---

Advisories, May 14, 2006

Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated tetex packages fix security issues
Advisory ID: FLSA:152868
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-0888 CVE-2004-1125 CVE-2005-3191 CVE-2005-3192
CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626
CVE-2005-3627 CVE-2005-3628



1. Topic:

Updated tetex packages that fix several security issues are now
available.

TeTeX is an implementation of TeX. TeX takes a text file and a
set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as
output.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386

3. Problem description:

A number of integer overflow bugs that affect Xpdf were
discovered. The teTeX package contains a copy of the Xpdf code used
for parsing PDF files and is therefore affected by these bugs. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2004-0888 and CVE-2004-1125 to these issues.

Several flaws were discovered in the teTeX PDF parsing library.
An attacker could construct a carefully crafted PDF file that could
cause teTeX to crash or possibly execute arbitrary code when
opened. The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193,
CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and
CVE-2005-3628 to these issues.

Users of teTeX should upgrade to these updated packages, which
contain backported patches and are not vulnerable to these
issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152868

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/tetex-1.0.7-47.5.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-1.0.7-47.5.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-afm-1.0.7-47.5.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-doc-1.0.7-47.5.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-dvilj-1.0.7-47.5.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-dvips-1.0.7-47.5.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-fonts-1.0.7-47.5.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-latex-1.0.7-47.5.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-xdvi-1.0.7-47.5.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/tetex-1.0.7-66.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-1.0.7-66.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-afm-1.0.7-66.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-doc-1.0.7-66.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-dvips-1.0.7-66.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-fonts-1.0.7-66.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-latex-1.0.7-66.3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-xdvi-1.0.7-66.3.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/tetex-2.0.2-8.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-2.0.2-8.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-afm-2.0.2-8.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-doc-2.0.2-8.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-dvips-2.0.2-8.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-fonts-2.0.2-8.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-latex-2.0.2-8.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-xdvi-2.0.2-8.2.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/tetex-2.0.2-14FC2.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-2.0.2-14FC2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-afm-2.0.2-14FC2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-doc-2.0.2-14FC2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-dvips-2.0.2-14FC2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-fonts-2.0.2-14FC2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-latex-2.0.2-14FC2.3.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-xdvi-2.0.2-14FC2.3.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


