Debian GNU/Linux
Debian Security Advisory DSA 989-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
March 9th, 2006 http://www.debian.org/security/faq
Package : zoph
Vulnerability : SQL injection
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-0402
Debian Bug : 350717
Neil McBride discovered that Zoph, a web based photo management
system performs insufficient sanitising for input passed to photo
searches, which may lead to the execution of SQL commands through a
SQL injection attack.
The old stable distribution (woody) does not contain zoph
packages.
For the stable distribution (sarge) this problem has been fixed
in version 0.3.3-12sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 0.5-1.
We recommend that you upgrade your zoph package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1.dsc
Size/MD5 checksum: 570
ce9957fa5af8115a5aec530aabe6847f
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1.diff.gz
Size/MD5 checksum: 53959
7c37d28798981a054c634cca92122199
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3.orig.tar.gz
Size/MD5 checksum: 153902
5ff9d8e182e16d53e0511b6d51da8521
Architecture independent components:
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1_all.deb
Size/MD5 checksum: 172190
a185b3cba99ea4bc0f46c73b68bb5a46
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:035-1
http://www.mandriva.com/security/
Package : php
Date : March 9, 2006
Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0
Problem Description:
A flaw in the PHP gd extension in versions prior to 4.4.1 could
allow a remote attacker to bypass safe_mode and open_basedir
restrictions via unknown attack vectors.
Update:
A regression was introduced with the backported patch from PHP
4.4.1 that would prevent PHP from creating a new file with
imagepng(), imagejpeg(), etc. Thanks to Tibor Pittich for bringing
this to our attention.
The updated packages have been patched to correct this
issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
http://bugs.php.net/bug.php?id=35071
Updated Packages:
Mandriva Linux 10.2:
0db2745dbbff64fd65dadb8dc56990be
10.2/RPMS/libphp_common432-4.3.10-7.7.102mdk.i586.rpm
b47b27ecb1ab4c382050efe0b0c2d90d
10.2/RPMS/php432-devel-4.3.10-7.7.102mdk.i586.rpm
e8a60234bdd8300d69de5d34db052f48
10.2/RPMS/php-cgi-4.3.10-7.7.102mdk.i586.rpm
5fbcbe8137a9c81e51732d2e2626fbc2
10.2/RPMS/php-cli-4.3.10-7.7.102mdk.i586.rpm
6939daad4be9d536a5b92a9c974492b7
10.2/RPMS/php-gd-4.3.10-5.2.102mdk.i586.rpm
c642018a2637aad0f30f3a54b39adb7f
10.2/SRPMS/php-4.3.10-7.7.102mdk.src.rpm
1b5088207662744536850e76c1c2a810
10.2/SRPMS/php-gd-4.3.10-5.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
7e8cb4fba36c45cbb30f857b66952b61
x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.7.102mdk.x86_64.rpm
1abf502652277a2f88b0ac8ec56cf1f0
x86_64/10.2/RPMS/php432-devel-4.3.10-7.7.102mdk.x86_64.rpm
e90f65a59b48a161218c75bb500cc23d
x86_64/10.2/RPMS/php-cgi-4.3.10-7.7.102mdk.x86_64.rpm
6a99ba4dade20bf3d2aede8e77e21470
x86_64/10.2/RPMS/php-cli-4.3.10-7.7.102mdk.x86_64.rpm
3d2427baec1eaccc59bf70497793b48b
x86_64/10.2/RPMS/php-gd-4.3.10-5.2.102mdk.x86_64.rpm
