---

Home Security

Advisories: June 14, 2005

By

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: gaim
Advisory ID: MDKSA-2005:099
Date: June 14th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0

Problem Description:

More vulnerabilities have been discovered in the gaim IM client.
The first is a remote crash with the Yahoo! protocol
(CAN-2005-1269) and the second is a remote DoS in the MSN protocol
(CAN-2005-1934).

These problems have been corrected in gaim 1.3.1 which is
provided with this update.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1269

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1934

Updated Packages:

Mandrakelinux 10.1:
6e4fcf0213cb1239d68dd516527e8243
10.1/RPMS/gaim-1.3.1-0.1.101mdk.i586.rpm
267ef252ba9947e9b64bde9dddebe21e
10.1/RPMS/gaim-devel-1.3.1-0.1.101mdk.i586.rpm
31e933f06152ce1c6fa9057f1ead1364
10.1/RPMS/gaim-gevolution-1.3.1-0.1.101mdk.i586.rpm
e49e26277de52b0a2e4abbf3bceb2742
10.1/RPMS/gaim-perl-1.3.1-0.1.101mdk.i586.rpm
9c8065be22410ada3a470d95a844d881
10.1/RPMS/gaim-tcl-1.3.1-0.1.101mdk.i586.rpm
9aa758d669e32efdd1f0584f77f9f55d
10.1/RPMS/libgaim-remote0-1.3.1-0.1.101mdk.i586.rpm
66f4c7bcee4faf74c2ba012cd7ba289f
10.1/RPMS/libgaim-remote0-devel-1.3.1-0.1.101mdk.i586.rpm
7fc91e876195bb1257ff5b428e306fdf
10.1/SRPMS/gaim-1.3.1-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9876d97be01fe46772f8f80ce28f5ccf
x86_64/10.1/RPMS/gaim-1.3.1-0.1.101mdk.x86_64.rpm
49750a6aa86e6e09dc16f2317f7e0062
x86_64/10.1/RPMS/gaim-devel-1.3.1-0.1.101mdk.x86_64.rpm
3ba1aaa598b1a90d2d7dfea3bd744d9e
x86_64/10.1/RPMS/gaim-gevolution-1.3.1-0.1.101mdk.x86_64.rpm
cb7ef50532ea094e4cf0ebe707931740
x86_64/10.1/RPMS/gaim-perl-1.3.1-0.1.101mdk.x86_64.rpm
2110f664d1c4e4c3dfcf84c3696b60d3
x86_64/10.1/RPMS/gaim-tcl-1.3.1-0.1.101mdk.x86_64.rpm
178bd8ac319f10604b8327790743526f
x86_64/10.1/RPMS/lib64gaim-remote0-1.3.1-0.1.101mdk.x86_64.rpm
db568bc151eb0b6211344c7608dd6099
x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.101mdk.x86_64.rpm

7fc91e876195bb1257ff5b428e306fdf
x86_64/10.1/SRPMS/gaim-1.3.1-0.1.101mdk.src.rpm

Mandrakelinux 10.2:
72bed53f4a863d4bb3e7515d7a30adef
10.2/RPMS/gaim-1.3.1-0.1.102mdk.i586.rpm
9a5ee47f3921ea57a6d3385c60379186
10.2/RPMS/gaim-devel-1.3.1-0.1.102mdk.i586.rpm
66ba156f6e65011761ddfca073e6dc94
10.2/RPMS/gaim-gevolution-1.3.1-0.1.102mdk.i586.rpm
1426070274bafd55bdc3eadea2ebfa3a
10.2/RPMS/gaim-perl-1.3.1-0.1.102mdk.i586.rpm
3b77402203fa59aa449b046a7c58749d
10.2/RPMS/gaim-silc-1.3.1-0.1.102mdk.i586.rpm
1115565b2f2ba8505c9012ef472b35b8
10.2/RPMS/gaim-tcl-1.3.1-0.1.102mdk.i586.rpm
af6689ae3b55c35dbd2823b2a7474016
10.2/RPMS/libgaim-remote0-1.3.1-0.1.102mdk.i586.rpm
5d9bb26bca7d190dfa4f138621a85edf
10.2/RPMS/libgaim-remote0-devel-1.3.1-0.1.102mdk.i586.rpm
9f397d2a338771fdf24f9d37ce55fd85
10.2/SRPMS/gaim-1.3.1-0.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
4189d6699c1a05c97b170e81d549f8ea
x86_64/10.2/RPMS/gaim-1.3.1-0.1.102mdk.x86_64.rpm
0a235252f3509b3c3dc15d71482f39b0
x86_64/10.2/RPMS/gaim-devel-1.3.1-0.1.102mdk.x86_64.rpm
4ed3e16d23379d1a87474d4712671357
x86_64/10.2/RPMS/gaim-gevolution-1.3.1-0.1.102mdk.x86_64.rpm
0d604302e4abd887e5bf4b46d4ab19d1
x86_64/10.2/RPMS/gaim-perl-1.3.1-0.1.102mdk.x86_64.rpm
d115b6f98c2c93658810ed35aa54e108
x86_64/10.2/RPMS/gaim-silc-1.3.1-0.1.102mdk.x86_64.rpm
88ad11a13f42cc093728061437c7de86
x86_64/10.2/RPMS/gaim-tcl-1.3.1-0.1.102mdk.x86_64.rpm
21e357632a07cc8e8fbcf280384d3642
x86_64/10.2/RPMS/lib64gaim-remote0-1.3.1-0.1.102mdk.x86_64.rpm
f0971fdfda8337897dfbfb9e0ee04fdb
x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.102mdk.x86_64.rpm