80b05b7896c5db589e960da0d73b1cd4ae120cce
redhat/7.3/updates/i386/tetex-1.0.7-47.5.legacy.i386.rpm
28c6022b4f6a237d4695d1f268276ec6b18dcf4c
redhat/7.3/updates/i386/tetex-afm-1.0.7-47.5.legacy.i386.rpm
017fa321d9834685f04819070d4f5fb799e05d01
redhat/7.3/updates/i386/tetex-doc-1.0.7-47.5.legacy.i386.rpm
3303175840f2fc37c5f3f77e672eeb3fafae718a
redhat/7.3/updates/i386/tetex-dvilj-1.0.7-47.5.legacy.i386.rpm
fa43c7cbdf02cb7d439c9beeb0e358f8c69a5f22
redhat/7.3/updates/i386/tetex-dvips-1.0.7-47.5.legacy.i386.rpm
1e69a574c3d47cec5b58963387956dfc8337d6ec
redhat/7.3/updates/i386/tetex-fonts-1.0.7-47.5.legacy.i386.rpm
bb229acb3b38ae16025d56a77c41cab939a512ac
redhat/7.3/updates/i386/tetex-latex-1.0.7-47.5.legacy.i386.rpm
d21419415faefcb90b688f8d8dc60a57a6374bad
redhat/7.3/updates/i386/tetex-xdvi-1.0.7-47.5.legacy.i386.rpm
f646b3f3c2ebafa6ae264f20a3f056c778bd84db
redhat/7.3/updates/SRPMS/tetex-1.0.7-47.5.legacy.src.rpm
26f54ca0403372b21e6fd441d9bb64073f23e7de
redhat/9/updates/i386/tetex-1.0.7-66.3.legacy.i386.rpm
e74de7855d1d07bcef6a713f4a8735e8008f5249
redhat/9/updates/i386/tetex-afm-1.0.7-66.3.legacy.i386.rpm
c836a796ad112f79c84c528006a14a3ff1f99a20
redhat/9/updates/i386/tetex-doc-1.0.7-66.3.legacy.i386.rpm
5d60fb658c5581eff85e589b2f71e49b4b7132b0
redhat/9/updates/i386/tetex-dvips-1.0.7-66.3.legacy.i386.rpm
7ea6340fe95a63586bebc82f0869f962a178a8b2
redhat/9/updates/i386/tetex-fonts-1.0.7-66.3.legacy.i386.rpm
62790eea2119387ad7c9ff4dc52aa9f24ae188f3
redhat/9/updates/i386/tetex-latex-1.0.7-66.3.legacy.i386.rpm
55f398c9781e6a75c14becd57930afd91632c8fb
redhat/9/updates/i386/tetex-xdvi-1.0.7-66.3.legacy.i386.rpm
a696b9b616557bf0d9b8ae7f884e543061e0e110
redhat/9/updates/SRPMS/tetex-1.0.7-66.3.legacy.src.rpm
5560c992700e00a6f69d9ee7d2835522142fb93b
fedora/1/updates/i386/tetex-2.0.2-8.2.legacy.i386.rpm
416e95e8c3241c6fb239ca534dbb5654f5bb4206
fedora/1/updates/i386/tetex-afm-2.0.2-8.2.legacy.i386.rpm
55adc5facf3a5c44cd5eb8b57559b03728fb7a64
fedora/1/updates/i386/tetex-doc-2.0.2-8.2.legacy.i386.rpm
e893ad3c1c95abd91830b43fa74138be297da25e
fedora/1/updates/i386/tetex-dvips-2.0.2-8.2.legacy.i386.rpm
b5b4de3d22bf7696ed5194f68c271d08d912d571
fedora/1/updates/i386/tetex-fonts-2.0.2-8.2.legacy.i386.rpm
57029989a0bba05d33c566bdb0df6ff921f3addd
fedora/1/updates/i386/tetex-latex-2.0.2-8.2.legacy.i386.rpm
857555c989ce1db61ddec8a7fdaf30a21bd1a207
fedora/1/updates/i386/tetex-xdvi-2.0.2-8.2.legacy.i386.rpm
f4cd83ce6594ce3a2ba6f3371d22b46435be8fbd
fedora/1/updates/SRPMS/tetex-2.0.2-8.2.legacy.src.rpm
b02943e6007fc24a8c187d94c1511110d3d6e6e0
fedora/2/updates/i386/tetex-2.0.2-14FC2.3.legacy.i386.rpm
08f84cc10ee1b4ea4a0a28b0d06cba8209c0c5f3
fedora/2/updates/i386/tetex-afm-2.0.2-14FC2.3.legacy.i386.rpm
ea6b0ea52e2784a8d4de505e8866b6ca24ff94dd
fedora/2/updates/i386/tetex-doc-2.0.2-14FC2.3.legacy.i386.rpm
61298e2841be9ce39260139387502f2caa555653
fedora/2/updates/i386/tetex-dvips-2.0.2-14FC2.3.legacy.i386.rpm
42271d0bf5aab0b7b77c6ccb90723588395e06a2
fedora/2/updates/i386/tetex-fonts-2.0.2-14FC2.3.legacy.i386.rpm
555556960f4e116cc1f92d57d8896284cf125935
fedora/2/updates/i386/tetex-latex-2.0.2-14FC2.3.legacy.i386.rpm
23d0051001771158b6573c846d1e736308cba424
fedora/2/updates/i386/tetex-xdvi-2.0.2-14FC2.3.legacy.i386.rpm
c05978c27472e3a8fbfc12896e26d78ae18e065b
fedora/2/updates/SRPMS/tetex-2.0.2-14FC2.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0888

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1125

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated emacs packages fix a security issue
Advisory ID: FLSA:152898
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0100



1. Topic:

Updated Emacs packages that fix a string format issue are now
available.

