Today’s security advisories: gd, wireshark, and samba (Fedora
Core); postgresql and ImageMagick (Mandriva Linux); java-1.5.0-ibm
(Red Hat Linux); dbus, dbus-glib, dbus-qt, dbus-x11, gd,
ImageMagick, and kernel (rPath Linux); and postgresql-8.1, moin,
and moin1.3 (Ubuntu).
Fedora Core
Fedora Update Notification
FEDORA-2007-149
2007-02-12
Product : Fedora Core 6
Name : gd
Version : 2.0.33
Release : 10.fc6
Summary : A graphics library for quick creation of PNG or JPEG
images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste
from other images, and flood fills, and to write out the result as
a PNG or JPEG file. This is particularly useful in Web
applications, where PNG and JPEG are two of the formats accepted
for inline images by most browsers. Note that gd is not a paint
program.
- Mon Jan 29 2007 Ivana Varekova <varekova@redhat.com> –
2.0.33-10- Resolves: #224610
CVE-2007-0455 gd buffer overrun
- Resolves: #224610
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42
SRPMS/gd-2.0.33-10.fc6.src.rpm
feea0cf93ade2cc8f09fe35fa2d4e3a50070eb42
noarch/gd-2.0.33-10.fc6.src.rpm
bba9c7e76f3e2aaf0a9e05b3e324b1acb6d796f9
ppc/gd-2.0.33-10.fc6.ppc.rpm
4c53ab51750622a608e2bf9bb863300d0fa5ffc1
ppc/gd-devel-2.0.33-10.fc6.ppc.rpm
f2b2b126b582d7e7469ecc0f3acf4c43619cd920
ppc/debug/gd-debuginfo-2.0.33-10.fc6.ppc.rpm
785fc0a4d2357f36882e479c65b3625bc95a65cc
ppc/gd-progs-2.0.33-10.fc6.ppc.rpm
b91b8f712d63571239dc91fb6f4df260622dbc16
x86_64/debug/gd-debuginfo-2.0.33-10.fc6.x86_64.rpm
2d0294c076559f602f909cec2b7800ce9b7dcc57
x86_64/gd-2.0.33-10.fc6.x86_64.rpm
79ec946c48b8d64d102c9eec81aa3602e5190f8c
x86_64/gd-progs-2.0.33-10.fc6.x86_64.rpm
94c9cfba053ebc2940f96cf36668a7d235a5df44
x86_64/gd-devel-2.0.33-10.fc6.x86_64.rpm
9dda1875358b97cbcfeddf7866747ff7a068fea9
i386/gd-devel-2.0.33-10.fc6.i386.rpm
b94f2270165586ce75abff4790a47102f3ca7455
i386/gd-2.0.33-10.fc6.i386.rpm
17ca24b887d547675857f1e80ba1aef5b7d9d18e
i386/gd-progs-2.0.33-10.fc6.i386.rpm
d5b6337ca28aa58876db14ef7abda985e98c1754
i386/debug/gd-debuginfo-2.0.33-10.fc6.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2007-150
2007-02-12
Product : Fedora Core 5
Name : gd
Version : 2.0.33
Release : 7.fc5
Summary : A graphics library for quick creation of PNG or JPEG
images
Description :
The gd graphics library allows your code to quickly draw images
complete with lines, arcs, text, multiple colors, cut and paste
from other images, and flood fills, and to write out the result as
a PNG or JPEG file. This is particularly useful in Web
applications, where PNG and JPEG are two of the formats accepted
for inline images by most browsers. Note that gd is not a paint
program.
- Mon Jan 29 2007 Ivana Varekova <varekova@redhat.com> –
2.0.33-7- Resolves: #224610
CVE-2007-0455 gd buffer overrun
- Resolves: #224610
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
f5b3176556d582f3aead7251e444bb39325e67eb
SRPMS/gd-2.0.33-7.fc5.src.rpm
f5b3176556d582f3aead7251e444bb39325e67eb
noarch/gd-2.0.33-7.fc5.src.rpm
d8efaab38b6829ed03be8fd49a07c69076c935bd
ppc/debug/gd-debuginfo-2.0.33-7.fc5.ppc.rpm
32d5ac5ba3554bce9d147211f9908460e5eb2a77
ppc/gd-progs-2.0.33-7.fc5.ppc.rpm
07c6ca3db3c4c00d20bd7caeb27b425f1f0cceae
ppc/gd-2.0.33-7.fc5.ppc.rpm
401c7a2beecb667eef295d7e3fa2b226a99af174
ppc/gd-devel-2.0.33-7.fc5.ppc.rpm
0327d9e2082fab529730c8cc3bbfc973715926a4
x86_64/debug/gd-debuginfo-2.0.33-7.fc5.x86_64.rpm
5e80480e03dfec8450b20accb0602d8d0f34a4b9
x86_64/gd-progs-2.0.33-7.fc5.x86_64.rpm
839b0026d0198770d90a6a0c8536318fb842ebbc
x86_64/gd-devel-2.0.33-7.fc5.x86_64.rpm
882b62adfb15b48fac779baadf7a7443e11fcc2f
x86_64/gd-2.0.33-7.fc5.x86_64.rpm
61e529f58be3552a4ff3990bd8f1631818241401
i386/gd-progs-2.0.33-7.fc5.i386.rpm
c5f6052bf5d36698b5f02335177b152b88a4741e
i386/debug/gd-debuginfo-2.0.33-7.fc5.i386.rpm
6aa079c7183d1908263e70fdf8417ffdaaf78688
i386/gd-devel-2.0.33-7.fc5.i386.rpm
e9a4a5e258a33e7d4912324d38128629d5385f65
i386/gd-2.0.33-7.fc5.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2007-216
2007-02-08
Product : Fedora Core 6
Name : wireshark
Version : 0.99.5
Release : 1.fc6
Summary : Network traffic analyzer
Description :
Wireshark is a network traffic analyzer for Unix-ish operating
systems.