9f397d2a338771fdf24f9d37ce55fd85
x86_64/10.2/SRPMS/gaim-1.3.1-0.1.102mdk.src.rpm

Corporate 3.0:
ad4c433c3a75e8b4b24eb0a66caca44f
corporate/3.0/RPMS/gaim-1.3.1-0.1.C30mdk.i586.rpm
8e279142cc357b43a8c58a3c73ac9b5e
corporate/3.0/RPMS/gaim-devel-1.3.1-0.1.C30mdk.i586.rpm
661dea400ea206801c3a4434154405b7
corporate/3.0/RPMS/gaim-perl-1.3.1-0.1.C30mdk.i586.rpm
93090aa5d4a50e578824af9f3a5d4995
corporate/3.0/RPMS/gaim-tcl-1.3.1-0.1.C30mdk.i586.rpm
9fff14e865ab7667b6a03c7bb406f32b
corporate/3.0/RPMS/libgaim-remote0-1.3.1-0.1.C30mdk.i586.rpm
067375646e00fb20ab7a2c9b2e48a951
corporate/3.0/RPMS/libgaim-remote0-devel-1.3.1-0.1.C30mdk.i586.rpm

92a5283dc08a218a563df01b1c6dbe4a
corporate/3.0/SRPMS/gaim-1.3.1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
bf58aaf15a384a62ccdeeac89316e0b9
x86_64/corporate/3.0/RPMS/gaim-1.3.1-0.1.C30mdk.x86_64.rpm
6539c1d78d9c17c05d33c44036adc1fe
x86_64/corporate/3.0/RPMS/gaim-devel-1.3.1-0.1.C30mdk.x86_64.rpm

fa92889caa8ce98b40598f0a5e8d12e9
x86_64/corporate/3.0/RPMS/gaim-perl-1.3.1-0.1.C30mdk.x86_64.rpm
0114367256677963d91e09bffe9bed2f
x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.1-0.1.C30mdk.x86_64.rpm
8d66f38ed47ae7e5dc093c2086f414de
x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.1-0.1.C30mdk.x86_64.rpm

fd52dd04761c70fc9a34bd080f60fa9f
x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.C30mdk.x86_64.rpm

92a5283dc08a218a563df01b1c6dbe4a
x86_64/corporate/3.0/SRPMS/gaim-1.3.1-0.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: rsh
Advisory ID: MDKSA-2005:100
Date: June 14th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1

Problem Description:

A vulnerability in the rcp protocol was discovered that allows a
server to instruct a client to write arbitrary files outside of the
current directory, which could potentially be a security concern if
a user used rcp to copy files from a malicious server.