Emacs is a powerful, customizable, self-documenting, modeless
text editor.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386

3. Problem description:

Max Vozeler discovered several format string vulnerabilities in
the movemail utility of Emacs. If a user connects to a malicious
POP server, an attacker can execute arbitrary code as the user
running emacs. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CVE-2005-0100 to this issue.

Users of Emacs are advised to upgrade to these updated packages,
which contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152898

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/emacs-21.2-3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/emacs-21.2-3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/emacs-el-21.2-3.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/emacs-leim-21.2-3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/emacs-21.2-34.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/emacs-21.2-34.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/emacs-el-21.2-34.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/emacs-leim-21.2-34.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/emacs-21.3-9.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/emacs-21.3-9.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/emacs-el-21.3-9.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/emacs-leim-21.3-9.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


4441c55cfe91aabf2203d68bcbc0cf2bbd5f8798
redhat/7.3/updates/i386/emacs-21.2-3.legacy.i386.rpm
33e802e8f306f13519dd2c3f045eb9efe5e4680a
redhat/7.3/updates/i386/emacs-el-21.2-3.legacy.i386.rpm
f6293ffe1c51c3bb31f1b3941da0938d8a98eff2
redhat/7.3/updates/i386/emacs-leim-21.2-3.legacy.i386.rpm
a5767f1100037b49602abb80831fa22da135c081
redhat/7.3/updates/SRPMS/emacs-21.2-3.legacy.src.rpm
ae56dba68d59f5d49105f7afb6918ac945ad8b01
redhat/9/updates/i386/emacs-21.2-34.legacy.i386.rpm
84047366c8488fa3c95070466b1bd20ce5d8687a
redhat/9/updates/i386/emacs-el-21.2-34.legacy.i386.rpm
8eb8449c456e7d475157992c3e6f8bc4bdf64c7b
redhat/9/updates/i386/emacs-leim-21.2-34.legacy.i386.rpm
4cf0ba484c3ab93210d186beb3c79b68b4e56984
redhat/9/updates/SRPMS/emacs-21.2-34.legacy.src.rpm
d56260f010b4603c89516ccf2ddd09c33c8c53c4
fedora/1/updates/i386/emacs-21.3-9.2.legacy.i386.rpm
6bf7cb9bacc6c0f9374849fa4507ededa13193cf
fedora/1/updates/i386/emacs-el-21.3-9.2.legacy.i386.rpm
fb23df114772b6c758499401751dfc389e2e1d88
fedora/1/updates/i386/emacs-leim-21.3-9.2.legacy.i386.rpm
1a1133d917d4993c92a03c30ba08e8916c6a7bfe
fedora/1/updates/SRPMS/emacs-21.3-9.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0100

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated ncpfs package fixes security issues
Advisory ID: FLSA:152904
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-1079 CVE-2005-0013 CVE-2005-0014



1. Topic:

An updated ncpfs package is now available.

Ncpfs is a file system that understands the Novell NetWare(TM)
NCP protocol.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386
Fedora Core 3 – i386, x86_64

3. Problem description:

Buffer overflows were found in the nwclient program. An
attacker, using a long -T option, could possibly execute arbitrary
code and gain privileges. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the name CVE-2004-1079 to this issue.

A bug was found in the way ncpfs handled file permissions. ncpfs
did not sufficiently check if the file owner matched the user
attempting to access the file, potentially violating the file
permissions. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CVE-2005-0013 to this issue.

A buffer overflow was found in the ncplogin program. A remote
malicious NetWare server could execute arbitrary code on a victim’s
machine. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-0014 to this issue.