This package lays base for libpcap, a packet capture and
filtering library, contains command-line utilities, contains
plugins and documentation for wireshark. A graphical user interface
is packaged separately to GTK+ package.
Update Information:
- multiple security issues fixed (#227140)
- CVE-2007-0459 – The TCP dissector could hang or crash while
reassembling HTTP packets - CVE-2007-0459 – The HTTP dissector could crash.
- CVE-2007-0457 – On some systems, the IEEE 802.11 dissector
could crash. - CVE-2007-0456 – On some systems, the LLT dissector could
crash.
- Mon Feb 5 2007 Radek Vokál
<rvokal@redhat.com> 0.99.5-1- multiple security issues fixed (#227140)
- CVE-2007-0459 – The TCP dissector could hang or crash while
reassembling HTTP packets - CVE-2007-0459 – The HTTP dissector could crash.
- CVE-2007-0457 – On some systems, the IEEE 802.11 dissector
could crash. - CVE-2007-0456 – On some systems, the LLT dissector could
crash.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
b48079fe4cb0de76e7be6e9145308513fc1cc6f1
SRPMS/wireshark-0.99.5-1.fc6.src.rpm
b48079fe4cb0de76e7be6e9145308513fc1cc6f1
noarch/wireshark-0.99.5-1.fc6.src.rpm
2b20ce24ffb2f8db09a9216b15d9f08850242134
ppc/debug/wireshark-debuginfo-0.99.5-1.fc6.ppc.rpm
a6ec97bb2518c6c1110bb297f9771a8c99ed3673
ppc/wireshark-0.99.5-1.fc6.ppc.rpm
2014525b87fa4bd073b7fbc9c5dd3523f0b6d5a8
ppc/wireshark-gnome-0.99.5-1.fc6.ppc.rpm
f154c26920aa7234feaac5b31ce7055647cc0bc9
x86_64/wireshark-gnome-0.99.5-1.fc6.x86_64.rpm
7cccb0bc382abb0b096a8cb119122b7d10f78d73
x86_64/wireshark-0.99.5-1.fc6.x86_64.rpm
83178a2c4b4456129ecaf3a8d86c3bb11f449eb6
x86_64/debug/wireshark-debuginfo-0.99.5-1.fc6.x86_64.rpm
07b008421fbe9afe9da90ca5b765fda8a321ce87
i386/wireshark-0.99.5-1.fc6.i386.rpm
4d0c9e81002711b944811cce84420bc981a20663
i386/debug/wireshark-debuginfo-0.99.5-1.fc6.i386.rpm
92c9c59c15c6c8a75068fe54c0f66f5e0fff953c
i386/wireshark-gnome-0.99.5-1.fc6.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2007-219
2007-02-08
Product : Fedora Core 5
Name : samba
Version : 3.0.24
Release : 1.fc5
Summary : The Samba SMB server.
Description :
Samba is the suite of programs by which a lot of PC-related
machines share files, printers, and other information (such as
lists of available files and printers). The Windows NT, OS/2, and
Linux operating systems support this natively, and add-on packages
can enable the same thing for DOS, Windows, VMS, UNIX of all kinds,
MVS, and more. This package provides an SMB server that can be used
to provide network services to SMB (sometimes called “Lan Manager”)
clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does
NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.
- Wed Feb 7 2007 Jay Fenlason <fenlason@redhat.com>
3.0.24-1.fc5- New upstream release
- Update the -man patch to work with 3.0.24
- This release fixes CVE-2007-0452 Samba smbd denial of
service
- Tue Sep 26 2006 Jay Fenlason <fenlason@redhat.com>
3.0.23c-1.fc5- Include the newer smb.init that includes the configtest
option - Upgrade to 3.0.23c, obsoleting the -samr_alias patch.
- Include the newer smb.init that includes the configtest
- Wed Aug 9 2006 Jay Fenlason <fenlason@redhat.com>
3.0.23b-1.fc5- New upstream release, fixing some annoying bugs.
- Mon Jul 24 2006 Jay Fenlason <fenlason@redhat.com>
3.0.23a-1.fc5.1- Fix the -logfiles patch to close
bz#199607 Samba compiled with wrong log path.
