Fedora Core
Fedora Update Notification
FEDORA-2006-1475
2006-12-19
Product : Fedora Core 6
Name : dbus
Version : 1.0.1
Release : 8.fc6
Summary : D-BUS message bus
Description :
D-BUS is a system for sending messages between applications. It
is used both for the systemwide message bus service, and as a
per-user-login-session messaging facility.
Update Information:
Kimmo Hämäläinen reported a DoS flaw in D-Bus
that can cause a local user to disable the the ability of another
process to receive certain messages. This flaw does not contain any
potential for arbitrary code execution.
- Fri Dec 15 2006 Ray Strode <rstrode@redhat.com> – 1.0.1-8
- undo the patch in 1.0.1-5.fc6 to get the security update in
1.0.1-7.fc6 out independent of bug 218207
- undo the patch in 1.0.1-5.fc6 to get the security update in
- Fri Dec 15 2006 David Zeuthen <davidz@redhat.com> –
1.0.1-7.fc6- CVE-2006-6107: D-Bus denial of service
- Resolves: #219665
- Fri Dec 15 2006 Ray Strode <rstrode@redhat.com> – 1.0.1-5
- don’t die when reloading config if config file gains new
options that aren’t understood. Move config file to new location
and keep compatible, but obsolete config file in old location (one
last try at bug 218207).
- don’t die when reloading config if config file gains new
- Thu Dec 14 2006 Ray Strode <rstrode@redhat.com> – 1.0.1-4
- don’t die when reloading config if config file gains new
options that aren’t understood. Add a PreReq:
selinux-policy-targeted >= version to create ordering
constraints during transaction (one more try at bug 218207)
- don’t die when reloading config if config file gains new
- Thu Dec 14 2006 Ray Strode <rstrode@redhat.com> – 1.0.1-3
- don’t die when reloading config if config file gains new
options that aren’t understood. Add a conflicts:
selinux-policy-targeted < version to create ordering constraints
during transaction (bug 218207)
- don’t die when reloading config if config file gains new
- Fri Dec 1 2006 John (J5) Palmieri <johnp@redhat.com> –
1.0.1-2- Make sure we own the /var/lib/dbus directory so that it is
created on install
- Make sure we own the /var/lib/dbus directory so that it is
- Mon Nov 20 2006 Ray Strode <rstrode@redhat.com> – 1.0.1-1
- Update to 1.0.1
- Add patch from Thiago Macieira <thiago@kde.org> to fix
assertion failure
- Tue Nov 14 2006 John (J5) Palmieri <johnp@redhat.com> –
1.0.0-2- add patch to fix dbus_threads_init_default
- Mon Nov 13 2006 John (J5) Palmieri <johnp@redhat.com> –
1.0.0-1- update to D-Bus 1.0.0 “Blue Bird”
- build tests, asserts and verbose mode off
- patch so we are not fatal when checks fail
- Sun Oct 1 2006 Jesse Keating <jkeating@redhat.com> –
0.93-3- rebuilt for unwind info generation, broken in gcc-4.1.1-21
- Tue Sep 19 2006 Matthias Clasen <mclasen@redhat.com> –
0.93-2- Add a Requires for libxml2-python (#201877)
- Thu Sep 14 2006 John (J5) Palmieri <johnp@redhat.com> –
0.93-1- Updated from upstream D-Bus 1.0 RC 1 (0.93)
- Wed Sep 6 2006 Dan Walsh <dwalsh@redhat.com> – 0.92-2
- Only audit on the system bus
- Fri Aug 18 2006 John (J5) Palmieri <johnp@redhat.com> –
0.92-1- Update to 0.92
- remove old patches
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
8275f2c7eaddf6cc33f81d24176005e5a9156cc4
SRPMS/dbus-1.0.1-8.fc6.src.rpm
8275f2c7eaddf6cc33f81d24176005e5a9156cc4
noarch/dbus-1.0.1-8.fc6.src.rpm
c0bf0b361bc320571d68701106b68838474f0062
ppc/debug/dbus-debuginfo-1.0.1-8.fc6.ppc.rpm
ff8890fd9f0781f86c283d9cc9b4d24eb3fdcb03
ppc/dbus-x11-1.0.1-8.fc6.ppc.rpm
9982dc1b93b1c89d2fa14b79a44f0fb39dabd137
ppc/dbus-1.0.1-8.fc6.ppc.rpm
1be69798ecd58741d4360889bf6ceb43f2b88922
ppc/dbus-devel-1.0.1-8.fc6.ppc.rpm
eae8d97f0e5f199d376bee4c77a6ba6fde8c9285
x86_64/dbus-x11-1.0.1-8.fc6.x86_64.rpm
afec49fb5a9e83aec38693d6e8aac81bad785404
x86_64/dbus-1.0.1-8.fc6.x86_64.rpm
94594f568a4dc1605bb791ff7abf67b9742fdfe1
x86_64/dbus-devel-1.0.1-8.fc6.x86_64.rpm
44e89f61330a0bbdc98b1ff10013596f27b72cea
x86_64/debug/dbus-debuginfo-1.0.1-8.fc6.x86_64.rpm
0f95685e0f09dadca9df2a0f337cfe63415d3dc1
i386/dbus-1.0.1-8.fc6.i386.rpm
be5632065dfe9e573462a0820477e8828cdd365f
i386/debug/dbus-debuginfo-1.0.1-8.fc6.i386.rpm
a23afc944430818d34ab285312f0dfe15098161d
i386/dbus-x11-1.0.1-8.fc6.i386.rpm
5b36d64fa344c0d3afd75a3382d0ddae4eeed0a7
i386/dbus-devel-1.0.1-8.fc6.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:232
http://www.mandriva.com/security/
Package : proftpd
Date : December 18, 2006
Affected: 2007.0
Problem Description:
Stack-based buffer overflow in the pr_ctrls_recv_request
function in ctrls.c in the mod_ctrls module in ProFTPD before
1.3.1rc1 allows local users to execute arbitrary code via a large
reqarglen length value.
Packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6563
Updated Packages:
Mandriva Linux 2007.0:
afa8803b9eede3fb73f55d31cb33e594
2007.0/i586/proftpd-1.3.0-4.4mdv2007.0.i586.rpm
a1239dcf4957c20d234084c22a063812
2007.0/i586/proftpd-anonymous-1.3.0-4.4mdv2007.0.i586.rpm
e9e9a955957310f3ef26fa55e24a191d
2007.0/i586/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.i586.rpm
f1b9111ed66ef2316e386e992bff56a8
2007.0/i586/proftpd-mod_case-1.3.0-4.4mdv2007.0.i586.rpm
2f2aa9286bc126898cb23eaac5547cc0
2007.0/i586/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.i586.rpm
c5c71f0f78f6506842756ba9c79d121e
2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.i586.rpm
bafbeb5bfc0684fcd053caec876646e8
2007.0/i586/proftpd-mod_facl-1.3.0-4.4mdv2007.0.i586.rpm
4f4c8bd3a36ff3b68e7a479590a3ee25
2007.0/i586/proftpd-mod_gss-1.3.0-4.4mdv2007.0.i586.rpm
d5c741aec06c740e9d7f035a887f68d5
2007.0/i586/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.i586.rpm
e61958daf818219eb409565efb0be974
2007.0/i586/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.i586.rpm
c6f84f04b1a35ef26d6985a9063f0993
2007.0/i586/proftpd-mod_load-1.3.0-4.4mdv2007.0.i586.rpm
dc0fec8773907dd7739fab6f5f6a5c78
2007.0/i586/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.i586.rpm
860e998696b9140c94357457136be823
2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.i586.rpm
31478a97cf53f3da2b02ff26a19f9f69
2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.i586.rpm
355b61338fd647be4054d19e6c01587c
2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.i586.rpm
aef74c8839a8cb1fef322573a5c8d484
2007.0/i586/proftpd-mod_radius-1.3.0-4.4mdv2007.0.i586.rpm
39b8c05989e14fc1aeb6fd1395d43973
2007.0/i586/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.i586.rpm
61317e3f7742f4de4cfb26780f5cdd9a
2007.0/i586/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.i586.rpm
4eba5eb110289f346d1ba0881ac82d50
2007.0/i586/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.i586.rpm
481a8ed2e0ffbc03751d26cd2ae0acb3
2007.0/i586/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.i586.rpm
76e926b07afbe8748f0ca072a1456c9b
2007.0/i586/proftpd-mod_sql-1.3.0-4.4mdv2007.0.i586.rpm
834b63d40bb375af7694165303dbaf54
2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.i586.rpm
68190d61d5f9dc321d5e96eebdc6bc17
2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.i586.rpm
d2a242a9d88ac200a5715ec3a979627d
2007.0/i586/proftpd-mod_time-1.3.0-4.4mdv2007.0.i586.rpm
a5d110ed77605d7056795a759d620774
2007.0/i586/proftpd-mod_tls-1.3.0-4.4mdv2007.0.i586.rpm
6d563b023289499bafa6438e18bea304
2007.0/i586/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.i586.rpm
97066280186fe51879b1f9f83a0fe865
2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.i586.rpm
2a8ffd5324411ca4c5579b0f3cc821e0
2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.i586.rpm
9ebf57be4074ca06a03e73ea67157225
2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
952398679665b5a5647ef5f879797074
2007.0/x86_64/proftpd-1.3.0-4.4mdv2007.0.x86_64.rpm
b67b546a78493bc67296b001da9f6dc5
2007.0/x86_64/proftpd-anonymous-1.3.0-4.4mdv2007.0.x86_64.rpm
57d7228f8190ad5956221ddd33748b2d
2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.4mdv2007.0.x86_64.rpm
c81674d9864512a2b47b00a4b9fc7ea2
2007.0/x86_64/proftpd-mod_case-1.3.0-4.4mdv2007.0.x86_64.rpm
38629437de2866467dbee64942ef3d55
2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.4mdv2007.0.x86_64.rpm
59b89afa67aa44cf302b4585738d6b0c
2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.4mdv2007.0.x86_64.rpm
11d2e9e34803433fb623bff58e19fcc3
2007.0/x86_64/proftpd-mod_facl-1.3.0-4.4mdv2007.0.x86_64.rpm
904dc5ff6e1ca7205eb28a0d31db67df
2007.0/x86_64/proftpd-mod_gss-1.3.0-4.4mdv2007.0.x86_64.rpm
c3eed275e17b61dc989e898531c3f2ed
2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.4mdv2007.0.x86_64.rpm
a060e67e5b0fe1e15dbc2e6d148de9b2
2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
959febcf9f74abccf5e3f249b3cd4501
2007.0/x86_64/proftpd-mod_load-1.3.0-4.4mdv2007.0.x86_64.rpm
f0807b9080f431540bfe8b5729b2005f
2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.4mdv2007.0.x86_64.rpm
b0c463356a8cbc6140d6ea7b28c6dc72
2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.4mdv2007.0.x86_64.rpm
7dc4d54215124488579a572f49e4eea8
2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.4mdv2007.0.x86_64.rpm
2e8fbfc88d28b2fd367088ffb66b044e
2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
6569fcc36cc6d11dfcc50db89a33037f
2007.0/x86_64/proftpd-mod_radius-1.3.0-4.4mdv2007.0.x86_64.rpm
39838f915a30da0f1ed0245fc521051e
2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.4mdv2007.0.x86_64.rpm
dd89c2a4e5878c440fa506b36104f0fb
2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.4mdv2007.0.x86_64.rpm
4b581f3bc61e0d34ff91f4dfad973ea1
2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.4mdv2007.0.x86_64.rpm
37c2b30dcfc23cd9d1b6483e3b436442
2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.4mdv2007.0.x86_64.rpm
a6ea95e4cdc9c3a17d06442c41169d69
2007.0/x86_64/proftpd-mod_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
a7011c17a1a97a32b46a0a125fcaa28e
2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.4mdv2007.0.x86_64.rpm
f65a272ba0af2f52a26fba6ebd216ee0
2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.4mdv2007.0.x86_64.rpm
3187bcd5a199bbdafa6b49a43eb6cf91
2007.0/x86_64/proftpd-mod_time-1.3.0-4.4mdv2007.0.x86_64.rpm
296952dc6fd46b23a309e762d7784044
2007.0/x86_64/proftpd-mod_tls-1.3.0-4.4mdv2007.0.x86_64.rpm
dad6e49ca6ea17a06d22740532acfc33
2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.4mdv2007.0.x86_64.rpm
c3fa12831336500d533262efe59541a7
2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.4mdv2007.0.x86_64.rpm
3359395a670ecb3d7a94fc9e5d75373a
2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.4mdv2007.0.x86_64.rpm
9ebf57be4074ca06a03e73ea67157225
2007.0/SRPMS/proftpd-1.3.0-4.4mdv2007.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2006:233
http://www.mandriva.com/security/
Package : dbus
Date : December 18, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
A vulnerability was discovered in D-Bus that could be exploited
by a local attacker to cause a Denial of Service.
Updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6107
Updated Packages:
Mandriva Linux 2006.0:
157420971aee9447fe45a6989c977b6f
2006.0/i586/dbus-0.23.4-5.2.20060mdk.i586.rpm
8880db0565d247075ca954caa5ef1fab
2006.0/i586/dbus-python-0.23.4-5.2.20060mdk.i586.rpm
b2349a9c93daee901c2a4122a928460b
2006.0/i586/dbus-x11-0.23.4-5.2.20060mdk.i586.rpm
37ab661a3f6e6786349562efacb37668
2006.0/i586/libdbus-1_0-0.23.4-5.2.20060mdk.i586.rpm
665252fd7ec462c7e1a771f2fc649d5b
2006.0/i586/libdbus-1_0-devel-0.23.4-5.2.20060mdk.i586.rpm
f5e7a8a261a90c0abd7cba5323d365b6
2006.0/i586/libdbus-glib-1_0-0.23.4-5.2.20060mdk.i586.rpm
4d9b722ad5f26be663108b011645d2dd
2006.0/i586/libdbus-qt-1_0-0.23.4-5.2.20060mdk.i586.rpm
0cc5027f1378ba34ee4c812536dc3eaa
2006.0/i586/libdbus-qt-1_0-devel-0.23.4-5.2.20060mdk.i586.rpm
3ae5fcaa025ca99a30876dd757f91c17
2006.0/SRPMS/dbus-0.23.4-5.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
ebd67615affd1f1cb636b22a9c7d595f
2006.0/x86_64/dbus-0.23.4-5.2.20060mdk.x86_64.rpm
89b3b13503f01dad8876e16064c216d0
2006.0/x86_64/dbus-python-0.23.4-5.2.20060mdk.x86_64.rpm
9652189a6b3459458313544b7da84f02
2006.0/x86_64/dbus-x11-0.23.4-5.2.20060mdk.x86_64.rpm
c2fcfd767785038f74d25e0532f77ef5
2006.0/x86_64/lib64dbus-1_0-0.23.4-5.2.20060mdk.x86_64.rpm
38254d5bef798ae2e5aa13f942a7fd3c
2006.0/x86_64/lib64dbus-1_0-devel-0.23.4-5.2.20060mdk.x86_64.rpm
f575dd010c4e3c2e64576f941d9f5723
2006.0/x86_64/lib64dbus-glib-1_0-0.23.4-5.2.20060mdk.x86_64.rpm
d0c3cb484539042a6035eb548931bf7e
2006.0/x86_64/lib64dbus-qt-1_0-0.23.4-5.2.20060mdk.x86_64.rpm
53250a34e675c61994ed0740e95a4171
2006.0/x86_64/lib64dbus-qt-1_0-devel-0.23.4-5.2.20060mdk.x86_64.rpm
3ae5fcaa025ca99a30876dd757f91c17
2006.0/SRPMS/dbus-0.23.4-5.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
068faa33b6cb80a6e9cb434ff45f9c3c
2007.0/i586/dbus-0.92-8.2mdv2007.0.i586.rpm
5b7890f6585084f62c30a805ae413542
2007.0/i586/dbus-x11-0.92-8.2mdv2007.0.i586.rpm
0b4b857d9b8214d4c8862d34c29f1bb6
2007.0/i586/libdbus-1_3-0.92-8.2mdv2007.0.i586.rpm
6b24df1469fc9e02f8958fe070dea431
2007.0/i586/libdbus-1_3-devel-0.92-8.2mdv2007.0.i586.rpm
413a21795748c8897eb74dece25e8187
2007.0/SRPMS/dbus-0.92-8.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
2b13e29b75d3b353ac7f773d29d99e00
2007.0/x86_64/dbus-0.92-8.2mdv2007.0.x86_64.rpm
2d755ac55933d96ae2098887120aa9b3
2007.0/x86_64/dbus-x11-0.92-8.2mdv2007.0.x86_64.rpm
154086ed8af376e8ed6e5a794a4ff20f
2007.0/x86_64/lib64dbus-1_3-0.92-8.2mdv2007.0.x86_64.rpm
3a1d2f9656d0f23469267c1105c9c52f
2007.0/x86_64/lib64dbus-1_3-devel-0.92-8.2mdv2007.0.x86_64.rpm
413a21795748c8897eb74dece25e8187
2007.0/SRPMS/dbus-0.92-8.2mdv2007.0.src.rpm
Corporate 3.0:
0da4e1ae5ccdfa2578a4648d097d7fe5
corporate/3.0/i586/dbus-0.20-7.2.C30mdk.i586.rpm
d30d24f78af2516c80b83c38137e7ba7
corporate/3.0/i586/dbus-python-0.20-7.2.C30mdk.i586.rpm
a75d84cd539b35ebcc3b71538e028884
corporate/3.0/i586/dbus-x11-0.20-7.2.C30mdk.i586.rpm
8346ecc52caf074c8501ea7515991acc
corporate/3.0/i586/libdbus-1_0-0.20-7.2.C30mdk.i586.rpm
52e7ebc3a55744296b8035ffa2f73098
corporate/3.0/i586/libdbus-1_0-devel-0.20-7.2.C30mdk.i586.rpm
854973491bef16467a39563ee27b1e83
corporate/3.0/i586/libdbus-glib-1_0-0.20-7.2.C30mdk.i586.rpm
9a95af41bd674b3421bbd8587515b9e1
corporate/3.0/i586/libdbus-qt-1_0-0.20-7.2.C30mdk.i586.rpm
2f2de379e492bb5e3a59706d9fa0ca01
corporate/3.0/SRPMS/dbus-0.20-7.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
9f17293ce755710c2a8f17a51a5cadae
corporate/3.0/x86_64/dbus-0.20-7.2.C30mdk.x86_64.rpm
8ecb34ef80a01d62819ca0366b55da82
corporate/3.0/x86_64/dbus-python-0.20-7.2.C30mdk.x86_64.rpm
8f3a5758db4b1bff842a54fa287f53c3
corporate/3.0/x86_64/dbus-x11-0.20-7.2.C30mdk.x86_64.rpm
5b46732a66d140e679efa345c5931efc
corporate/3.0/x86_64/lib64dbus-1_0-0.20-7.2.C30mdk.x86_64.rpm
5ae46e081ca781086cec632e52f456e0
corporate/3.0/x86_64/lib64dbus-1_0-devel-0.20-7.2.C30mdk.x86_64.rpm
c90ba4ffadc8e9698e13f1f732848f1f
corporate/3.0/x86_64/lib64dbus-glib-1_0-0.20-7.2.C30mdk.x86_64.rpm
fce35cfd33d35fa2adfd9430fce967ff
corporate/3.0/x86_64/lib64dbus-qt-1_0-0.20-7.2.C30mdk.x86_64.rpm
2f2de379e492bb5e3a59706d9fa0ca01
corporate/3.0/SRPMS/dbus-0.20-7.2.C30mdk.src.rpm
Corporate 4.0:
c17bf8152d2f720687102826d1c7d91a
corporate/4.0/i586/dbus-0.23.4-5.2.20060mlcs4.i586.rpm
105cd3f06c1db4326b13e617b23dbd98
corporate/4.0/i586/dbus-python-0.23.4-5.2.20060mlcs4.i586.rpm
6abe23d4761f2055dfeec827fb73e37b