c642018a2637aad0f30f3a54b39adb7f
x86_64/10.2/SRPMS/php-4.3.10-7.7.102mdk.src.rpm
1b5088207662744536850e76c1c2a810
x86_64/10.2/SRPMS/php-gd-4.3.10-5.2.102mdk.src.rpm
Corporate 3.0:
47c8f5aa37f7e181a5a05345e44dd0a4
corporate/3.0/RPMS/libphp_common432-4.3.4-4.11.C30mdk.i586.rpm
ab2851f86c0696e78ca59a81087a7ec6
corporate/3.0/RPMS/php432-devel-4.3.4-4.11.C30mdk.i586.rpm
ad94de884bd67484333ec571e2380c9d
corporate/3.0/RPMS/php-cgi-4.3.4-4.11.C30mdk.i586.rpm
fb2b23250348b24fca399fea9468a5f5
corporate/3.0/RPMS/php-cli-4.3.4-4.11.C30mdk.i586.rpm
fb4a1734af1371fe3e9f7e9a0c2bb59e
corporate/3.0/RPMS/php-gd-4.3.4-1.2.C30mdk.i586.rpm
d809ddd37502d3c97ad14b2ac0959849
corporate/3.0/SRPMS/php-4.3.4-4.11.C30mdk.src.rpm
31dd981b3b064c2395e391ded732e885
corporate/3.0/SRPMS/php-gd-4.3.4-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
16f6a5912df4369466ef137fba4f140f
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.11.C30mdk.x86_64.rpm
7be55ce5d0efd363b52f34bd51601b57
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.11.C30mdk.x86_64.rpm
e1152a93a0dbe5621cc22d4f0fd9a078
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.11.C30mdk.x86_64.rpm
09e8804af62b2690372cdc9b7c33768e
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.11.C30mdk.x86_64.rpm
a88970d68492804931649ac5a16ff160
x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.2.C30mdk.x86_64.rpm
d809ddd37502d3c97ad14b2ac0959849
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.11.C30mdk.src.rpm
31dd981b3b064c2395e391ded732e885
x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.2.C30mdk.src.rpm
Multi Network Firewall 2.0:
83c42077383163544e1dc557aa0a084d
mnf/2.0/RPMS/libphp_common432-4.3.4-4.11.M20mdk.i586.rpm
2280458c90117e02c017adfa626d1ccf
mnf/2.0/RPMS/php432-devel-4.3.4-4.11.M20mdk.i586.rpm
5548f0e25486fdad8bc4639afc2ecfc6
mnf/2.0/RPMS/php-cgi-4.3.4-4.11.M20mdk.i586.rpm
5154c61212ed626d19f2044c2a21ccef
mnf/2.0/RPMS/php-cli-4.3.4-4.11.M20mdk.i586.rpm
290cb21e2b69e3e567a07fcb7f16f3de
mnf/2.0/RPMS/php-gd-4.3.4-1.2.M20mdk.i586.rpm
a3dacf3ebc5f4a13d84d00d9df2c80e0
mnf/2.0/SRPMS/php-4.3.4-4.11.M20mdk.src.rpm
752b4174f06cfff2ef8879c512d4bb19
mnf/2.0/SRPMS/php-gd-4.3.4-1.2.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Moderate: python security update
Advisory ID: RHSA-2006:0197-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0197.html
Issue date: 2006-03-09
Updated on: 2006-03-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2491
1. Summary:
Updated Python packages are now available to correct a security
issue.
This update has been rated as having moderate security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
Python is an interpreted, interactive, object-oriented
programming language.
An integer overflow flaw was found in Python’s PCRE library that
could be triggered by a maliciously crafted regular expression. On
systems that accept arbitrary regular expressions from untrusted
users, this could be exploited to execute arbitrary code with the
privileges of the application using the library. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2005-2491 to this issue.
