial of service attack in which one local user can prevent another local user from using the D-Bus service.

rPath Security Advisory: 2007-0028-1
Published: 2007-02-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Remote Deterministic Denial of Service
Updated Versions: gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.3-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455

    https://issues.rpath.com/browse/RPL-1030

Description:

Previous versions of the gd package have a weakness that can cause crashes in applications that use the gd library when rendering certain malformed strings with a JIS font. This weakness may enable executing attacker-controlled or attacker-provided code.

rPath Security Advisory: 2007-0029-1
Published: 2007-02-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect User Deterministic Unauthorized Access
Updated Versions: ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.5-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456

    https://issues.rpath.com/browse/RPL-1034

Description:

The previous security update for CVE-2006-5456; a buffer overflow parsing Palm Pixmap files, was not sufficient. Previous versions of the ImageMagick package are vulnerable to Denial of Service and possibly Unauthorized Access when presented with an intentionally malformed Palm Pixmap file. The main form of remote exposure is when ImageMagick is exposed to remote users via web services.

rPath Security Advisory: 2007-0031-1
Published: 2007-02-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect Deterministic Denial of Service
Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.19.3-0.1-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106

    https://issues.rpath.com/browse/RPL-848

    https://issues.rpath.com/browse/RPL-963

Description:

Previous versions of the kernel package are vulnerable to a denial of service when using the capi bluetooth driver. rPath Linux 1 does not include the tools required to configure this driver, so rPath Linux 1 has limited exposure to this vulnerability.

This is the first release of the 2.6.19.x kernel for rPath Linux 1, which enables significant additional hardware support. This includes support for new hardware in existing drivers, as well as additional drivers.

This update requires a system reboot to implement the fixes.

Note: rPath Linux is not vulnerable to several other Linux kernel vulnerabilities that have been recently announced, including CVE-2006-4814, CVE-2006-5174, CVE-2006-6304, CVE-2006-6053, CVE-2006-6054, CVE-2006-4814, and CVE-2006-5823.

Ubuntu


Ubuntu Security Notice USN-417-3 February 09, 2007
postgresql-8.1 regression

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:

postgresql-8.1 8.1.8-0ubuntu6.06.1
postgresql-client-8.1 8.1.8-0ubuntu6.06.1

Ubuntu 6.10:

postgresql-8.1 8.1.8-0ubuntu6.10
postgresql-client-8.1 8.1.8-0ubuntu6.10

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-417-2 fixed a severe regression in the PostgreSQL server that was introduced in USN-417-1 and caused some valid queries to be aborted with a type error. This update fixes a similar (but much less prominent) error.

At the same time, PostgreSQL is updated to version 8.1.8, which fixes a range of important bugs.

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8-0ubuntu6.06.1.diff.gz
      Size/MD5: 25266 ada0de93d338e6fd238e90d9b2392e83
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8-0ubuntu6.06.1.dsc
      Size/MD5: 1119 3ae022f39647a437f59bbb8bbeeda00b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8.orig.tar.gz
      Size/MD5: 11401827 6dc11fcd2c907f93d36f5fa3a1cefd19

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.8-0ubuntu6.06.1_all.deb
      Size/MD5: 1454258 12e6983fbdc99cb37c98132bdba74198

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 156836 a86f07cfa05c30218c29e31d285e067e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 348720 9688bf15eef77984cd25172f66860657
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 177490 42bdcdb23b1445cac250ebc92ac3caee
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 178762 474c305612b8efc8faf7df21eea3205a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 311688 4e69b107064d625e061c5590b9ef83b9
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 210468 6916fbd5f16c7ca901ba8e06b1d8500a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 3230076 b7d18bf6253b714ff82e311e44c0361c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 785898 6fb40aa8573bb642dc6e35ed21dc340f
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 617656 31fd77725b3deb1d426f6cd48a9ffedf
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 173578 53bc5a6d0be04caf35e24ba53233c27e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 167650 90b11a981bd7a6ff490f9685c60b61cb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 167764 c7429e3eb2526110744f99755b4d2b85
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
      Size/MD5: 600356 16d93e175fb1bd0872d7398bb1dc77cd

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.8-0ubuntu6.06.1_i386.deb
      Size/MD5: 155756 a5429a64c62156c96e5f607c78008579
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.8-0ubuntu6.06.1_i386.deb
      Size/MD5: 339384 da8d9fad352819051198349ba7fbb997
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.8-0ubuntu6.06.1_i386.deb
      Size/MD5: 175258 f17f145f437d0754ac0f83047126021e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.8-0ubuntu6.06.1_i386.deb
      Size/MD5: 176926 adb28d31cf67948756bbad89025397f8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.8-0ubuntu6.06.1_i386.deb
      Size/MD5: 300218 f4858fc6a51a433b9744e0e77e37b2c7
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.8-0ubuntu6.06.1_i386.deb
      Size/MD5: 203484 d5d2e516ce14bb56ee405d0bb593d06c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8-0ubuntu6.06.1_i386.deb
      Size/MD5: 3036362 b24fdca3d141fca60cac1460f9cbfecd
    http://security.ubuntu.com/ubuntu/pool/