All users of ncpfs are advised to upgrade to this updated
package, which contains backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152904

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ncpfs-2.2.0.18-6.1.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/ncpfs-2.2.0.18-6.1.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/ipxutils-2.2.0.18-6.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ncpfs-2.2.1-1.1.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/ncpfs-2.2.1-1.1.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/ipxutils-2.2.1-1.1.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/ncpfs-2.2.3-1.1.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/ncpfs-2.2.3-1.1.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/ipxutils-2.2.3-1.1.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/ncpfs-2.2.4-1.1.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/ncpfs-2.2.4-1.1.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/2/updates/i386/ipxutils-2.2.4-1.1.legacy.i386.rpm

Fedora Core 3:

SRPM:

http://download.fedoralegacy.org/fedora/3/updates/SRPMS/ncpfs-2.2.4-5.FC3.1.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/3/updates/i386/ncpfs-2.2.4-5.FC3.1.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/3/updates/i386/ipxutils-2.2.4-5.FC3.1.legacy.i386.rpm

x86_64:

http://download.fedoralegacy.org/fedora/3/updates/x86_64/ncpfs-2.2.4-5.FC3.1.legacy.x86_64.rpm


http://download.fedoralegacy.org/fedora/3/updates/x86_64/ipxutils-2.2.4-5.FC3.1.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


16740d3fa5e17a46429ad3586e4adf9a14a64f8d
redhat/7.3/updates/i386/ncpfs-2.2.0.18-6.1.legacy.i386.rpm
21f8520c8a2a3d60e55041c0db028e03549f8544
redhat/7.3/updates/i386/ipxutils-2.2.0.18-6.1.legacy.i386.rpm
6704d55f1f43360b6ad4211e2ca0f92e9f2174c8
redhat/7.3/updates/SRPMS/ncpfs-2.2.0.18-6.1.legacy.src.rpm
6acd3b7b7d09cb0e47769b43a888adf72a6278ac
redhat/9/updates/i386/ncpfs-2.2.1-1.1.legacy.i386.rpm
c49d83f88b229ce57c689d313eccb4df7b89f36b
redhat/9/updates/i386/ipxutils-2.2.1-1.1.legacy.i386.rpm
ac833c51fcf831bca3edef5d0275ccd1ae0a530f
redhat/9/updates/SRPMS/ncpfs-2.2.1-1.1.legacy.src.rpm
8379face8f68fe556d40bf32f72a5ab368e8eb6d
fedora/1/updates/i386/ncpfs-2.2.3-1.1.legacy.i386.rpm
eefaa839a26179ca5d41897eacf7bbf3c49661e1
fedora/1/updates/i386/ipxutils-2.2.3-1.1.legacy.i386.rpm
ede00a8544200515b5e09a7a40836d8f558cac9d
fedora/1/updates/SRPMS/ncpfs-2.2.3-1.1.legacy.src.rpm
1d32d2f0c39475f98206d78f87c587d4f96ddb70
fedora/2/updates/i386/ncpfs-2.2.4-1.1.legacy.i386.rpm
c095ce2d66184b605516231609cddc30520c3eb5
fedora/2/updates/i386/ipxutils-2.2.4-1.1.legacy.i386.rpm
874f8a48f85fef80615b5892a70d214f0935ed7a
fedora/2/updates/SRPMS/ncpfs-2.2.4-1.1.legacy.src.rpm
dc329c8b3558f67350486358b01b6a62f6f467af
fedora/3/updates/i386/ncpfs-2.2.4-5.FC3.1.legacy.i386.rpm
1ddd6caafe4a693d4a69d341be69600df446de3b
fedora/3/updates/i386/ipxutils-2.2.4-5.FC3.1.legacy.i386.rpm
db8660759a23570a6d06bda37c619e0931425ef8
fedora/3/updates/x86_64/ncpfs-2.2.4-5.FC3.1.legacy.x86_64.rpm
1e8bc7d10995fde90688b424f5001c14f7d3e3bc
fedora/3/updates/x86_64/ipxutils-2.2.4-5.FC3.1.legacy.x86_64.rpm

7f29dd88dcf31f19970e22c8c3af7267c62a5508
fedora/3/updates/SRPMS/ncpfs-2.2.4-5.FC3.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1079

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0013

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0014

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated xloadimage package fixes security issues
Advisory ID: FLSA:152923
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0638 CVE-2005-3178



1. Topic:

A new xloadimage package that fixes bugs in handling malformed
tiff and pbm/pnm/ppm images, and in handling metacharacters in file
names is now available.