Users of Python should upgrade to these updated packages, which
contain a backported patch that is not vulnerable to this
issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
166335 – CVE-2005-2491 PCRE heap overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1
python-1.5.2-43.72.1.src.rpm
i386:
0f61c0e64c1c55ba51995f7d4cd2041a
python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7
python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27
python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c
python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5
tkinter-1.5.2-43.72.1.i386.rpm
ia64:
35440c0c7525d3538c9b85db25c85ba9
python-1.5.2-43.72.1.ia64.rpm
b2f0acf9206db13d53c9d6537ca38887
python-devel-1.5.2-43.72.1.ia64.rpm
044e2d59c10510eb14a76ec6eb595794
python-docs-1.5.2-43.72.1.ia64.rpm
36e36f4446cd8ee12e86ff1ff409c87b
python-tools-1.5.2-43.72.1.ia64.rpm
f22c83beb9c706d5ba84407a6a5d9e81
tkinter-1.5.2-43.72.1.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1
python-1.5.2-43.72.1.src.rpm
ia64:
35440c0c7525d3538c9b85db25c85ba9
python-1.5.2-43.72.1.ia64.rpm
b2f0acf9206db13d53c9d6537ca38887
python-devel-1.5.2-43.72.1.ia64.rpm
044e2d59c10510eb14a76ec6eb595794
python-docs-1.5.2-43.72.1.ia64.rpm
36e36f4446cd8ee12e86ff1ff409c87b
python-tools-1.5.2-43.72.1.ia64.rpm
f22c83beb9c706d5ba84407a6a5d9e81
tkinter-1.5.2-43.72.1.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1
python-1.5.2-43.72.1.src.rpm
i386:
0f61c0e64c1c55ba51995f7d4cd2041a
python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7
python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27
python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c
python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5
tkinter-1.5.2-43.72.1.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1
python-1.5.2-43.72.1.src.rpm
i386:
0f61c0e64c1c55ba51995f7d4cd2041a
python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7
python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27
python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c
python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5
tkinter-1.5.2-43.72.1.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2
python-2.2.3-6.2.src.rpm
i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2
python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80
python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm
ia64:
f2814a1da58066eb9560f7900fa6292a python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34
python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e
python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e tkinter-2.2.3-6.2.ia64.rpm
ppc:
a0d56e413962137c52c2d4567354b992 python-2.2.3-6.2.ppc.rpm
ddcd62cb48ef70bd72ec9b760beb6a4c
python-devel-2.2.3-6.2.ppc.rpm
4760085d9a3956ca198f15b7f60838c8
python-tools-2.2.3-6.2.ppc.rpm
975f6d98e087c877510c7f2ca3f579b2 tkinter-2.2.3-6.2.ppc.rpm
s390:
728864e38fdc365f3835c02059e36346 python-2.2.3-6.2.s390.rpm
3e7e29dbc7ecafa23e2c2a25aaecc2f9
python-devel-2.2.3-6.2.s390.rpm
21dfae7a7ed849b31304246e4a88b397
python-tools-2.2.3-6.2.s390.rpm
841f9571e4be7374dcc705b1fb4dba62 tkinter-2.2.3-6.2.s390.rpm
s390x:
057e717a9ad4b649cdc3c2fcd57168b7 python-2.2.3-6.2.s390x.rpm
12939bfd3893742f7f4fad01deb50c35
python-devel-2.2.3-6.2.s390x.rpm
8f30447cafdace1e9428b3939240303f
python-tools-2.2.3-6.2.s390x.rpm
1247bdca0ea840ba341ed7d997b7fb07
tkinter-2.2.3-6.2.s390x.rpm
x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391
python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99
python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226
tkinter-2.2.3-6.2.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2
python-2.2.3-6.2.src.rpm
i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2
python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80
python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm
x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391
python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99
python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226
tkinter-2.2.3-6.2.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2
python-2.2.3-6.2.src.rpm
i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2
python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80
python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm
ia64:
f2814a1da58066eb9560f7900fa6292a python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34
python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e
python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e tkinter-2.2.3-6.2.ia64.rpm
x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391
python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99
python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226
tkinter-2.2.3-6.2.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2
python-2.2.3-6.2.src.rpm
i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2
python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80
python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm
ia64:
f2814a1da58066eb9560f7900fa6292a python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34
python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e
python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e tkinter-2.2.3-6.2.ia64.rpm
x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391
python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99
python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226
tkinter-2.2.3-6.2.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6
python-2.3.4-14.2.src.rpm
i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e
python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143
python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3
python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6
tkinter-2.3.4-14.2.i386.rpm
ia64:
26c9831130c8626f38ae84e496f6cca9 python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da
python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1
python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a
python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087
tkinter-2.3.4-14.2.ia64.rpm
ppc:
5b394c4331164f44ca78e4765dcafa15 python-2.3.4-14.2.ppc.rpm
0b6dd3a7b075565c96311a0d1911b2f0
python-devel-2.3.4-14.2.ppc.rpm
7459f354f19a04d319782a2c36154f9e
python-docs-2.3.4-14.2.ppc.rpm
8c89c25c09351e3bf4f65413a0a69a1e
python-tools-2.3.4-14.2.ppc.rpm
b3df223f69f097ef61316196d17ddb89
tkinter-2.3.4-14.2.ppc.rpm
s390:
133dcaf2d283fd4b30edffff334f438a python-2.3.4-14.2.s390.rpm
5e274bbe1038ef1e83685a73f7572db7
python-devel-2.3.4-14.2.s390.rpm
ca90dc87cd01cdde917db21af892e274
python-docs-2.3.4-14.2.s390.rpm
f253e43910631e1c52f34b3cde491b8c
python-tools-2.3.4-14.2.s390.rpm
31045fca98c7c5e43b13f6a1cfe3a1dc
tkinter-2.3.4-14.2.s390.rpm
s390x:
201785855ee123fb0acb668d01103569 python-2.3.4-14.2.s390x.rpm
800c98b7ad8d8de9ebe976acbf5f3a03
python-devel-2.3.4-14.2.s390x.rpm
585b25e9f5455b1d35844c45dead9a09
python-docs-2.3.4-14.2.s390x.rpm
eb16cb00ab306f57d44142694c366811
python-tools-2.3.4-14.2.s390x.rpm
16a1018ef58c4febe6df4992a81b5853
tkinter-2.3.4-14.2.s390x.rpm
x86_64:
6dc9edca56b561260f537627d46638e1
python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f
python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe
python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639
python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef
tkinter-2.3.4-14.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6
python-2.3.4-14.2.src.rpm
i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e
python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143
python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3
python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6
tkinter-2.3.4-14.2.i386.rpm
x86_64:
6dc9edca56b561260f537627d46638e1
python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f
python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe
python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639
python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef
tkinter-2.3.4-14.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6
python-2.3.4-14.2.src.rpm
i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e
python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143
python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3
python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6
tkinter-2.3.4-14.2.i386.rpm
ia64:
26c9831130c8626f38ae84e496f6cca9 python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da
python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1
python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a
python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087
tkinter-2.3.4-14.2.ia64.rpm
x86_64:
6dc9edca56b561260f537627d46638e1
python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f
python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe
python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639
python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef
tkinter-2.3.4-14.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6
python-2.3.4-14.2.src.rpm
i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e
python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143
python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3
python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6
tkinter-2.3.4-14.2.i386.rpm
ia64:
26c9831130c8626f38ae84e496f6cca9 python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da
python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1
python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a
python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087
tkinter-2.3.4-14.2.ia64.rpm
x86_64:
6dc9edca56b561260f537627d46638e1
python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f
python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe
python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639
python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef
tkinter-2.3.4-14.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
8. Contact:
The Red Hat security contact is <[email protected]>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Important: kdegraphics security update
Advisory ID: RHSA-2006:0262-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0262.html
Issue date: 2006-03-09
Updated on: 2006-03-09
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2005:868
CVE Names: CVE-2006-0746
1. Summary:
Updated kdegraphics packages that fully resolve a security issue
in kpdf are now available.
This update has been rated as having important security impact
by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
The kdegraphics packages contain applications for the K Desktop
Environment including kpdf, a PDF file viewer.
Marcelo Ricardo Leitner discovered that a kpdf security fix,
CVE-2005-3627, was incomplete. Red Hat issued kdegraphics packages
with this incomplete fix in RHSA-2005:868. An attacker could
construct a carefully crafted PDF file that could cause kpdf to
crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0746 to this issue.
Users of kpdf should upgrade to these updated packages, which
contain a backported patch to resolve this issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
184307 – CVE-2006-0746 kpdf buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-3.9.src.rpm
2122c40615954e8afc7f52a6f630885b
kdegraphics-3.3.1-3.9.src.rpm
i386:
61262d041570015941825522d4c52d6f
kdegraphics-3.3.1-3.9.i386.rpm
99a093aef5554bcb04ebd288938b8598
kdegraphics-devel-3.3.1-3.9.i386.rpm
ia64:
e79b5a98bbceedf04652037eaf08b712
kdegraphics-3.3.1-3.9.ia64.rpm
0ac83c2dc0edfaed4049975bcdde8875
kdegraphics-devel-3.3.1-3.9.ia64.rpm
ppc:
e29d12dc045af9bba805a60c8348f839
kdegraphics-3.3.1-3.9.ppc.rpm
b9ea1232be57e9a1cd16816f1ff23dc1
kdegraphics-devel-3.3.1-3.9.ppc.rpm
s390:
e4dd3d1e48c4c5cb1ef8c4176ce63af5
kdegraphics-3.3.1-3.9.s390.rpm
6eea4a51102edc69754260551e973550
kdegraphics-devel-3.3.1-3.9.s390.rpm
s390x:
efa16030f3945a7665559183d4fbb2c2
kdegraphics-3.3.1-3.9.s390x.rpm
04e7d043636a7df2fe69c19f2f57ee99
kdegraphics-devel-3.3.1-3.9.s390x.rpm
x86_64:
9efeda23490049fea1957f07c340d9c8
kdegraphics-3.3.1-3.9.x86_64.rpm
c74d43b414e511e26e8b8d5f78e3cf0c
kdegraphics-devel-3.3.1-3.9.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-3.9.src.rpm
2122c40615954e8afc7f52a6f630885b
kdegraphics-3.3.1-3.9.src.rpm
i386:
61262d041570015941825522d4c52d6f
kdegraphics-3.3.1-3.9.i386.rpm
99a093aef5554bcb04ebd288938b8598
kdegraphics-devel-3.3.1-3.9.i386.rpm
x86_64:
9efeda23490049fea1957f07c340d9c8
kdegraphics-3.3.1-3.9.x86_64.rpm
c74d43b414e511e26e8b8d5f78e3cf0c
kdegraphics-devel-3.3.1-3.9.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-3.9.src.rpm
2122c40615954e8afc7f52a6f630885b
kdegraphics-3.3.1-3.9.src.rpm
i386:
61262d041570015941825522d4c52d6f
kdegraphics-3.3.1-3.9.i386.rpm
99a093aef5554bcb04ebd288938b8598
kdegraphics-devel-3.3.1-3.9.i386.rpm
ia64:
e79b5a98bbceedf04652037eaf08b712
kdegraphics-3.3.1-3.9.ia64.rpm
0ac83c2dc0edfaed4049975bcdde8875
kdegraphics-devel-3.3.1-3.9.ia64.rpm
x86_64:
9efeda23490049fea1957f07c340d9c8
kdegraphics-3.3.1-3.9.x86_64.rpm
c74d43b414e511e26e8b8d5f78e3cf0c
kdegraphics-devel-3.3.1-3.9.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-3.9.src.rpm
2122c40615954e8afc7f52a6f630885b
kdegraphics-3.3.1-3.9.src.rpm
i386:
61262d041570015941825522d4c52d6f
kdegraphics-3.3.1-3.9.i386.rpm
99a093aef5554bcb04ebd288938b8598
kdegraphics-devel-3.3.1-3.9.i386.rpm
ia64:
e79b5a98bbceedf04652037eaf08b712
kdegraphics-3.3.1-3.9.ia64.rpm
0ac83c2dc0edfaed4049975bcdde8875
kdegraphics-devel-3.3.1-3.9.ia64.rpm
x86_64:
9efeda23490049fea1957f07c340d9c8
kdegraphics-3.3.1-3.9.x86_64.rpm
c74d43b414e511e26e8b8d5f78e3cf0c
kdegraphics-devel-3.3.1-3.9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0746
8. Contact:
The Red Hat security contact is <[email protected]>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.