The updated packages have been patched to correct this
problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175

Updated Packages:

Mandrakelinux 10.0:
5e6f513e437cc9a5a619f323509ca58a
10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm
aec49c478c37577b6fd795bd9bb4ba67
10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm
259dcd458b33d1de12d172e876366165
10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
fd2d00b91971f0b137696c0ca256b94a
amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm
81fffa62d628599cee1f7b590ae4c38e
amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm
259dcd458b33d1de12d172e876366165
amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

Mandrakelinux 10.1:
de740985b0e213128f8639e3af831b5e
10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm
ff6873ae461a9a12e6a2aeee30a80aa0
10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm
2a5d801cdedfa0b0b588d340b79c9473
10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
716ae1dc777924d462d9c502238bda9e
x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm
23ea2409d82a32918e5e132d8e1fff90
x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm
2a5d801cdedfa0b0b588d340b79c9473
x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

Mandrakelinux 10.2:
381a2b0e1418a14b618030f27ac445ea
10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm
d750e7ffcf28e7530e19a294ca9d6bc7
10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm
1b576319abe603cfaa12d8ee3e314b0d
10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
7d9fd388f7fefa1e454b9d938befcfdc
x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm
decb83a56d54b9d6310f4e1f2aefe555
x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm
1b576319abe603cfaa12d8ee3e314b0d
x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

Corporate Server 2.1:
a63459af04b29923eff1606742eb9ce4
corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm
b655300455ec6bd0fb8c782cfbcbe281
corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm
c828642735f509a405e4582b9f6f3a29
corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
14219e4f9ada6336f7b26a86881942e2
x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm
c32ccf5751017c29817fdd485c489f4b
x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm
c828642735f509a405e4582b9f6f3a29
x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

Corporate 3.0:
b20aa1eb70c7bfc006c0c946601c9596
corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm
7ae577ac25ff29385f99516abd79baaf
corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm
c6fac5847bb6c80b8c92a22750d1c438
corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
37a7576122ea4001257e11d034100c28
x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm
f7e9c14163f5a56b29fc2b17ae172bfb
x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm

c6fac5847bb6c80b8c92a22750d1c438
x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Low: squid security update
Advisory ID: RHSA-2005:415-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-415.html

Issue date: 2005-06-14
Updated on: 2005-06-14
Product: Red Hat Enterprise Linux
CVE Names: CVE-1999-0710 CAN-2005-0626 CAN-2005-0718 CAN-2005-1345
CAN-2005-1519

1. Summary:

An updated squid package that fixes several security issues is
now available.

This update has been rated as having low security impact by the
Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

Squid is a full-featured Web proxy cache.

A race condition bug was found in the way Squid handles the now
obsolete Set-Cookie header. It is possible that Squid can leak
Set-Cookie header information to other clients connecting to Squid.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0626 to this issue. Please note that this issue only
affected Red Hat Enterprise Linux 4.

A bug was found in the way Squid handles PUT and POST requests.
It is possible for an authorised remote user to cause a failed PUT
or POST request which can cause Squid to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0718 to this issue.

A bug was found in the way Squid processes errors in the access
control list. It is possible that an error in the access control
list could give users more access than intended. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-1345 to this issue.

A bug was found in the way Squid handles access to the
cachemgr.cgi script. It is possible for an authorised remote user
to bypass access control lists with this flaw. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-1999-0710 to this issue.

A bug was found in the way Squid handles DNS replies. If the
port Squid uses for DNS requests is not protected by a firewall it
is possible for a remote attacker to spoof DNS replies, possibly
redirecting a user to spoofed or malicious content. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-1519 to this issue.

Additionally this update fixes the following bugs:

  • LDAP Authentication fails with an assertion error when using
    Red Hat Enterprise Linux 4

Users of Squid should upgrade to this updated package, which
contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

125007 – insecure permissions for squid.conf
150232 – CAN-2005-0626 Cookie leak in squid
150907 – LDAP Authentication fails with an assertion error.
151412 – CAN-2005-1345 Unexpected access control results on
configuration errors
151423 – CAN-2005-0718 Segmentation fault on failed PUT/POST
request
156161 – CVE-1999-0710 cachemgr.cgi access control bypass
157455 – CAN-2005-1519 DNS lookups unreliable on untrusted
networks

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.13.src.rpm

5acdf1c36158278b905d566601fc409d
squid-2.5.STABLE3-6.3E.13.src.rpm

i386:
121f2f66e89bd7f6ab9f6bd396d3b1c5
squid-2.5.STABLE3-6.3E.13.i386.rpm

ia64:
326a07470e64ddaede76db3fca69ad93
squid-2.5.STABLE3-6.3E.13.ia64.rpm

ppc:
6a1408441098eda8f37a993e44c83e96
squid-2.5.STABLE3-6.3E.13.ppc.rpm

s390:
306bceb6f65ddda1834f8cf6213477c0
squid-2.5.STABLE3-6.3E.13.s390.rpm

s390x:
2dad89a53be0e33822439b101605a8a9
squid-2.5.STABLE3-6.3E.13.s390x.rpm

x86_64:
17e33e76a87a7eacd79d67d14e64f159
squid-2.5.STABLE3-6.3E.13.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-6.3E.13.src.rpm