corporate/4.0/i586/dbus-x11-0.23.4-5.2.20060mlcs4.i586.rpm
3c32ecf3c016ddc1250b76053943b5cf
corporate/4.0/i586/libdbus-1_0-0.23.4-5.2.20060mlcs4.i586.rpm
3b8b8acef4788298e39fb8850f9dae84
corporate/4.0/i586/libdbus-1_0-devel-0.23.4-5.2.20060mlcs4.i586.rpm
1a9bb5ec1ea6c6cc1fd53e0089582e6b
corporate/4.0/i586/libdbus-glib-1_0-0.23.4-5.2.20060mlcs4.i586.rpm
d0627fc8df86636f77d00f460be39159
corporate/4.0/i586/libdbus-qt-1_0-0.23.4-5.2.20060mlcs4.i586.rpm
d7bff85929ee4ec46af4aa3a3d95d9e5
corporate/4.0/i586/libdbus-qt-1_0-devel-0.23.4-5.2.20060mlcs4.i586.rpm
d48bfee5da58ced50182d93e57f51040
corporate/4.0/SRPMS/dbus-0.23.4-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
394ac36df35781c105b2706b8db9906c
corporate/4.0/x86_64/dbus-0.23.4-5.2.20060mlcs4.x86_64.rpm
fff86f6a37644bbec029dc91e9d12cfe
corporate/4.0/x86_64/dbus-python-0.23.4-5.2.20060mlcs4.x86_64.rpm
e00c9c7f22f11e6b04608fb717f36f6d
corporate/4.0/x86_64/dbus-x11-0.23.4-5.2.20060mlcs4.x86_64.rpm
df3c1c3cdd6f0b08888900e58699a04d
corporate/4.0/x86_64/lib64dbus-1_0-0.23.4-5.2.20060mlcs4.x86_64.rpm
37b4efbc19b4272faa12cc184f8f1e3b
corporate/4.0/x86_64/lib64dbus-1_0-devel-0.23.4-5.2.20060mlcs4.x86_64.rpm
7007d7ba7c172d4d64ae510abedc573b
corporate/4.0/x86_64/lib64dbus-glib-1_0-0.23.4-5.2.20060mlcs4.x86_64.rpm
c0498bc99d42e57158d69262c760f42c
corporate/4.0/x86_64/lib64dbus-qt-1_0-0.23.4-5.2.20060mlcs4.x86_64.rpm
a47ff9a620d21558b7c2a110834651d0
corporate/4.0/x86_64/lib64dbus-qt-1_0-devel-0.23.4-5.2.20060mlcs4.x86_64.rpm
d48bfee5da58ced50182d93e57f51040
corporate/4.0/SRPMS/dbus-0.23.4-5.2.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Moderate: tar security update
Advisory ID: RHSA-2006:0749-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0749.html
Issue date: 2006-12-19
Updated on: 2006-12-19
Product: Red Hat Enterprise Linux
Keywords: path traversal GNUTYPE_NAMES
CVE Names: CVE-2006-6097
1. Summary:
Updated tar packages that fix a path traversal flaw are now
available.
This update has been rated as having moderate security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
The GNU tar program saves many files together in one archive and
can restore individual files (or all of the files) from that
archive.
Teemu Salmela discovered a path traversal flaw in the way GNU
tar extracted archives. A malicious user could create a tar archive
that could write to arbitrary files to which the user running GNU
tar has write access. (CVE-2006-6097)
Users of tar should upgrade to this updated package, which
contains a replacement backported patch to correct this issue.
4. Solution:
Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
216937 – CVE-2006-6097 GNU tar directory traversal
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85
tar-1.13.25-6.AS21.1.src.rpm
i386:
82e737e4a7932200e3760d8bb8db96d7
tar-1.13.25-6.AS21.1.i386.rpm
ia64:
dbbd437b5ee88e65bf4c7731b48ea8e5
tar-1.13.25-6.AS21.1.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85
tar-1.13.25-6.AS21.1.src.rpm
ia64:
dbbd437b5ee88e65bf4c7731b48ea8e5
tar-1.13.25-6.AS21.1.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85
tar-1.13.25-6.AS21.1.src.rpm
i386:
82e737e4a7932200e3760d8bb8db96d7
tar-1.13.25-6.AS21.1.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tar-1.13.25-6.AS21.1.src.rpm
9cb62366b2c0328cd799f4f1d01b4f85
tar-1.13.25-6.AS21.1.src.rpm
i386:
82e737e4a7932200e3760d8bb8db96d7
tar-1.13.25-6.AS21.1.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f
tar-1.13.25-15.RHEL3.src.rpm
i386:
2f78f39c91f8674ecf30ab82cc6577ad
tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790
tar-debuginfo-1.13.25-15.RHEL3.i386.rpm
ia64:
e6c05756ca0754ca7470434e284a5509
tar-1.13.25-15.RHEL3.ia64.rpm
696316c2fd2aeccde4bbae0d1ebf65c7
tar-debuginfo-1.13.25-15.RHEL3.ia64.rpm
ppc:
ec3903c1c8424a68d66c033aee38ef3d
tar-1.13.25-15.RHEL3.ppc.rpm
c57a3a691487c4fc77d45c6e856443ad
tar-debuginfo-1.13.25-15.RHEL3.ppc.rpm
s390:
d748e97d9288a1529eccff07be2ea647
tar-1.13.25-15.RHEL3.s390.rpm
e9ff9bade43a8642100ac5163e3879da
tar-debuginfo-1.13.25-15.RHEL3.s390.rpm
s390x:
4137e79c7202881ae6c26b7220060c7b
tar-1.13.25-15.RHEL3.s390x.rpm
db7118e59b15e43c9fefc4857e06a467
tar-debuginfo-1.13.25-15.RHEL3.s390x.rpm
x86_64:
7df94215917d5d5cb8870801fcf43bd2
tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3
tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f
tar-1.13.25-15.RHEL3.src.rpm
i386:
2f78f39c91f8674ecf30ab82cc6577ad
tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790