The xloadimage utility displays images in an X Window System
window, loads images into the root window, or writes images into a
file. Xloadimage supports many image types (including GIF, TIFF,
JPEG, XPM, and XBM).

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386

3. Problem description:

A flaw was discovered in xloadimage where filenames were not
properly quoted when calling the gunzip command. An attacker could
create a file with a carefully crafted filename so that it would
execute arbitrary commands if opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-0638 to this issue.

A flaw was discovered in xloadimage via which an attacker can
construct a NIFF image with a very long embedded image title. This
image can cause a buffer overflow. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-3178 to this issue.

All users of xloadimage should upgrade to this erratum package,
which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152923

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/xloadimage-4.1-21.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/xloadimage-4.1-21.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/xloadimage-4.1-27.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/xloadimage-4.1-27.2.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/xloadimage-4.1-29.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/xloadimage-4.1-29.2.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/xloadimage-4.1-34.FC2.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/xloadimage-4.1-34.FC2.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


88326ff1a0753287240180322b36f8174686e0cc
redhat/7.3/updates/i386/xloadimage-4.1-21.2.legacy.i386.rpm
663b64ed039000824bacd3475e807c29c835f388
redhat/7.3/updates/SRPMS/xloadimage-4.1-21.2.legacy.src.rpm
7fef8d73737dfacb3d56f203bf31f3c8e2014925
redhat/9/updates/i386/xloadimage-4.1-27.2.legacy.i386.rpm
2b4223a41ab2127ee3b173e0803635f3c441bb4f
redhat/9/updates/SRPMS/xloadimage-4.1-27.2.legacy.src.rpm
c24c7a2ae4d703b00a3f84623cae24775674d5d7
fedora/1/updates/i386/xloadimage-4.1-29.2.legacy.i386.rpm
ec2c5a9b5049aeca3cd4d12e7b84c650fec1c295
fedora/1/updates/SRPMS/xloadimage-4.1-29.2.legacy.src.rpm
2910727dcd74a462a2f137746592e53ba5fcdfac
fedora/2/updates/i386/xloadimage-4.1-34.FC2.2.legacy.i386.rpm
924f5e4ffc9ff7190dc1808def838e57377f5fd6
fedora/2/updates/SRPMS/xloadimage-4.1-34.FC2.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0638

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3178

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated fetchmail packages fix security issues
Advisory ID: FLSA:164512
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2003-0792 CVE-2005-2335 CVE-2005-3088
CVE-2005-4348



1. Topic:

Updated fetchmail packages that fix security flaws are now
available.

Fetchmail is a remote mail retrieval and forwarding utility.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386

3. Problem description:

A bug was found in the way fetchmail allocates memory for long
lines. A remote attacker could cause a denial of service by sending
a speciallycrafted email. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2003-0792 to this issue.

A buffer overflow was discovered in fetchmail’s POP3 client. A
malicious server could cause send a carefully crafted message UID
and cause fetchmail to crash or potentially execute arbitrary code
as the user running fetchmail. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-2335 to this
issue.

A bug was found in the way the fetchmailconf utility program
writes configuration files. The default behavior of fetchmailconf
is to write a configuration file which may be world readable for a
short period of time. This configuration file could provide
passwords to a local malicious attacker within the short window
before fetchmailconf sets secure permissions. The Common
Vulnerabilities and Exposures project has assigned the name
CVE-2005-3088 to this issue.

A bug was found when fetchmail is running in multidrop mode. A
malicious mail server can cause a denial of service by sending a
message without headers. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-4348 to this issue.