5acdf1c36158278b905d566601fc409d
squid-2.5.STABLE3-6.3E.13.src.rpm

i386:
121f2f66e89bd7f6ab9f6bd396d3b1c5
squid-2.5.STABLE3-6.3E.13.i386.rpm

x86_64:
17e33e76a87a7eacd79d67d14e64f159
squid-2.5.STABLE3-6.3E.13.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-6.3E.13.src.rpm

5acdf1c36158278b905d566601fc409d
squid-2.5.STABLE3-6.3E.13.src.rpm

i386:
121f2f66e89bd7f6ab9f6bd396d3b1c5
squid-2.5.STABLE3-6.3E.13.i386.rpm

ia64:
326a07470e64ddaede76db3fca69ad93
squid-2.5.STABLE3-6.3E.13.ia64.rpm

x86_64:
17e33e76a87a7eacd79d67d14e64f159
squid-2.5.STABLE3-6.3E.13.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.13.src.rpm

5acdf1c36158278b905d566601fc409d
squid-2.5.STABLE3-6.3E.13.src.rpm

i386:
121f2f66e89bd7f6ab9f6bd396d3b1c5
squid-2.5.STABLE3-6.3E.13.i386.rpm

ia64:
326a07470e64ddaede76db3fca69ad93
squid-2.5.STABLE3-6.3E.13.ia64.rpm

x86_64:
17e33e76a87a7eacd79d67d14e64f159
squid-2.5.STABLE3-6.3E.13.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squid-2.5.STABLE6-3.4E.9.src.rpm

a88dc1ec45757634cef354dfef2d52a4
squid-2.5.STABLE6-3.4E.9.src.rpm

i386:
856d86205323f1f130d0316b1daf5bfb
squid-2.5.STABLE6-3.4E.9.i386.rpm

ia64:
8e7b8c002fe66d28432b4c36c8080b68
squid-2.5.STABLE6-3.4E.9.ia64.rpm

ppc:
4dde85c3f7fcb7ed70cbdd8bd861188b
squid-2.5.STABLE6-3.4E.9.ppc.rpm

s390:
1af698055b4e6ffba098d7403f7dfb83
squid-2.5.STABLE6-3.4E.9.s390.rpm

s390x:
1ae7aa278436d2a812ab4a5fbcd2476d
squid-2.5.STABLE6-3.4E.9.s390x.rpm

x86_64:
f98092aaa7d0fb733ca59f2d55f938e5
squid-2.5.STABLE6-3.4E.9.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squid-2.5.STABLE6-3.4E.9.src.rpm

a88dc1ec45757634cef354dfef2d52a4
squid-2.5.STABLE6-3.4E.9.src.rpm

i386:
856d86205323f1f130d0316b1daf5bfb
squid-2.5.STABLE6-3.4E.9.i386.rpm

x86_64:
f98092aaa7d0fb733ca59f2d55f938e5
squid-2.5.STABLE6-3.4E.9.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squid-2.5.STABLE6-3.4E.9.src.rpm

a88dc1ec45757634cef354dfef2d52a4
squid-2.5.STABLE6-3.4E.9.src.rpm

i386:
856d86205323f1f130d0316b1daf5bfb
squid-2.5.STABLE6-3.4E.9.i386.rpm

ia64:
8e7b8c002fe66d28432b4c36c8080b68
squid-2.5.STABLE6-3.4E.9.ia64.rpm

x86_64:
f98092aaa7d0fb733ca59f2d55f938e5
squid-2.5.STABLE6-3.4E.9.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squid-2.5.STABLE6-3.4E.9.src.rpm

a88dc1ec45757634cef354dfef2d52a4
squid-2.5.STABLE6-3.4E.9.src.rpm

i386:
856d86205323f1f130d0316b1daf5bfb
squid-2.5.STABLE6-3.4E.9.i386.rpm

ia64:
8e7b8c002fe66d28432b4c36c8080b68
squid-2.5.STABLE6-3.4E.9.ia64.rpm

x86_64:
f98092aaa7d0fb733ca59f2d55f938e5
squid-2.5.STABLE6-3.4E.9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0626

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0718

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1345

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1519

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Moderate: telnet security update
Advisory ID: RHSA-2005:504-00
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-504.html

Issue date: 2005-06-14
Updated on: 2005-06-14
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2005:327
CVE Names: CAN-2005-0488

1. Summary:

Updated telnet packages that fix an information disclosure issue
are now available.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

The telnet package provides a command line telnet client.