bz#199206 smb.conf has incorrect log file path
- Fix the -logfiles patch to close
- Mon Jul 24 2006 Jay Fenlason <fenlason@redhat.com>
3.0.23a-1.fc5- Upgrade to new upstream 3.0.23a
- include upstream samr_alias patch
- Wed Jul 12 2006 Jay Fenlason <fenlason@redhat.com>
3.0.23-1.fc5- Upgrade to 3.0.23 to close
bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch
changes from rawhide. - include the fixed smb.init file from rawhide, closing
bz#182560 Wrong retval for initscript when smbd is dead
- Upgrade to 3.0.23 to close
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
9bbc8a4bb1a453d59bd8782f80f649915d34f911
SRPMS/samba-3.0.24-1.fc5.src.rpm
9bbc8a4bb1a453d59bd8782f80f649915d34f911
noarch/samba-3.0.24-1.fc5.src.rpm
ab6a77e6c718b5fd52070ade6ffb4d6d1b98f415
ppc/debug/samba-debuginfo-3.0.24-1.fc5.ppc.rpm
579f8f08f022010d62507e8837bae78c09297b95
ppc/samba-common-3.0.24-1.fc5.ppc.rpm
f38df05256e67eec1acbcc1a422dbe8ff96b8c57
ppc/samba-swat-3.0.24-1.fc5.ppc.rpm
130be42d37bcbbc7e635f764b98f8c075102a96c
ppc/samba-3.0.24-1.fc5.ppc.rpm
a1fec57230163279fdeeebb483f9e33b16497b61
ppc/samba-client-3.0.24-1.fc5.ppc.rpm
1a463c5b5e0971b472ee9c52249ba2ad4eb73a96
x86_64/debug/samba-debuginfo-3.0.24-1.fc5.x86_64.rpm
0e033bf26b950a97863aac665e068d9235ba6b80
x86_64/samba-3.0.24-1.fc5.x86_64.rpm
5131e2bb48f3fc90890152be4c023bd5c609af92
x86_64/samba-swat-3.0.24-1.fc5.x86_64.rpm
469f90101adbb9ac32b80ecdb5009b07fe6c07fb
x86_64/samba-client-3.0.24-1.fc5.x86_64.rpm
8dd3cd56064330ff3db3b443f5df8fe70b65dff6
x86_64/samba-common-3.0.24-1.fc5.x86_64.rpm
2cd55ad1de3678bf3d905791b78ab3495cb49244
i386/samba-3.0.24-1.fc5.i386.rpm
53f6e3e290b6a6fd18ec4949b03a598cbc3d6e40
i386/samba-client-3.0.24-1.fc5.i386.rpm
6c70800d282539cde2c61c59497759f861f187d3
i386/debug/samba-debuginfo-3.0.24-1.fc5.i386.rpm
8651a03ac90aaf7d2d2ce33a5f86eebf08ba8599
i386/samba-common-3.0.24-1.fc5.i386.rpm
c3ced49da43eb2636f18f78338535fc7a132323e
i386/samba-swat-3.0.24-1.fc5.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2007-220
2007-02-08
Product : Fedora Core 6
Name : samba
Version : 3.0.24
Release : 1.fc6
Summary : The Samba SMB server.
Description :
Samba is the suite of programs by which a lot of PC-related
machines share files, printers, and other information (such as
lists of available files and printers). The Windows NT, OS/2, and
Linux operating systems support this natively, and add-on packages
can enable the same thing for DOS, Windows, VMS, UNIX of all kinds,
MVS, and more. This package provides an SMB server that can be used
to provide network services to SMB (sometimes called “Lan Manager”)
clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does
NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.
- Thu Nov 16 2006 Jay Fenlason <fenlason@redhat.com>
3.0.24-1.fc6- New upstream release
- Update the -man patch to work with 3.0.24
- This release fixes CVE-2007-0452 Samba smbd denial of
service
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
f6c7a14016e459630e1cc73052ff37181f9a3b10
SRPMS/samba-3.0.24-1.fc6.src.rpm
f6c7a14016e459630e1cc73052ff37181f9a3b10
noarch/samba-3.0.24-1.fc6.src.rpm
e8f05955b2cc639be239c92b8253b9bf3282d136
ppc/samba-3.0.24-1.fc6.ppc.rpm
bc19b1ee344ccd33452f0e7b4d259794fc522178
ppc/samba-swat-3.0.24-1.fc6.ppc.rpm
f1dc0c2d251ceecb5a47ea4054b249d83c8aa76b
ppc/samba-common-3.0.24-1.fc6.ppc.rpm
79c4c7599d455c6565e6dcf4cf96f38ca80c2478
ppc/debug/samba-debuginfo-3.0.24-1.fc6.ppc.rpm
a3f63dee82cd5d66dcc08dea4b050e86474e43a3
ppc/samba-client-3.0.24-1.fc6.ppc.rpm
f0260fcefa74852842385ce7bd3e879f675d5bed
x86_64/samba-common-3.0.24-1.fc6.x86_64.rpm
839173461bbc3c8a34c9bb8aaed3271752dfe08b
x86_64/samba-3.0.24-1.fc6.x86_64.rpm
570e0e4b20b4663742d1c2f7d73049639f336ecf
x86_64/samba-client-3.0.24-1.fc6.x86_64.rpm
80c22f7e3618db604b29fcde6c63bcd7926769c6
x86_64/samba-swat-3.0.24-1.fc6.x86_64.rpm
051225214717e536e526fc208aabb27593442e02
x86_64/debug/samba-debuginfo-3.0.24-1.fc6.x86_64.rpm
3b77affb18a3bd2507b62700211bd630883fd412
i386/samba-common-3.0.24-1.fc6.i386.rpm
4dcad843014a95f1cbb133d9f52cfdda7aa4aced
i386/samba-swat-3.0.24-1.fc6.i386.rpm
e19fe883b50563116aba366351b9df59d5800a25
i386/samba-client-3.0.24-1.fc6.i386.rpm
4b4a77cad2bc14010e5b6d127be850a87adb1ae6
i386/debug/samba-debuginfo-3.0.24-1.fc6.i386.rpm
df5865ed8299bf459d2457d96112d455a5822649
i386/samba-3.0.24-1.fc6.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2007:037-1
http://www.mandriva.com/security/
Package : postgresql
Date : February 8, 2007
Affected: 2007.0, Corporate 4.0
Problem Description:
Jeff Trout discovered that the PostgreSQL server did not
sufficiently check data types of SQL function arguments in some
cases. A user could then exploit this to crash the database server
or read out arbitrary locations of the server’s memory, which could
be used to retrieve database contents that the user should not be
able to see. Note that a user must be authenticated in order to
exploit this (CVE-2007-0555).
As well, Jeff Trout also discovered that the query planner did
not verify that a table was still compatible with a
previously-generated query plan, which could be exploted to read
out arbitrary locations of the server’s memory by using ALTER
COLUMN TYPE during query execution. Again, a user must be
authenticated in order to exploit this (CVE-2007-0556).
Update:
The previous update updated PostgreSQL to upstream versions,
including 8.1.7 which contained a bug with typemod data types used
with check constraints and expression indexes. This regression has
been corrected in the new 8.1.8 version that is being provided.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
Updated Packages:
Mandriva Linux 2007.0:
c90747c3f8b528b85b16642928752c59
2007.0/i586/libecpg5-8.1.8-1.1mdv2007.0.i586.rpm
02a28236dbd9aa5d1060fddeb3c6f656
2007.0/i586/libecpg5-devel-8.1.8-1.1mdv2007.0.i586.rpm
9113ea83c03b369d32c57e0b68325278
2007.0/i586/libpq4-8.1.8-1.1mdv2007.0.i586.rpm
dff91d9381a47da6a3bfe5d6c3fe2519
2007.0/i586/libpq4-devel-8.1.8-1.1mdv2007.0.i586.rpm
51969dfad9ba7a74e22882e1db7f559b
2007.0/i586/postgresql-8.1.8-1.1mdv2007.0.i586.rpm
affaf35323d0583d759dbdc832792cc5
2007.0/i586/postgresql-contrib-8.1.8-1.1mdv2007.0.i586.rpm
c25d7922f0984ea6947399dca9ec71c9
2007.0/i586/postgresql-devel-8.1.8-1.1mdv2007.0.i586.rpm
de46e08411f5eb3d2349d9032b7a3b55
2007.0/i586/postgresql-docs-8.1.8-1.1mdv2007.0.i586.rpm
64732375d78f10a418aaf84a843072a6
2007.0/i586/postgresql-pl-8.1.8-1.1mdv2007.0.i586.rpm
443d82af4b6dec2df4955675913c1c57
2007.0/i586/postgresql-plperl-8.1.8-1.1mdv2007.0.i586.rpm
4a38fd10cbc9ebb175710accdb265606
2007.0/i586/postgresql-plpgsql-8.1.8-1.1mdv2007.0.i586.rpm
6f95a8cdae62756195214f593e47c16b
2007.0/i586/postgresql-plpython-8.1.8-1.1mdv2007.0.i586.rpm
e19c9b2ecc7137ef425013f06a408647
2007.0/i586/postgresql-pltcl-8.1.8-1.1mdv2007.0.i586.rpm
c25c09078350d7e44e04eca1bbf48247
2007.0/i586/postgresql-server-8.1.8-1.1mdv2007.0.i586.rpm
5be6ca33b73216b8d84cfe3695c9f45e
2007.0/i586/postgresql-test-8.1.8-1.1mdv2007.0.i586.rpm
c2d53fbc9eace270498003c9bc6db702
2007.0/SRPMS/postgresql-8.1.8-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9fa0cf41fc100317651fd335e42e89d8
2007.0/x86_64/lib64ecpg5-8.1.8-1.1mdv2007.0.x86_64.rpm
ac631e1f5b06d734a14036e53e6c9799
2007.0/x86_64/lib64ecpg5-devel-8.1.8-1.1mdv2007.0.x86_64.rpm
cc6a13d12741ee555d2e57795421db2c
2007.0/x86_64/lib64pq4-8.1.8-1.1mdv2007.0.x86_64.rpm
96bdec5afaa2e0ecc39ce1234de157fd
2007.0/x86_64/lib64pq4-devel-8.1.8-1.1mdv2007.0.x86_64.rpm
fe56c10801c62d066ffef1dfb3759478
2007.0/x86_64/postgresql-8.1.8-1.1mdv2007.0.x86_64.rpm
bddf713d296a712ef564ef2386da28e7
2007.0/x86_64/postgresql-contrib-8.1.8-1.1mdv2007.0.x86_64.rpm
8fae942233a8dd1d09d5decb79f0d42d
2007.0/x86_64/postgresql-devel-8.1.8-1.1mdv2007.0.x86_64.rpm
66f8de3e958cbdd3c4a54ab33b3cd65b
2007.0/x86_64/postgresql-docs-8.1.8-1.1mdv2007.0.x86_64.rpm
e10f521991c2a344b83dc41404a7bdc8
2007.0/x86_64/postgresql-pl-8.1.8-1.1mdv2007.0.x86_64.rpm
0ee1f3f8b2a5ad525059a84411fa77cd
2007.0/x86_64/postgresql-plperl-8.1.8-1.1mdv2007.0.x86_64.rpm
3bfd69ae9819b20d6e3b2d0f2f2914ee
2007.0/x86_64/postgresql-plpgsql-8.1.8-1.1mdv2007.0.x86_64.rpm
d43c59da2cc8b94d29cba08dbb8dc5d7
2007.0/x86_64/postgresql-plpython-8.1.8-1.1mdv2007.0.x86_64.rpm
cb4ca5a0639f6156c93d2847aee768e8
2007.0/x86_64/postgresql-pltcl-8.1.8-1.1mdv2007.0.x86_64.rpm
4daa3593803d7e0b16f610ff0ba3140c
2007.0/x86_64/postgresql-server-8.1.8-1.1mdv2007.0.x86_64.rpm
3fe5c0e800801ac0aad676c6d9c49cd7
2007.0/x86_64/postgresql-test-8.1.8-1.1mdv2007.0.x86_64.rpm
c2d53fbc9eace270498003c9bc6db702
2007.0/SRPMS/postgresql-8.1.8-1.1mdv2007.0.src.rpm
Corporate 4.0:
3646b7d3426103702434428a67144dea
corporate/4.0/i586/libecpg5-8.1.8-0.1.20060mlcs4.i586.rpm
1c5bd6440fe39f52fb085295807d99b8
corporate/4.0/i586/libecpg5-devel-8.1.8-0.1.20060mlcs4.i586.rpm
85ca75e8c44c87f9721f91da8fcff8c2
corporate/4.0/i586/libpq4-8.1.8-0.1.20060mlcs4.i586.rpm
edcd0beb041c7453734c5c16a789a157
corporate/4.0/i586/libpq4-devel-8.1.8-0.1.20060mlcs4.i586.rpm
9a7878356b498bed4489d75770c1d276
corporate/4.0/i586/postgresql-8.1.8-0.1.20060mlcs4.i586.rpm
8656f3a7c9c2bb9dfff47d84cd7bca71
corporate/4.0/i586/postgresql-contrib-8.1.8-0.1.20060mlcs4.i586.rpm
a1f44fd61edfb309c2f0477d18b4f25e
corporate/4.0/i586/postgresql-devel-8.1.8-0.1.20060mlcs4.i586.rpm
3d4f14265c27d64d01cea5b1d87c2ca3
corporate/4.0/i586/postgresql-docs-8.1.8-0.1.20060mlcs4.i586.rpm
0870c7e4c4f1c9948d4fa89a9755d344
corporate/4.0/i586/postgresql-pl-8.1.8-0.1.20060mlcs4.i586.rpm
f430b170ee5798155c8e30c1da041d72
corporate/4.0/i586/postgresql-plperl-8.1.8-0.1.20060mlcs4.i586.rpm
b5875fd10fe7e2296431762e95e1433e
corporate/4.0/i586/postgresql-plpgsql-8.1.8-0.1.20060mlcs4.i586.rpm
b163388a7e53e73dc11164cb2ffb6069
corporate/4.0/i586/postgresql-plpython-8.1.8-0.1.20060mlcs4.i586.rpm
8d34cb89cd0fb36c1d1f59fc94c296f5
corporate/4.0/i586/postgresql-pltcl-8.1.8-0.1.20060mlcs4.i586.rpm
13c6da736f8d3cd712629435b2f97acd
corporate/4.0/i586/postgresql-server-8.1.8-0.1.20060mlcs4.i586.rpm
fb84b767af0906777a463cc52c96ae82
corporate/4.0/i586/postgresql-test-8.1.8-0.1.20060mlcs4.i586.rpm
ecec0536648eedafd8d14c05f530a713
corporate/4.0/SRPMS/postgresql-8.1.8-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
de38a16b9ea4740ce062537e407f8dba
corporate/4.0/x86_64/lib64ecpg5-8.1.8-0.1.20060mlcs4.x86_64.rpm
11bc707a0e4632ef7c2b4b0178ee41a3
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.8-0.1.20060mlcs4.x86_64.rpm
be32ff79999384264518fc36cddf6557
corporate/4.0/x86_64/lib64pq4-8.1.8-0.1.20060mlcs4.x86_64.rpm
2a29c2a494239f4e868a26eb21d10fc1
corporate/4.0/x86_64/lib64pq4-devel-8.1.8-0.1.20060mlcs4.x86_64.rpm
94e0e3b49c4dd3fe7c5ff53a16684ac6
corporate/4.0/x86_64/postgresql-8.1.8-0.1.20060mlcs4.x86_64.rpm
6b98440fa37a0c36583338f21dab0ba5
corporate/4.0/x86_64/postgresql-contrib-8.1.8-0.1.20060mlcs4.x86_64.rpm
437e389ba99fba84f0b0dd4498a2b065
corporate/4.0/x86_64/postgresql-devel-8.1.8-0.1.20060mlcs4.x86_64.rpm
af7ff5bf6e597521678bdac8434db561
corporate/4.0/x86_64/postgresql-docs-8.1.8-0.1.20060mlcs4.x86_64.rpm
a1df29f5b0aa54c60febfe6088c5a978
corporate/4.0/x86_64/postgresql-pl-8.1.8-0.1.20060mlcs4.x86_64.rpm
dde134fa8ca3771556d30fa08de48065
corporate/4.0/x86_64/postgresql-plperl-8.1.8-0.1.20060mlcs4.x86_64.rpm
1f3373ac4d916f8877c9e6bf7c534320
corporate/4.0/x86_64/postgresql-plpgsql-8.1.8-0.1.20060mlcs4.x86_64.rpm
9808c3922aa7a331a004ba6bf73b5f75
corporate/4.0/x86_64/postgresql-plpython-8.1.8-0.1.20060mlcs4.x86_64.rpm
bdc3c99b92b9273c5498e884b0a8cb89
corporate/4.0/x86_64/postgresql-pltcl-8.1.8-0.1.20060mlcs4.x86_64.rpm
5a4a8a94afe80e38cc625f1a6e8ef8a0
corporate/4.0/x86_64/postgresql-server-8.1.8-0.1.20060mlcs4.x86_64.rpm
2fe0e23d6f77d5761ed5feca78cb8868
corporate/4.0/x86_64/postgresql-test-8.1.8-0.1.20060mlcs4.x86_64.rpm
ecec0536648eedafd8d14c05f530a713
corporate/4.0/SRPMS/postgresql-8.1.8-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2007:041
http://www.mandriva.com/security/
Package : ImageMagick
Date : February 9, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
Vladimir Nadvornik discovered a buffer overflow in
GraphicsMagick and ImageMagick allows user-assisted attackers to
cause a denial of service and possibly execute execute arbitrary
code via a PALM image that is not properly handled by the
ReadPALMImage function in coders/palm.c.
This is related to an earlier fix for CVE-2006-5456 that did not
fully correct the issue.
Updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770
Updated Packages:
Mandriva Linux 2006.0:
193c4bcc7fa385bc4582095a3bdc362e
2006.0/i586/ImageMagick-6.2.4.3-1.5.20060mdk.i586.rpm
b412617cbd2bee1ac4b7e5dd9dc7f669
2006.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mdk.i586.rpm
20fc4eec284af86b076bbcbebaee0bb3
2006.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mdk.i586.rpm
f79d82b2e5e4043ccb2871259de495e1
2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk.i586.rpm
ab5a38478c7c022197edc5d4f5128aaf
2006.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mdk.i586.rpm
8a4d8538baa0065458ba630aaed9976d
2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
a73886f426de014a97adfb746e4565f8
2006.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mdk.x86_64.rpm
bf0d3317021d77551e1154f7e222915c
2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mdk.x86_64.rpm
d8f7a2b02a6324579ac78daddb0e6a7e
2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mdk.x86_64.rpm
dfb8b167a0070da2d2f9e4ffe28023fe
2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk.x86_64.rpm
3739eede5d60601d1dc1d73d01b37202
2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mdk.x86_64.rpm
8a4d8538baa0065458ba630aaed9976d
2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm
Mandriva Linux 2007.0:
6ab89c972478c2c023da37b93f594d24
2007.0/i586/ImageMagick-6.2.9.2-1.2mdv2007.0.i586.rpm
28f69c54db80c27a101491330f66b662
2007.0/i586/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.i586.rpm
03b4d5956d8877694faac5865d48a520
2007.0/i586/libMagick10.4.0-6.2.9.2-1.2mdv2007.0.i586.rpm
776a23f71fb316acdf5cff805971c34e
2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0.i586.rpm
93f2614af3719718cac1d1879d12d12a
2007.0/i586/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.i586.rpm
3116010a2047074e801e22d425c9a9d5
2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
51380bf4ebf6e0b04c4f4288661ae213
2007.0/x86_64/ImageMagick-6.2.9.2-1.2mdv2007.0.x86_64.rpm
69b0a59488540fdf0f28442f964fd104
2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.x86_64.rpm
8fb388fc56a213a28351c9c561861329
2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0.x86_64.rpm
ec518f1e4a63e66c2fb352b41760028e
2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0.x86_64.rpm
08b01e7f371a53bec64e6beeb5f3ab53
2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.x86_64.rpm
3116010a2047074e801e22d425c9a9d5
2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm
Corporate 3.0:
471cef35e46eeb61d6591e13b446479e
corporate/3.0/i586/ImageMagick-5.5.7.15-6.10.C30mdk.i586.rpm
70c7d71b8880e5c333c339d5a647268f
corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.10.C30mdk.i586.rpm
1cc8b03ddd796be711feb96369129351
corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.10.C30mdk.i586.rpm
f6ac22c4a8b964d16a945a058a11018c
corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.10.C30mdk.i586.rpm
65c9c8f0d3f8a126a78aa42c4e938143
corporate/3.0/i586/perl-Magick-5.5.7.15-6.10.C30mdk.i586.rpm
3443a491b2e8d8cdde7b9d75a7ff26eb
corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm
Corporate 3.0/X86_64:
b63e6de0c85935b92b9d7c9694a834f3
corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.10.C30mdk.x86_64.rpm
8e5277702700da02eb6e05a150035770
corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.10.C30mdk.x86_64.rpm
b07b76e7e0a8d66d2d79f712d09958e1
corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.10.C30mdk.x86_64.rpm
9212e9b660e22225a53a98036bc3fcb8
corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.10.C30mdk.x86_64.rpm
c7b43627ef24177dd52a375d6b9f21d4
corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.10.C30mdk.x86_64.rpm
3443a491b2e8d8cdde7b9d75a7ff26eb
corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm
Corporate 4.0:
e4ba1f2b9651d72c1cd4cb6dd776d751
corporate/4.0/i586/ImageMagick-6.2.4.3-1.5.20060mlcs4.i586.rpm
26d72e8cafcbc76087c7631e8bedd6e5
corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.i586.rpm
b18d2e5aefe0fc96f6dfef405ac75d1d
corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mlcs4.i586.rpm
7ed9b663192e24fd723a238dce7261c3
corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.i586.rpm
c7e27a51fc8ee6b3dbf3926be899b028
corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.i586.rpm
ccf643955298a3d36be65f9958360da6
corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7511f0e4b203f7217774ae3133f6ac97
corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
12996cab922873b18717bceeac05f4d0
corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
9f63d066ad11524a5855c69f951b87ba
corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
4750be3ba0b5fa37378402d80376b168
corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
b004eeb51659686cb5cfdfa125ee4102
corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm
ccf643955298a3d36be65f9958360da6
corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Critical: java-1.5.0-ibm security update
Advisory ID: RHSA-2007:0073-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0073.html
Issue date: 2007-02-09
Updated on: 2007-02-09
Product: Red Hat Enterprise Linux Extras
Obsoletes: RHEA-2007:0027
CVE Names: CVE-2006-4339 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737
CVE-2006-6745
1. Summary:
java-1.5.0-ibm packages that correct several security issues are
available for Red Hat Enterprise Linux 4 Extras.
This update has been rated as having critical security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 Extras – i386, ppc, s390,
s390x, x86_64
Red Hat Desktop version 4 Extras – i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras – i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras – i386, x86_64
3. Problem description:
IBM’s 1.5.0 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.
Vulnerabilities were discovered in the Java Runtime Environment.
An untrusted applet could use these vulnerabilities to access data
from other applets. (CVE-2006-6736, CVE-2006-6737)
Serialization flaws were discovered in the Java Runtime
Environment. An untrusted applet or application could use these
flaws to elevate its privileges. (CVE-2006-6745)
Buffer overflow vulnerabilities were discovered in the Java
Runtime Environment. An untrusted applet could use these flaws to
elevate its privileges, possibly reading and writing local files or
executing local applications. (CVE-2006-6731)
Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5
signatures. Where an RSA key with exponent 3 is used it may be
possible for an attacker to forge a PKCS #1 v1.5 signature that
would be incorrectly verified by implementations that do not check
for excess data in the RSA exponentiation result of the signature.
(CVE-2006-4339)
All users of java-ibm-1.5.0 should upgrade to these packages,
which contain IBM’s 1.5.0 SR3 Java release which resolves these
issues.
Please note that the packages in this erratum are identical to
those we released on January 24th 2007 in advisory RHEA-2007:0027.
We have issued this security update because when we released
RHEA-2007:0027 we were not aware that it contained fixes for
security issues. If you have already updated to those packages you
will not need to apply this update.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates. To
use Red Hat Network, launch the Red Hat Update Agent with the
following command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
227990 – CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737
CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)
6. RPMs required:
Red Hat Enterprise Linux AS version 4 Extras:
i386:
b67fc6c6d9feea933d088dc62c6f4cbc
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5
java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm
ppc:
2fe83ca7ec1ca133b3f8317547e3f273
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.ppc.rpm
eb516a10d2470b9a418a36d4f21f9a78
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.ppc.rpm
0ccf358682c76242ea60662ff40e7c43
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.ppc.rpm
b500aad75868c075e16788c1d786dccf
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.ppc.rpm
b619093731e096af4949b72ff982b6ca
java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.ppc.rpm
db04baa7ecc079981f8d2a19af81ace1
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.ppc.rpm
6c4d83eee888f0c7665e01b416c264ae
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.ppc.rpm
s390:
4ba21c2cdae2a1ef4e58840ad833e9a0
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.s390.rpm
115c4afc374dc7c02479c9a5b94922a0
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.s390.rpm
64da33008e9d625bf50d0824832caba2
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.s390.rpm
161710bcac5f0c3492f141e3316828e7
java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.s390.rpm
281cff793123a37c13160aa819417124
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.s390.rpm
s390x:
55ececa007e534f5e27ac5291c6ffb48
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.s390x.rpm
22d24231609afff610dc089415b4a91a
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.s390x.rpm
236ca00cb7add0571df0985381a377eb
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.s390x.rpm
e49a180a24e81be67bab59f52769c597
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.s390x.rpm
x86_64:
9534b0f12f981f71a94103f90ec80b60
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386:
b67fc6c6d9feea933d088dc62c6f4cbc
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5
java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm
x86_64:
9534b0f12f981f71a94103f90ec80b60
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386:
b67fc6c6d9feea933d088dc62c6f4cbc
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5
java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm
x86_64:
9534b0f12f981f71a94103f90ec80b60
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386:
b67fc6c6d9feea933d088dc62c6f4cbc
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.i386.rpm
ff5e70fb869a0e5809c9412dab37beba
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.i386.rpm
9a6030c81894e02ba3468231000d7dd0
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.i386.rpm
305487b94a158e6f4650bf8a5344e7d5
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.i386.rpm
cdfff7b0c17af7f74c6b7cc0997ff6d5
java-1.5.0-ibm-jdbc-1.5.0.3-1jpp.3.el4.i386.rpm
976a34a3b3443aac3d817526710d802c
java-1.5.0-ibm-plugin-1.5.0.3-1jpp.3.el4.i386.rpm
52321637b5330aeb675579705605c734
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.i386.rpm
x86_64:
9534b0f12f981f71a94103f90ec80b60
java-1.5.0-ibm-1.5.0.3-1jpp.3.el4.x86_64.rpm
0a76b8a704280936931b23e6638644c2
java-1.5.0-ibm-demo-1.5.0.3-1jpp.3.el4.x86_64.rpm
1e5c8aa0927e9114b1f4de7e6030b397
java-1.5.0-ibm-devel-1.5.0.3-1jpp.3.el4.x86_64.rpm
25ae36a6aa824ce3e30bc6ed35bf3659
java-1.5.0-ibm-javacomm-1.5.0.3-1jpp.3.el4.x86_64.rpm
67d22d181c1cef2a66f5077b41a8ee7d
java-1.5.0-ibm-src-1.5.0.3-1jpp.3.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
rPath Linux
rPath Security Advisory: 2006-0233-1
Published: 2007-02-09
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Local Deterministic Denial of
Service
Updated Versions:
dbus=/conary.rpath.com@rpl:devel//1/0.50-2.2-1
dbus-glib=/conary.rpath.com@rpl:devel//1/0.50-2.2-1
dbus-qt=/conary.rpath.com@rpl:devel//1/0.50-2.2-1
dbus-x11=/conary.rpath.com@rpl:devel//1/0.50-2.2-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6107
https://issues.rpath.com/browse/RPL-860
Description:
Previous versions of the dbus package are vulnerable to a local
denial of service attack in which one local user can prevent
another local user from using the D-Bus service.
rPath Security Advisory: 2007-0028-1
Published: 2007-02-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Remote Deterministic Denial of
Service
Updated Versions:
gd=/conary.rpath.com@rpl:devel//1/2.0.33-4.3-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
https://issues.rpath.com/browse/RPL-1030
Description:
Previous versions of the gd package have a weakness that can
cause crashes in applications that use the gd library when
rendering certain malformed strings with a JIS font. This weakness
may enable executing attacker-controlled or attacker-provided
code.
rPath Security Advisory: 2007-0029-1
Published: 2007-02-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect User Deterministic
Unauthorized Access
Updated Versions:
ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.5-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
https://issues.rpath.com/browse/RPL-1034
Description:
The previous security update for CVE-2006-5456; a buffer
overflow parsing Palm Pixmap files, was not sufficient. Previous
versions of the ImageMagick package are vulnerable to Denial of
Service and possibly Unauthorized Access when presented with an
intentionally malformed Palm Pixmap file. The main form of remote
exposure is when ImageMagick is exposed to remote users via web
services.
rPath Security Advisory: 2007-0031-1
Published: 2007-02-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect Deterministic Denial of
Service
Updated Versions:
kernel=/conary.rpath.com@rpl:devel//1/2.6.19.3-0.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106
https://issues.rpath.com/browse/RPL-848
https://issues.rpath.com/browse/RPL-963
Description:
Previous versions of the kernel package are vulnerable to a
denial of service when using the capi bluetooth driver. rPath Linux
1 does not include the tools required to configure this driver, so
rPath Linux 1 has limited exposure to this vulnerability.
This is the first release of the 2.6.19.x kernel for rPath Linux
1, which enables significant additional hardware support. This
includes support for new hardware in existing drivers, as well as
additional drivers.
This update requires a system reboot to implement the fixes.
Note: rPath Linux is not vulnerable to several other Linux
kernel vulnerabilities that have been recently announced, including
CVE-2006-4814, CVE-2006-5174, CVE-2006-6304, CVE-2006-6053,
CVE-2006-6054, CVE-2006-4814, and CVE-2006-5823.
Ubuntu
Ubuntu Security Notice USN-417-3 February 09, 2007
postgresql-8.1 regression
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
postgresql-8.1 8.1.8-0ubuntu6.06.1
postgresql-client-8.1 8.1.8-0ubuntu6.06.1
Ubuntu 6.10:
postgresql-8.1 8.1.8-0ubuntu6.10
postgresql-client-8.1 8.1.8-0ubuntu6.10
In general, a standard system upgrade is sufficient to effect
the necessary changes.
Details follow:
USN-417-2 fixed a severe regression in the PostgreSQL server
that was introduced in USN-417-1 and caused some valid queries to
be aborted with a type error. This update fixes a similar (but much
less prominent) error.
At the same time, PostgreSQL is updated to version 8.1.8, which
fixes a range of important bugs.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 25266
ada0de93d338e6fd238e90d9b2392e83
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8-0ubuntu6.06.1.dsc
Size/MD5: 1119
3ae022f39647a437f59bbb8bbeeda00b
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8.orig.tar.gz
Size/MD5: 11401827
6dc11fcd2c907f93d36f5fa3a1cefd19
Architecture independent packages:
Size/MD5: 1454258
12e6983fbdc99cb37c98132bdba74198
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 156836
a86f07cfa05c30218c29e31d285e067e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 348720
9688bf15eef77984cd25172f66860657
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 177490
42bdcdb23b1445cac250ebc92ac3caee
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 178762
474c305612b8efc8faf7df21eea3205a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 311688
4e69b107064d625e061c5590b9ef83b9
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 210468
6916fbd5f16c7ca901ba8e06b1d8500a
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 3230076
b7d18bf6253b714ff82e311e44c0361c
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 785898
6fb40aa8573bb642dc6e35ed21dc340f
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 617656
31fd77725b3deb1d426f6cd48a9ffedf
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 173578
53bc5a6d0be04caf35e24ba53233c27e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 167650
90b11a981bd7a6ff490f9685c60b61cb
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 167764
c7429e3eb2526110744f99755b4d2b85
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.8-0ubuntu6.06.1_amd64.deb
Size/MD5: 600356
16d93e175fb1bd0872d7398bb1dc77cd
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 155756
a5429a64c62156c96e5f607c78008579
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.8-0ubuntu6.06.1_i386.deb
Size/MD5: 339384
da8d9fad352819051198349ba7fbb997
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.8-0ubuntu6.06.1_i386.deb
Size/MD5: 175258
f17f145f437d0754ac0f83047126021e
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.8-0ubuntu6.06.1_i386.deb
Size/MD5: 176926
adb28d31cf67948756bbad89025397f8
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.8-0ubuntu6.06.1_i386.deb
Size/MD5: 300218
f4858fc6a51a433b9744e0e77e37b2c7
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.8-0ubuntu6.06.1_i386.deb
Size/MD5: 203484
d5d2e516ce14bb56ee405d0bb593d06c
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.8-0ubuntu6.06.1_i386.deb
Size/MD5: 3036362
b24fdca3d141fca60cac1460f9cbfecd
http://security.ubuntu.com/ubuntu/pool/