Users of fetchmail should update to this erratum package which
contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164512

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/fetchmail-5.9.0-21.7.3.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/fetchmail-5.9.0-21.7.3.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/fetchmailconf-5.9.0-21.7.3.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/fetchmail-6.2.0-3.4.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/fetchmail-6.2.0-3.4.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/fetchmail-6.2.0-8.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/fetchmail-6.2.0-8.2.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/fetchmail-6.2.5-2.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/fetchmail-6.2.5-2.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


8b49bca60dc8bcbba7634b8e0559c82fbeef3db5
redhat/7.3/updates/i386/fetchmail-5.9.0-21.7.3.2.legacy.i386.rpm

9c9c861757b4b8b2866f1d0e91dbc16d5037d956
redhat/7.3/updates/i386/fetchmailconf-5.9.0-21.7.3.2.legacy.i386.rpm

9cca4f274cb21928d459ed25883e5d3c1f758f10
redhat/7.3/updates/SRPMS/fetchmail-5.9.0-21.7.3.2.legacy.src.rpm

0fd22e51f83aab97d8c1790ed95423882f01aa9b
redhat/9/updates/i386/fetchmail-6.2.0-3.4.legacy.i386.rpm
7d2eb582d0aba96e07710eb89cd8c4c41c4530d3
redhat/9/updates/SRPMS/fetchmail-6.2.0-3.4.legacy.src.rpm
5df158a0ba6bb0c323a75464e04b11e246dd8f98
fedora/1/updates/i386/fetchmail-6.2.0-8.2.legacy.i386.rpm
927ed2783b8b4a29d0669e7936c1d27fd05564eb
fedora/1/updates/SRPMS/fetchmail-6.2.0-8.2.legacy.src.rpm
418f533e86f4c04a5fc41235b0618db470a63471
fedora/2/updates/i386/fetchmail-6.2.5-2.2.legacy.i386.rpm
d5a948f76f51032c05ab44b0ca7e47e36f7e4042
fedora/2/updates/SRPMS/fetchmail-6.2.5-2.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0792

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated gnupg package fixes security issues
Advisory ID: FLSA:185355
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2006-0049 CVE-2006-0455



1. Topic:

An updated GnuPG package that fixes signature verification flaws
is now available.

GnuPG is a utility for encrypting data and creating digital
signatures.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386
Fedora Core 3 – i386, x86_64

3. Problem description:

Tavis Ormandy discovered a bug in the way GnuPG verifies
cryptographically signed data with detached signatures. It is
possible for an attacker to construct a cryptographically signed
message which could appear to come from a third party. When a
victim processes a GnuPG message with a malformed detached
signature, GnuPG ignores the malformed signature, processes and
outputs the signed data, and exits with status 0, just as it would
if the signature had been valid. In this case, GnuPG’s exit status
would not indicate that no signature verification had taken place.
This issue would primarily be of concern when processing GnuPG
results via an automated script. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0455 to this
issue.

Tavis Ormandy also discovered a bug in the way GnuPG verifies
cryptographically signed data with inline signatures. It is
possible for an attacker to inject unsigned data into a signed
message in such a way that when a victim processes the message to
recover the data, the unsigned data is output along with the signed
data, gaining the appearance of having been signed. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0049 to this issue.

Please note that neither of these issues affect the way RPM or
up2date verify RPM package files, nor is RPM vulnerable to either
of these issues.