Gael Delalleau discovered an information disclosure issue in the
way the telnet client handles messages from a server. An attacker
could construct a malicious telnet server that collects information
from the environment of any victim who connects to it. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0488 to this issue.

Users of telnet should upgrade to this updated package, which
contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159297 – CAN-2005-0488 telnet Information Disclosure
Vulnerability

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/telnet-0.17-20.EL2.4.src.rpm

29916c3c5d489abe67b924e5632eb181
telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf
telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce
telnet-server-0.17-20.EL2.4.i386.rpm

ia64:
5b47dc975fa30ec5cd2ca87688d88a75
telnet-0.17-20.EL2.4.ia64.rpm
dfcb49651938529dc80948e6b2e590ac
telnet-server-0.17-20.EL2.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/telnet-0.17-20.EL2.4.src.rpm

29916c3c5d489abe67b924e5632eb181
telnet-0.17-20.EL2.4.src.rpm

ia64:
5b47dc975fa30ec5cd2ca87688d88a75
telnet-0.17-20.EL2.4.ia64.rpm
dfcb49651938529dc80948e6b2e590ac
telnet-server-0.17-20.EL2.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/telnet-0.17-20.EL2.4.src.rpm

29916c3c5d489abe67b924e5632eb181
telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf
telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce
telnet-server-0.17-20.EL2.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/telnet-0.17-20.EL2.4.src.rpm

29916c3c5d489abe67b924e5632eb181
telnet-0.17-20.EL2.4.src.rpm

i386:
c60a0c2b5f95fce95ca50bff53026acf
telnet-0.17-20.EL2.4.i386.rpm
a058fc85f4236cb0c636159aa7d633ce
telnet-server-0.17-20.EL2.4.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/telnet-0.17-26.EL3.3.src.rpm

683f3a6fae5f0b9b43249390527a79cc
telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530
telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7
telnet-server-0.17-26.EL3.3.i386.rpm

ia64:
9f3533a862605330846e18d41705ed74
telnet-0.17-26.EL3.3.ia64.rpm
3cc79bf807d6c0ef2c88be4a9b11797f
telnet-server-0.17-26.EL3.3.ia64.rpm

ppc:
1f8614267bf84b13cafdae5c2f71efdf
telnet-0.17-26.EL3.3.ppc.rpm
71a2ff5505d6b3c3ad73322e4f6d7d12
telnet-server-0.17-26.EL3.3.ppc.rpm

s390:
041ae907bd1b00bcd556d4599c330334
telnet-0.17-26.EL3.3.s390.rpm
22d56448d6f29cfdbf89aff0c04f994e
telnet-server-0.17-26.EL3.3.s390.rpm

s390x:
4a75669c15e077bde8d67fef617bd3e7
telnet-0.17-26.EL3.3.s390x.rpm
bcf68468a636a170d6f9897d5b4693b4
telnet-server-0.17-26.EL3.3.s390x.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d
telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869
telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/telnet-0.17-26.EL3.3.src.rpm

683f3a6fae5f0b9b43249390527a79cc
telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530
telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7
telnet-server-0.17-26.EL3.3.i386.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d
telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869
telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/telnet-0.17-26.EL3.3.src.rpm

683f3a6fae5f0b9b43249390527a79cc
telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530
telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7
telnet-server-0.17-26.EL3.3.i386.rpm

ia64:
9f3533a862605330846e18d41705ed74
telnet-0.17-26.EL3.3.ia64.rpm
3cc79bf807d6c0ef2c88be4a9b11797f
telnet-server-0.17-26.EL3.3.ia64.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d
telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869
telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/telnet-0.17-26.EL3.3.src.rpm

683f3a6fae5f0b9b43249390527a79cc
telnet-0.17-26.EL3.3.src.rpm

i386:
cda1f619d2f864c113e068e616c65530
telnet-0.17-26.EL3.3.i386.rpm
f40313804ebecab1cf57b4531af1e5e7
telnet-server-0.17-26.EL3.3.i386.rpm

ia64:
9f3533a862605330846e18d41705ed74
telnet-0.17-26.EL3.3.ia64.rpm
3cc79bf807d6c0ef2c88be4a9b11797f
telnet-server-0.17-26.EL3.3.ia64.rpm

x86_64:
83d8e20716ce1d6d98600fe29195713d
telnet-0.17-26.EL3.3.x86_64.rpm
560945441fdcefa6ceedb38ddf2f8869
telnet-server-0.17-26.EL3.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/telnet-0.17-31.EL4.3.src.rpm

1afaad8fd9a0ca90f633f8b3d92dcac9
telnet-0.17-31.EL4.3.src.rpm

i386:
f7e6d78d44ea95b7354b153299917a48
telnet-0.17-31.EL4.3.i386.rpm
d8a97db3761f4c061abe9d33a6a55957
telnet-server-0.17-31.EL4.3.i386.rpm

ia64:
757b16c60d7a14c79e4db0da16f54611
telnet-0.17-31.EL4.3.ia64.rpm
1a61e1b55a96709364e4212c64004708
telnet-server-0.17-31.EL4.3.ia64.rpm

ppc:
ab9af8408934a5c90732752c237fb534
telnet-0.17-31.EL4.3.ppc.rpm
079055dcc0cb9a6ab3a8bbcca0c1d208
telnet-server-0.17-31.EL4.3.ppc.rpm

s390:
3498586b518d408a50b71c6c2f9f88c6
telnet-0.17-31.EL4.3.s390.rpm
3cb3275401f0aac567809d42260bfa82
telnet-server-0.17-31.EL4.3.s390.rpm

s390x:
961257885dbc8ba17b51a335b34085a9
telnet-0.17-31.EL4.3.s390x.rpm
081b087c92b4a01d9e28a5ce7ff9f30b
telnet-server-0.17-31.EL4.3.s390x.rpm

x86_64:
e4061ad47ef737849aa2736328514861
telnet-0.17-31.EL4.3.x86_64.rpm
99c89bb6f1663db0abe2aaabea2d1402
telnet-server-0.17-31.EL4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/telnet-0.17-31.EL4.3.src.rpm

1afaad8fd9a0ca90f633f8b3d92dcac9
telnet-0.17-31.EL4.3.src.rpm

i386:
f7e6d78d44ea95b7354b153299917a48
telnet-0.17-31.EL4.3.i386.rpm
d8a97db3761f4c061abe9d33a6a55957
telnet-server-0.17-31.EL4.3.i386.rpm

x86_64:
e4061ad47ef737849aa2736328514861
telnet-0.17-31.EL4.3.x86_64.rpm
99c89bb6f1663db0abe2aaabea2d1402
telnet-server-0.17-31.EL4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/telnet-0.17-31.EL4.3.src.rpm

1afaad8fd9a0ca90f633f8b3d92dcac9
telnet-0.17-31.EL4.3.src.rpm

i386:
f7e6d78d44ea95b7354b153299917a48
telnet-0.17-31.EL4.3.i386.rpm
d8a97db3761f4c061abe9d33a6a55957
telnet-server-0.17-31.EL4.3.i386.rpm

ia64:
757b16c60d7a14c79e4db0da16f54611
telnet-0.17-31.EL4.3.ia64.rpm
1a61e1b55a96709364e4212c64004708
telnet-server-0.17-31.EL4.3.ia64.rpm

x86_64:
e4061ad47ef737849aa2736328514861
telnet-0.17-31.EL4.3.x86_64.rpm
99c89bb6f1663db0abe2aaabea2d1402
telnet-server-0.17-31.EL4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/telnet-0.17-31.EL4.3.src.rpm

1afaad8fd9a0ca90f633f8b3d92dcac9
telnet-0.17-31.EL4.3.src.rpm

i386:
f7e6d78d44ea95b7354b153299917a48
telnet-0.17-31.EL4.3.i386.rpm
d8a97db3761f4c061abe9d33a6a55957
telnet-server-0.17-31.EL4.3.i386.rpm

ia64:
757b16c60d7a14c79e4db0da16f54611
telnet-0.17-31.EL4.3.ia64.rpm
1a61e1b55a96709364e4212c64004708
telnet-server-0.17-31.EL4.3.ia64.rpm

x86_64:
e4061ad47ef737849aa2736328514861
telnet-0.17-31.EL4.3.x86_64.rpm
99c89bb6f1663db0abe2aaabea2d1402
telnet-server-0.17-31.EL4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0488

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.