tar-debuginfo-1.13.25-15.RHEL3.i386.rpm
x86_64:
7df94215917d5d5cb8870801fcf43bd2
tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3
tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f
tar-1.13.25-15.RHEL3.src.rpm
i386:
2f78f39c91f8674ecf30ab82cc6577ad
tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790
tar-debuginfo-1.13.25-15.RHEL3.i386.rpm
ia64:
e6c05756ca0754ca7470434e284a5509
tar-1.13.25-15.RHEL3.ia64.rpm
696316c2fd2aeccde4bbae0d1ebf65c7
tar-debuginfo-1.13.25-15.RHEL3.ia64.rpm
x86_64:
7df94215917d5d5cb8870801fcf43bd2
tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3
tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tar-1.13.25-15.RHEL3.src.rpm
48b87b75152449ec8fac039fce6c481f
tar-1.13.25-15.RHEL3.src.rpm
i386:
2f78f39c91f8674ecf30ab82cc6577ad
tar-1.13.25-15.RHEL3.i386.rpm
c407f5bdc6767bb319ca2b6ba7079790
tar-debuginfo-1.13.25-15.RHEL3.i386.rpm
ia64:
e6c05756ca0754ca7470434e284a5509
tar-1.13.25-15.RHEL3.ia64.rpm
696316c2fd2aeccde4bbae0d1ebf65c7
tar-debuginfo-1.13.25-15.RHEL3.ia64.rpm
x86_64:
7df94215917d5d5cb8870801fcf43bd2
tar-1.13.25-15.RHEL3.x86_64.rpm
65b80aa52e2532a74f88050830729ca3
tar-debuginfo-1.13.25-15.RHEL3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158
tar-1.14-12.RHEL4.src.rpm
i386:
94e0f0511e8357b7f4538edfa35e88e6 tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86
tar-debuginfo-1.14-12.RHEL4.i386.rpm
ia64:
4fdf307c4fbbb324a45f459056a9f5dc tar-1.14-12.RHEL4.ia64.rpm
eda06f72c4b6a7cfe9faa02a6b8fa8d5
tar-debuginfo-1.14-12.RHEL4.ia64.rpm
ppc:
7daef3e5491853a369775887103f8858 tar-1.14-12.RHEL4.ppc.rpm
beb775fbc5ae5af860555a764b4f96e1
tar-debuginfo-1.14-12.RHEL4.ppc.rpm
s390:
0fda5b626b7fc9eb0324dc22a4075d75 tar-1.14-12.RHEL4.s390.rpm
9420349015d1c73923a30ac7082fb123
tar-debuginfo-1.14-12.RHEL4.s390.rpm
s390x:
91682d1f8c79e64a1aa5b7f3dfb514d4 tar-1.14-12.RHEL4.s390x.rpm
22c5cd9c1d7bf1d8603cbd18f4e462a1
tar-debuginfo-1.14-12.RHEL4.s390x.rpm
x86_64:
817bae24d9975f961434839605c668e2
tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87
tar-debuginfo-1.14-12.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158
tar-1.14-12.RHEL4.src.rpm
i386:
94e0f0511e8357b7f4538edfa35e88e6 tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86
tar-debuginfo-1.14-12.RHEL4.i386.rpm
x86_64:
817bae24d9975f961434839605c668e2
tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87
tar-debuginfo-1.14-12.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158
tar-1.14-12.RHEL4.src.rpm
i386:
94e0f0511e8357b7f4538edfa35e88e6 tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86
tar-debuginfo-1.14-12.RHEL4.i386.rpm
ia64:
4fdf307c4fbbb324a45f459056a9f5dc tar-1.14-12.RHEL4.ia64.rpm
eda06f72c4b6a7cfe9faa02a6b8fa8d5
tar-debuginfo-1.14-12.RHEL4.ia64.rpm
x86_64:
817bae24d9975f961434839605c668e2
tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87
tar-debuginfo-1.14-12.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tar-1.14-12.RHEL4.src.rpm
915d5fef3750a417683d3ad52aaf0158
tar-1.14-12.RHEL4.src.rpm
i386:
94e0f0511e8357b7f4538edfa35e88e6 tar-1.14-12.RHEL4.i386.rpm
f63b90bf3eb3d1c24e254c55f6ce0e86
tar-debuginfo-1.14-12.RHEL4.i386.rpm
ia64:
4fdf307c4fbbb324a45f459056a9f5dc tar-1.14-12.RHEL4.ia64.rpm
eda06f72c4b6a7cfe9faa02a6b8fa8d5
tar-debuginfo-1.14-12.RHEL4.ia64.rpm
x86_64:
817bae24d9975f961434839605c668e2
tar-1.14-12.RHEL4.x86_64.rpm
de775868851463fbd286b2d2bfd16b87
tar-debuginfo-1.14-12.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Critical: firefox security update
Advisory ID: RHSA-2006:0758-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0758.html
Issue date: 2006-12-19
Updated on: 2006-12-19
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-6497 CVE-2006-6498 CVE-2006-6501 CVE-2006-6502
CVE-2006-6503 CVE-2006-6504
1. Summary:
Updated firefox packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
Mozilla Firefox is an open source Web browser.
Several flaws were found in the way Firefox processes certain
malformed Javascript code. A malicious web page could cause the
execution of Javascript code in such a way that could cause Firefox
to crash or execute arbitrary code as the user running Firefox.
(CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503,
CVE-2006-6504)
Several flaws were found in the way Firefox renders web pages. A
malicious web page could cause the browser to crash or possibly
execute arbitrary code as the user running Firefox.
(CVE-2006-6497)
Users of Firefox are advised to upgrade to these erratum
packages, which contain Firefox version 1.5.0.9 that corrects these
issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
219682 – CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498,
CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.5.0.9-0.1.el4.src.rpm
d0eccc79ceaea24b476d34d51e70f1f0
firefox-1.5.0.9-0.1.el4.src.rpm
i386:
bd4f815b6c088bc97ccafcd87fc7b725
firefox-1.5.0.9-0.1.el4.i386.rpm
a2ff046b764ab94ceea6a6b1cc902cc9
firefox-debuginfo-1.5.0.9-0.1.el4.i386.rpm
ia64:
dfa5106fa6372a30e0f64718f71cf03d
firefox-1.5.0.9-0.1.el4.ia64.rpm
725d7d961be76885f6bb7128302a95be
firefox-debuginfo-1.5.0.9-0.1.el4.ia64.rpm
ppc:
f221ad6749a595fcea26b8fc62ba1d41
firefox-1.5.0.9-0.1.el4.ppc.rpm
7c58f3d6140b2796784a0226bc78a61b
firefox-debuginfo-1.5.0.9-0.1.el4.ppc.rpm
s390:
226743d08765bbc50be04ed340dbe426
firefox-1.5.0.9-0.1.el4.s390.rpm
52aba5cdfd6b3db502137d9c985f8933
firefox-debuginfo-1.5.0.9-0.1.el4.s390.rpm
s390x:
7bbc9e55e747edb910c55da28a369411
firefox-1.5.0.9-0.1.el4.s390x.rpm
9cf48aa3b10d1fa60f1f43470af38d21
firefox-debuginfo-1.5.0.9-0.1.el4.s390x.rpm
x86_64:
6194d2a97028a49e0acb8cbfd5789776
firefox-1.5.0.9-0.1.el4.x86_64.rpm
80ac31efc107b603567506eac3ff43e9
firefox-debuginfo-1.5.0.9-0.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.5.0.9-0.1.el4.src.rpm
d0eccc79ceaea24b476d34d51e70f1f0
firefox-1.5.0.9-0.1.el4.src.rpm
i386:
bd4f815b6c088bc97ccafcd87fc7b725
firefox-1.5.0.9-0.1.el4.i386.rpm
a2ff046b764ab94ceea6a6b1cc902cc9
firefox-debuginfo-1.5.0.9-0.1.el4.i386.rpm
x86_64:
6194d2a97028a49e0acb8cbfd5789776
firefox-1.5.0.9-0.1.el4.x86_64.rpm
80ac31efc107b603567506eac3ff43e9
firefox-debuginfo-1.5.0.9-0.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.5.0.9-0.1.el4.src.rpm
d0eccc79ceaea24b476d34d51e70f1f0
firefox-1.5.0.9-0.1.el4.src.rpm
i386:
bd4f815b6c088bc97ccafcd87fc7b725
firefox-1.5.0.9-0.1.el4.i386.rpm
a2ff046b764ab94ceea6a6b1cc902cc9
firefox-debuginfo-1.5.0.9-0.1.el4.i386.rpm
ia64:
dfa5106fa6372a30e0f64718f71cf03d
firefox-1.5.0.9-0.1.el4.ia64.rpm
725d7d961be76885f6bb7128302a95be
firefox-debuginfo-1.5.0.9-0.1.el4.ia64.rpm
x86_64:
6194d2a97028a49e0acb8cbfd5789776
firefox-1.5.0.9-0.1.el4.x86_64.rpm
80ac31efc107b603567506eac3ff43e9
firefox-debuginfo-1.5.0.9-0.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.5.0.9-0.1.el4.src.rpm
d0eccc79ceaea24b476d34d51e70f1f0
firefox-1.5.0.9-0.1.el4.src.rpm
i386:
bd4f815b6c088bc97ccafcd87fc7b725
firefox-1.5.0.9-0.1.el4.i386.rpm
a2ff046b764ab94ceea6a6b1cc902cc9
firefox-debuginfo-1.5.0.9-0.1.el4.i386.rpm
ia64:
dfa5106fa6372a30e0f64718f71cf03d
firefox-1.5.0.9-0.1.el4.ia64.rpm
725d7d961be76885f6bb7128302a95be
firefox-debuginfo-1.5.0.9-0.1.el4.ia64.rpm
x86_64:
6194d2a97028a49e0acb8cbfd5789776
firefox-1.5.0.9-0.1.el4.x86_64.rpm
80ac31efc107b603567506eac3ff43e9
firefox-debuginfo-1.5.0.9-0.1.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504
http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Critical: seamonkey security update
Advisory ID: RHSA-2006:0759-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0759.html
Issue date: 2006-12-19
Updated on: 2006-12-19
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-6497 CVE-2006-6498 CVE-2006-6501 CVE-2006-6502
CVE-2006-6503 CVE-2006-6504 CVE-2006-6505
1. Summary:
Updated seamonkey packages that fix several security bugs are
now available for Red Hat Enterprise Linux 2.1, 3, and 4.
This update has been rated as having critical security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
SeaMonkey is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.
Several flaws were found in the way SeaMonkey processes certain
malformed Javascript code. A malicious web page could cause the
execution of Javascript code in such a way that could cause
SeaMonkey to crash or execute arbitrary code as the user running
SeaMonkey. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6503, CVE-2006-6504)
Several flaws were found in the way SeaMonkey renders web pages.
A malicious web page could cause the browser to crash or possibly
execute arbitrary code as the user running SeaMonkey.
(CVE-2006-6497)
A heap based buffer overflow flaw was found in the way SeaMonkey
Mail parses the Content-Type mail header. A malicious mail message
could cause the SeaMonkey Mail client to crash or possibly execute
arbitrary code as the user running SeaMonkey Mail.
(CVE-2006-6505)
Users of SeaMonkey are advised to upgrade to these erratum
packages, which contain SeaMonkey version 1.0.7 that corrects these
issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
219684 – CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498,
CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504,
CVE-2006-6505)
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/seamonkey-1.0.7-0.1.el2.src.rpm
1afcb729a71f9bcab212b85bc7db8305
seamonkey-1.0.7-0.1.el2.src.rpm
i386:
b502c5cd15536cde00659ea15a40d3eb
seamonkey-1.0.7-0.1.el2.i386.rpm
0c9953f5d87e3a9d58a494955dbf7567
seamonkey-chat-1.0.7-0.1.el2.i386.rpm
c437d56c0106767288b8054ae15a1680
seamonkey-devel-1.0.7-0.1.el2.i386.rpm
9a8ea0dad224df602bca010831a4a54f
seamonkey-dom-inspector-1.0.7-0.1.el2.i386.rpm
9ea244e3b5eb5f924d0e08cfc12dffa5
seamonkey-js-debugger-1.0.7-0.1.el2.i386.rpm
145b44f6df28ccdd14c35eb89bba4bc7
seamonkey-mail-1.0.7-0.1.el2.i386.rpm
8713013d56133b5bdb245e4fc352f489
seamonkey-nspr-1.0.7-0.1.el2.i386.rpm
d93c6511905d05f40b77be1fa025257e
seamonkey-nspr-devel-1.0.7-0.1.el2.i386.rpm
da6a7ca38ade9ae5b39d3d1c9446a265
seamonkey-nss-1.0.7-0.1.el2.i386.rpm
2cba5ca2321393a1e9e67d8c76bdfa9b
seamonkey-nss-devel-1.0.7-0.1.el2.i386.rpm
ia64:
d59117b653a527834c387d6d0fd6973a
seamonkey-1.0.7-0.1.el2.ia64.rpm
9daa833c1fe9f904d12cf2fde31e16c1
seamonkey-chat-1.0.7-0.1.el2.ia64.rpm
9538ee6bdb38420619c1c3a28813946c
seamonkey-devel-1.0.7-0.1.el2.ia64.rpm
7d4009999abfff868d91ee7e36410d2a
seamonkey-dom-inspector-1.0.7-0.1.el2.ia64.rpm
b2aa56d47bda3dfab278212f440d16f7
seamonkey-js-debugger-1.0.7-0.1.el2.ia64.rpm
48fbe7b233068b5e72370376b4f76765
seamonkey-mail-1.0.7-0.1.el2.ia64.rpm
51d67764e3c39f641724048528d76401
seamonkey-nspr-1.0.7-0.1.el2.ia64.rpm
b7dbf61f701581324fe5530cab657c09
seamonkey-nspr-devel-1.0.7-0.1.el2.ia64.rpm
217dcc2e4bb67693151a71857b1e2b97
seamonkey-nss-1.0.7-0.1.el2.ia64.rpm
cac606cf928a4a474965bc4519c4d4d3
seamonkey-nss-devel-1.0.7-0.1.el2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/seamonkey-1.0.7-0.1.el2.src.rpm
1afcb729a71f9bcab212b85bc7db8305
seamonkey-1.0.7-0.1.el2.src.rpm
ia64:
d59117b653a527834c387d6d0fd6973a
seamonkey-1.0.7-0.1.el2.ia64.rpm
9daa833c1fe9f904d12cf2fde31e16c1
seamonkey-chat-1.0.7-0.1.el2.ia64.rpm
9538ee6bdb38420619c1c3a28813946c
seamonkey-devel-1.0.7-0.1.el2.ia64.rpm
7d4009999abfff868d91ee7e36410d2a
seamonkey-dom-inspector-1.0.7-0.1.el2.ia64.rpm
b2aa56d47bda3dfab278212f440d16f7
seamonkey-js-debugger-1.0.7-0.1.el2.ia64.rpm
48fbe7b233068b5e72370376b4f76765
seamonkey-mail-1.0.7-0.1.el2.ia64.rpm
51d67764e3c39f641724048528d76401
seamonkey-nspr-1.0.7-0.1.el2.ia64.rpm
b7dbf61f701581324fe5530cab657c09
seamonkey-nspr-devel-1.0.7-0.1.el2.ia64.rpm
217dcc2e4bb67693151a71857b1e2b97
seamonkey-nss-1.0.7-0.1.el2.ia64.rpm
cac606cf928a4a474965bc4519c4d4d3
seamonkey-nss-devel-1.0.7-0.1.el2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/seamonkey-1.0.7-0.1.el2.src.rpm
1afcb729a71f9bcab212b85bc7db8305
seamonkey-1.0.7-0.1.el2.src.rpm
i386:
b502c5cd15536cde00659ea15a40d3eb
seamonkey-1.0.7-0.1.el2.i386.rpm
0c9953f5d87e3a9d58a494955dbf7567
seamonkey-chat-1.0.7-0.1.el2.i386.rpm
c437d56c0106767288b8054ae15a1680
seamonkey-devel-1.0.7-0.1.el2.i386.rpm
9a8ea0dad224df602bca010831a4a54f
seamonkey-dom-inspector-1.0.7-0.1.el2.i386.rpm
9ea244e3b5eb5f924d0e08cfc12dffa5
seamonkey-js-debugger-1.0.7-0.1.el2.i386.rpm
145b44f6df28ccdd14c35eb89bba4bc7
seamonkey-mail-1.0.7-0.1.el2.i386.rpm
8713013d56133b5bdb245e4fc352f489
seamonkey-nspr-1.0.7-0.1.el2.i386.rpm
d93c6511905d05f40b77be1fa025257e
seamonkey-nspr-devel-1.0.7-0.1.el2.i386.rpm
da6a7ca38ade9ae5b39d3d1c9446a265
seamonkey-nss-1.0.7-0.1.el2.i386.rpm
2cba5ca2321393a1e9e67d8c76bdfa9b
seamonkey-nss-devel-1.0.7-0.1.el2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/seamonkey-1.0.7-0.1.el2.src.rpm
1afcb729a71f9bcab212b85bc7db8305
seamonkey-1.0.7-0.1.el2.src.rpm
i386:
b502c5cd15536cde00659ea15a40d3eb
seamonkey-1.0.7-0.1.el2.i386.rpm
0c9953f5d87e3a9d58a494955dbf7567
seamonkey-chat-1.0.7-0.1.el2.i386.rpm
c437d56c0106767288b8054ae15a1680
seamonkey-devel-1.0.7-0.1.el2.i386.rpm
9a8ea0dad224df602bca010831a4a54f
seamonkey-dom-inspector-1.0.7-0.1.el2.i386.rpm
9ea244e3b5eb5f924d0e08cfc12dffa5
seamonkey-js-debugger-1.0.7-0.1.el2.i386.rpm
145b44f6df28ccdd14c35eb89bba4bc7
seamonkey-mail-1.0.7-0.1.el2.i386.rpm
8713013d56133b5bdb245e4fc352f489
seamonkey-nspr-1.0.7-0.1.el2.i386.rpm
d93c6511905d05f40b77be1fa025257e
seamonkey-nspr-devel-1.0.7-0.1.el2.i386.rpm
da6a7ca38ade9ae5b39d3d1c9446a265
seamonkey-nss-1.0.7-0.1.el2.i386.rpm
2cba5ca2321393a1e9e67d8c76bdfa9b
seamonkey-nss-devel-1.0.7-0.1.el2.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.7-0.1.el3.src.rpm
5101b20c77aa9774d850853389ee9b56
seamonkey-1.0.7-0.1.el3.src.rpm
i386:
977f5ef20f2481c7a1fc49725f5a3e8b
seamonkey-1.0.7-0.1.el3.i386.rpm
afb386abbfee2ba8fca58ffc8b8af2a2
seamonkey-chat-1.0.7-0.1.el3.i386.rpm
7f504ed55deae8c34a4dd171495cf059
seamonkey-debuginfo-1.0.7-0.1.el3.i386.rpm
3bfbf6bd57f0211ffc7a0b647fad143a
seamonkey-devel-1.0.7-0.1.el3.i386.rpm
9a41fb0bcc2c4df262c719cc6f91a5cf
seamonkey-dom-inspector-1.0.7-0.1.el3.i386.rpm
94a5f0d40b63d69708866881a2325771
seamonkey-js-debugger-1.0.7-0.1.el3.i386.rpm
9f5f0cb401854e700064d534217d9ee4
seamonkey-mail-1.0.7-0.1.el3.i386.rpm
9a8cfcae93fde08e83824e2d994243c2
seamonkey-nspr-1.0.7-0.1.el3.i386.rpm
8d9a2bc64e55135d7609feec7555f735
seamonkey-nspr-devel-1.0.7-0.1.el3.i386.rpm
38dc93217aefcbda8411aa7ef2bd023d
seamonkey-nss-1.0.7-0.1.el3.i386.rpm
22c8036c9e14867dc81f9ebe954b7be9
seamonkey-nss-devel-1.0.7-0.1.el3.i386.rpm
ia64:
5659052bc8965673a706f177b6ef9f59
seamonkey-1.0.7-0.1.el3.ia64.rpm
fb702b235269d965d61866da77b43f68
seamonkey-chat-1.0.7-0.1.el3.ia64.rpm
7f504ed55deae8c34a4dd171495cf059
seamonkey-debuginfo-1.0.7-0.1.el3.i386.rpm
c9548c13b7b538b493eabe67940b3e16
seamonkey-debuginfo-1.0.7-0.1.el3.ia64.rpm
478293127dfec2468b6328399e1dd374
seamonkey-devel-1.0.7-0.1.el3.ia64.rpm
fd0b114d8ef554d77e54e600ccf6caa8
seamonkey-dom-inspector-1.0.7-0.1.el3.ia64.rpm
867dd4e92cbc4f343449eb0d98ba6a44
seamonkey-js-debugger-1.0.7-0.1.el3.ia64.rpm
ff1b0439ce1865462f8e858c8451990a
seamonkey-mail-1.0.7-0.1.el3.ia64.rpm
9a8cfcae93fde08e83824e2d994243c2
seamonkey-nspr-1.0.7-0.1.el3.i386.rpm
a3bc038fbef3b584fa730b47288e1da6
seamonkey-nspr-1.0.7-0.1.el3.ia64.rpm
5c82d0083578b3c2a534c0c7acde1ea3
seamonkey-nspr-devel-1.0.7-0.1.el3.ia64.rpm
38dc93217aefcbda8411aa7ef2bd023d
seamonkey-nss-1.0.7-0.1.el3.i386.rpm
dad841bcb0a76bcbb87317872b269c13
seamonkey-nss-1.0.7-0.1.el3.ia64.rpm
cc8103019a3f47fab626df49ccabca80
seamonkey-nss-devel-1.0.7-0.1.el3.ia64.rpm
ppc:
1bee986bf568b04cdbb4e1a68c756acc
seamonkey-1.0.7-0.1.el3.ppc.rpm
604e9cdcc44384ea95266c4b1a5a467a
seamonkey-chat-1.0.7-0.1.el3.ppc.rpm
ff1f2c7d6f7be30537aae4746ae96f4c
seamonkey-debuginfo-1.0.7-0.1.el3.ppc.rpm
81d34a8a555e976ead7512b31747a632
seamonkey-devel-1.0.7-0.1.el3.ppc.rpm
d1e8dbf486730049c68e0088dfa59bf0
seamonkey-dom-inspector-1.0.7-0.1.el3.ppc.rpm
42c76ae34f16c70484ea15029d25341a
seamonkey-js-debugger-1.0.7-0.1.el3.ppc.rpm
3c5cae844ce2753a33b1a57704779feb
seamonkey-mail-1.0.7-0.1.el3.ppc.rpm
5ac5d21d049d1ea40d0e0e5d74461f22
seamonkey-nspr-1.0.7-0.1.el3.ppc.rpm
a7dff99ac3f0f583f4fce967d1c10fb6
seamonkey-nspr-devel-1.0.7-0.1.el3.ppc.rpm
19e6fe8e201c63940df8336a9caa2108
seamonkey-nss-1.0.7-0.1.el3.ppc.rpm
32a055c7cc850a1798b574f5494b0fa0
seamonkey-nss-devel-1.0.7-0.1.el3.ppc.rpm
s390:
823d3fb161b591e41e4073820c0d836e
seamonkey-1.0.7-0.1.el3.s390.rpm
ac42d6cf7938ece0d587c3ee803f9bb5
seamonkey-chat-1.0.7-0.1.el3.s390.rpm
92f9540b972c0c0ff0e2ef0278b21dcd
seamonkey-debuginfo-1.0.7-0.1.el3.s390.rpm
081d8cb9145d5aad191f9a053ec83ebd
seamonkey-devel-1.0.7-0.1.el3.s390.rpm
22ff35582cef5d9c8a2f50e3c6c0cf21
seamonkey-dom-inspector-1.0.7-0.1.el3.s390.rpm
4b7c26ee8b61e6b94ce0c97c08608a33
seamonkey-js-debugger-1.0.7-0.1.el3.s390.rpm
f5273d44c263cfedc1505d83aaecae6d
seamonkey-mail-1.0.7-0.1.el3.s390.rpm
b7892e38a156e45ff46604937707fdea
seamonkey-nspr-1.0.7-0.1.el3.s390.rpm
149d33dd36ce54930d2ce50e116806af
seamonkey-nspr-devel-1.0.7-0.1.el3.s390.rpm
c9dc3d621be26873b925edb0aa544197
seamonkey-nss-1.0.7-0.1.el3.s390.rpm
d3108767bd7583a1c1c44e3afc768aa2
seamonkey-nss-devel-1.0.7-0.1.el3.s390.rpm
s390x:
f41c07719064cb16215b506975e5647e
seamonkey-1.0.7-0.1.el3.s390x.rpm
93a006489250d3c3e2db7c6fc991bd60
seamonkey-chat-1.0.7-0.1.el3.s390x.rpm
d4a6e3e1e3bd116778e6f53b9e55a74a