All users of GnuPG are advised to upgrade to this updated
package, which contains backported patches to correct these
issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185355

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gnupg-1.0.7-13.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnupg-1.0.7-13.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gnupg-1.2.1-9.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/gnupg-1.2.1-9.2.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/gnupg-1.2.3-2.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/gnupg-1.2.3-2.2.legacy.i386.rpm

Fedora Core 2:

SRPM:

http://download.fedoralegacy.org/fedora/2/updates/SRPMS/gnupg-1.2.4-2.3.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/2/updates/i386/gnupg-1.2.4-2.3.legacy.i386.rpm

Fedora Core 3:

SRPM:

http://download.fedoralegacy.org/fedora/3/updates/SRPMS/gnupg-1.2.7-1.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/3/updates/i386/gnupg-1.2.7-1.2.legacy.i386.rpm

x86_64:

http://download.fedoralegacy.org/fedora/3/updates/x86_64/gnupg-1.2.7-1.2.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


8908e71fbca5c2bae5f3aadd774e42a49a5cb957
redhat/7.3/updates/i386/gnupg-1.0.7-13.3.legacy.i386.rpm
dd9dc31630ca66faffb4f214f425b973cb3212cf
redhat/7.3/updates/SRPMS/gnupg-1.0.7-13.3.legacy.src.rpm
b551dcbc9739ca6af6ca175c61709d5a4209fee6
redhat/9/updates/i386/gnupg-1.2.1-9.2.legacy.i386.rpm
937e799801ee740b3076aaf7bae40aedad8150bf
redhat/9/updates/SRPMS/gnupg-1.2.1-9.2.legacy.src.rpm
69c6c0d7cd4250e7e9ce1dc67ce4f3da3ee3b810
fedora/1/updates/i386/gnupg-1.2.3-2.2.legacy.i386.rpm
b0f065bc8326fdc3f842dbc368be479f5d6b27c0
fedora/1/updates/SRPMS/gnupg-1.2.3-2.2.legacy.src.rpm
4c9c5887459282cf336cc18c161eb3a243ea4b6d
fedora/2/updates/i386/gnupg-1.2.4-2.3.legacy.i386.rpm
ffdee44401e55625c991eb20a6fcf316f0fae7c9
fedora/2/updates/SRPMS/gnupg-1.2.4-2.3.legacy.src.rpm
56347e77b9f310b8b9f13b5105f50720d114660f
fedora/3/updates/i386/gnupg-1.2.7-1.2.legacy.i386.rpm
42858f6256ed2aed3ebacaa1ea948ab245713ad6
fedora/3/updates/x86_64/gnupg-1.2.7-1.2.legacy.x86_64.rpm
66087d787f7707eb181ceff7e37d3f2ca624201a
fedora/3/updates/SRPMS/gnupg-1.2.7-1.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455

9. Contact:

The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org


Trustix Secure Linux


Trustix Secure Linux Security Advisory #2006-0026

Package names: kernel
Summary: Multiple vulnerabilities
Date: 2006-05-12
Affected versions: Trustix Secure Linux 3.0


Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.

Problem description:
kernel < TSL 3.0 >

  • New Upstream.
  • SECURITY Fix: An error in the Stream Control Transmission
    Protocol (SCTP) code that uses incorrect state table entries when
    certain ECNE chunks are received in CLOSED state, could be
    exploited by attackers to cause a kernel panic via a specially
    crafted packet.
  • An error exist when handling incoming IP-fragmented SCTP
    control chunks, which could be exploited by attackers to cause a
    kernel panic via a specially crafted packet.
  • Linux SCTP (lksctp) allows remote attackers to cause a denial
    of service (infinite recursion and crash) via a packet that
    contains two or more DATA fragments, which causes an skb pointer to
    refer back to itself when the full message is reassembled, leading
    to infinite recursion in the sctp_skb_pull function
  • Linux SCTP (lksctp) allows remote attackers to cause a denial
    of service (deadlock) via a large number of small messages to a
    receiver application that cannot process the messages quickly
    enough, which leads to “spillover of the receive buffer.”
  • A vulnerability has been identified due to an input validation
    error when processing arguments containing backslash (“”)
    characters passed to certain commands (e.g. “cd”), which could be
    exploited by authenticated attackers to escape chroot restrictions
    for a CIFS or SMBFS mounted filesystem.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-2271, CVE-2006-2272, CVE-2006-2274, CVE-2006-2275 and
CVE-2006-1864 to these issues.

Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>

<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification: