Advisories: May 25, 2005

Debian GNU/Linux

Debian Security Advisory DSA 728-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 25th, 2005 http://www.debian.org/security/faq

Package : qpopper
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE IDs : CAN-2005-1151 CAN-2005-1152

Two bugs have been discovered in qpopper, an enhanced Post
Office Protocol (POP3) server. The Common Vulnerability and
Exposures project identifies the following problems:

CAN-2005-1151

Jens Steube discovered that while processing local files owned
or provided by a normal user privileges weren’t dropped, which
could lead to the overwriting or creation of arbitrary files as
root.

CAN-2005-1152

The upstream developers noticed that qpopper could be tricked to
creating group- or world-writable files.

For the stable distribution (woody) these problems have been
fixed in version 4.0.4-2.woody.5.

For the testing distribution (sarge) these problems have been
fixed in version 4.0.5-4sarge1.

For the unstable distribution (sid) these problems will be fixed
in version 4.0.5-4sarge1.

We recommend that you upgrade your qpopper package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4.dsc

Size/MD5 checksum: 648 8a4a3c4d3a90bd48f34c26db8fa8a184

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4.diff.gz

Size/MD5 checksum: 17473 ac7cb7a84e82c3f20bbd8663a2be4c0e

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4.orig.tar.gz

Size/MD5 checksum: 2261992 77f0968cd10b0d5236114838d9f507e5

Alpha architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_alpha.deb

Size/MD5 checksum: 458526 fdc450895431518af490ed70c26690b4

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_alpha.deb

Size/MD5 checksum: 459292 b5669199d6f4372f2b5ee7cbf600a5ee

ARM architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_arm.deb

Size/MD5 checksum: 433370 e40e461e59983b3c4bd72544c9823ddf

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_arm.deb

Size/MD5 checksum: 434144 89f7de875966d5398208664745b0825d

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_i386.deb

Size/MD5 checksum: 422496 275080592bb86fb37f44fe6ddc17a930

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_i386.deb

Size/MD5 checksum: 423426 4837430cf6367f82d6a55e3b238c30c0

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_ia64.deb

Size/MD5 checksum: 484928 a765fbbc4cec479b962b15fcf4506554

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_ia64.deb

Size/MD5 checksum: 485876 aea333e7c81e270dd1594765394d08ca

HP Precision architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_hppa.deb

Size/MD5 checksum: 442848 d4024658e0876e72c93773d21eec2750

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_hppa.deb

Size/MD5 checksum: 443930 b5bddba42ffe723dcea8ecc172401409

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_m68k.deb

Size/MD5 checksum: 416310 5561b088daaf6b0a891715623d2919f5

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_m68k.deb

Size/MD5 checksum: 417256 c4879974d172134e8ec28c2b495012ed

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_mips.deb

Size/MD5 checksum: 439160 85103a9f874de432a57feb0a938349ab

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_mips.deb

Size/MD5 checksum: 439940 e9e5442b85568f63324e85257e931962

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_mipsel.deb

Size/MD5 checksum: 439462 f912738cb0e25b0e215bc968d8b2e250

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_mipsel.deb

Size/MD5 checksum: 440732 208a5f8d25f7bc83cbdc14145dfa9093

PowerPC architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_powerpc.deb

Size/MD5 checksum: 433316 67f331a07b83d8e3bb745c3aa576b186

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_powerpc.deb

Size/MD5 checksum: 433894 b373674498d8f38df3c161d698e28eb5

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_s390.deb

Size/MD5 checksum: 428582 7d2aa35d8172623fae1e782c8bbd39c9

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_s390.deb

Size/MD5 checksum: 429694 71ea0abc8b2ec5dcbea76a1b47ff7e84

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.4_sparc.deb

Size/MD5 checksum: 434720 67b37565b3633c6111f01a66ea88d17b

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.4_sparc.deb

Size/MD5 checksum: 435372 413153ac3d8d7be1ea191f2e8e084641

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1.dsc

Size/MD5 checksum: 654 965b9d0da82ac7158d5007f53d06687b

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1.diff.gz

Size/MD5 checksum: 128752 121b2d0f6b6e49c7a42d119f3b913344

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5.orig.tar.gz

Size/MD5 checksum: 2281284 e00853280c9e899711f0b0239d3d8f86

Alpha architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_alpha.deb

Size/MD5 checksum: 437332 ed094b8544b33af5933cc0b31ddf340c

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_alpha.deb

Size/MD5 checksum: 439258 d446633935a28035154f7b58c78a47b5

ARM architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_arm.deb

Size/MD5 checksum: 412418 63b6d6c474c0b3ed168d26935fdb66ec

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_arm.deb

Size/MD5 checksum: 413758 8d6fd58ea1d21eab06b2ec07f56a9d09

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_i386.deb

Size/MD5 checksum: 412684 aad7bc1cda319942fc35a1c6c77ce217

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_i386.deb

Size/MD5 checksum: 414352 04366a0962d44d97988f441a2d0106b6

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_ia64.deb

Size/MD5 checksum: 460508 5ecd98c52e52dae7394d453f93f28f4c

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_ia64.deb

Size/MD5 checksum: 462502 693915f6d206aacad3f120ee69ba7b02

HP Precision architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_hppa.deb

Size/MD5 checksum: 423094 6c681ccee64b16fe8d74571d0dcb7c7b

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_hppa.deb

Size/MD5 checksum: 424996 7fd56380f01291f3e4d877623a9f3a1f

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_m68k.deb

Size/MD5 checksum: 397408 d9e8d691860cd2de1098d85e9ae3e61e

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_m68k.deb

Size/MD5 checksum: 398678 8bcf97f3819012595b09a16acaae2911

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_mips.deb

Size/MD5 checksum: 420358 fc953a6e7a31000662416f282b15be22

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_mips.deb

Size/MD5 checksum: 421958 ca599fd86bdd366367b6539ffbe53b61

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_mipsel.deb

Size/MD5 checksum: 421588 98701bea5aeadac79827d9e39b0a0483

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_mipsel.deb

Size/MD5 checksum: 423020 34d65b128cd784d9d0ff96d82b31ccb3

PowerPC architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_powerpc.deb

Size/MD5 checksum: 417762 4e0bb2eb1c6a0fc14337f699c72e9385

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_powerpc.deb

Size/MD5 checksum: 419056 6273a2937e0d710b51a5aba1fe6a476f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_s390.deb

Size/MD5 checksum: 414600 f0b011cb5ac4c28c8586786f0051ba3a

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_s390.deb

Size/MD5 checksum: 416094 56ff4626d4e4b7e6026fd04538415627

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_sparc.deb

Size/MD5 checksum: 411094 5a9d2123b0c0681e0f8789b31fc3ba5d

http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_sparc.deb

Size/MD5 checksum: 412424 5182a75bd98fbc62d047a85a27dfadba

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Important: ImageMagick security update
Advisory ID: RHSA-2005:413-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-413.html

Issue date: 2005-05-25
Updated on: 2005-05-25
Product: Red Hat Enterprise Linux

1. Summary:

Updated ImageMagick packages that fix a buffer overflow issue
are now available.

This update has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for
the X Window System which can read and write multiple image
formats.

A heap based buffer overflow bug was found in the way
ImageMagick parses PNM files. An attacker could execute arbitrary
code on a victim’s machine if they were able to trick the victim
into opening a specially crafted PNM file. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-1275 to this issue.

Users of ImageMagick should upgrade to these updated packages,
which contain a backported patch, and are not vulnerable to this
issue.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155953 – ImageMagick PNM heap overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-14.src.rpm

da0b49cdf98cb5e29f5173055160c939 ImageMagick-5.5.6-14.src.rpm

i386:
cec301ae8b013d54d6446caef945fddb ImageMagick-5.5.6-14.i386.rpm
c8a33dda1f2a235eb933e9f3c1883cc2
ImageMagick-c++-5.5.6-14.i386.rpm
8427543707cbdcc9cda8e57ef8bf812e
ImageMagick-c++-devel-5.5.6-14.i386.rpm
070a9f37b3763ee49af8f376496143ed
ImageMagick-devel-5.5.6-14.i386.rpm
a147f6b274f13330eaf4f1bdf369f004
ImageMagick-perl-5.5.6-14.i386.rpm

ia64:
cec301ae8b013d54d6446caef945fddb ImageMagick-5.5.6-14.i386.rpm
04eaac66bf3627d48be55a4da85659b9 ImageMagick-5.5.6-14.ia64.rpm
c8a33dda1f2a235eb933e9f3c1883cc2
ImageMagick-c++-5.5.6-14.i386.rpm
13cf4e0824d50af8b8c4ab33b1430fdf
ImageMagick-c++-5.5.6-14.ia64.rpm
1b9d3c586a98a4e6a93877401a42dd44
ImageMagick-c++-devel-5.5.6-14.ia64.rpm
bcb5689b37f19468a5f2172bfc50cc31
ImageMagick-devel-5.5.6-14.ia64.rpm
311ffedc040b6c5482b7f6bb6cc63c9e
ImageMagick-perl-5.5.6-14.ia64.rpm

ppc:
61a882a1ddc43197c44d8d807cebf87e ImageMagick-5.5.6-14.ppc.rpm
dde736a8747a93350ce8b9b353efc045 ImageMagick-5.5.6-14.ppc64.rpm
2d52336caaee183028cb16b20355e211
ImageMagick-c++-5.5.6-14.ppc.rpm
7338bc1e2d2643643a303d1bc281b2e5
ImageMagick-c++-5.5.6-14.ppc64.rpm
f1706007d999b409a388abe831654304
ImageMagick-c++-devel-5.5.6-14.ppc.rpm
03c49c0f386233a7bd3ca3246183b829
ImageMagick-devel-5.5.6-14.ppc.rpm
6f11c4e4e528afad0a31a520cb0f5c6e
ImageMagick-perl-5.5.6-14.ppc.rpm

s390:
8b249cd0988f22bad64ccc71547e4173 ImageMagick-5.5.6-14.s390.rpm
260dd0e80f5754210442a5a922a880dd
ImageMagick-c++-5.5.6-14.s390.rpm
e45c1f6c0efcc5f0496f5242b5a3ad7e
ImageMagick-c++-devel-5.5.6-14.s390.rpm
31d0312826495ad73bd9c18437460798
ImageMagick-devel-5.5.6-14.s390.rpm
9b1a819b54830642d5d782643119f440
ImageMagick-perl-5.5.6-14.s390.rpm

s390x:
8b249cd0988f22bad64ccc71547e4173 ImageMagick-5.5.6-14.s390.rpm
db045788fbb9b484851461dc669dc1c7 ImageMagick-5.5.6-14.s390x.rpm
260dd0e80f5754210442a5a922a880dd
ImageMagick-c++-5.5.6-14.s390.rpm
c4d3572cc9850c59c7628a6c90cf4b4f
ImageMagick-c++-5.5.6-14.s390x.rpm
f53ece28b83e8ffec6443e814ea3e60c
ImageMagick-c++-devel-5.5.6-14.s390x.rpm
85770ab54225df2d09fb59f09541ff98
ImageMagick-devel-5.5.6-14.s390x.rpm
b87f2ea0d97e4de04f2e6680474cecb8
ImageMagick-perl-5.5.6-14.s390x.rpm

x86_64:
cec301ae8b013d54d6446caef945fddb ImageMagick-5.5.6-14.i386.rpm
265bb9d8e2bbe6bfae7ba5283fa09919
ImageMagick-5.5.6-14.x86_64.rpm
c8a33dda1f2a235eb933e9f3c1883cc2
ImageMagick-c++-5.5.6-14.i386.rpm
769f3c85dce9f011b4f44d50cc559b46
ImageMagick-c++-5.5.6-14.x86_64.rpm
d967904cba9c7c4a904e56a4bd9c0b61
ImageMagick-c++-devel-5.5.6-14.x86_64.rpm
122c25aa446c3d832ef2bb00eb26987b
ImageMagick-devel-5.5.6-14.x86_64.rpm
4fcaf8d863a871b13eaecffb5f21c88a
ImageMagick-perl-5.5.6-14.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-14.src.rpm

da0b49cdf98cb5e29f5173055160c939 ImageMagick-5.5.6-14.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-14.src.rpm

da0b49cdf98cb5e29f5173055160c939 ImageMagick-5.5.6-14.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-14.src.rpm

da0b49cdf98cb5e29f5173055160c939 ImageMagick-5.5.6-14.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-11.src.rpm

654598df8ce20d97758403a8b1c6f533 ImageMagick-6.0.7.1-11.src.rpm

i386:
e901b7ab437561e7da8a97bae82ec1d3
ImageMagick-6.0.7.1-11.i386.rpm
e6203e5faa28c0b01b2c77fe020af7fa
ImageMagick-c++-6.0.7.1-11.i386.rpm
01d202ef44b2437e5068ceedd6ddc57c
ImageMagick-c++-devel-6.0.7.1-11.i386.rpm
d06927257fadba8bddcdbe529aa5fd4c
ImageMagick-devel-6.0.7.1-11.i386.rpm
b727c595bdf5369f037e5310fbe32d52
ImageMagick-perl-6.0.7.1-11.i386.rpm

ia64:
5101a577cf65831572388147bb300414
ImageMagick-6.0.7.1-11.ia64.rpm
74021628bf35c269163f910011d6179e
ImageMagick-c++-6.0.7.1-11.ia64.rpm
9915d9290c163be04823e33ce7657b40
ImageMagick-c++-devel-6.0.7.1-11.ia64.rpm
ea3311125b829a021bdbe1b905e15d56
ImageMagick-devel-6.0.7.1-11.ia64.rpm
ad10bac3b682af14db196c53f68681ec
ImageMagick-perl-6.0.7.1-11.ia64.rpm

ppc:
69353fd54da027ea07f25980c3ce0d89 ImageMagick-6.0.7.1-11.ppc.rpm
c0ce1b96e65429e8a8c2d0bc18e096ad
ImageMagick-c++-6.0.7.1-11.ppc.rpm
e47a22ced559637dd65ae48d0ea4bd94
ImageMagick-c++-devel-6.0.7.1-11.ppc.rpm
9bb71a4406621cade0cb8170b5a9b671
ImageMagick-devel-6.0.7.1-11.ppc.rpm
c16ba0ddbc52bb5e79a7640e486704b9
ImageMagick-perl-6.0.7.1-11.ppc.rpm

s390:
c66d6d3557835a4f8759bcaaae283b61
ImageMagick-6.0.7.1-11.s390.rpm
fe50719d170010c9d389ce15d0a0e3fe
ImageMagick-c++-6.0.7.1-11.s390.rpm
89f4a1a0ad454633b41654a717655b07
ImageMagick-c++-devel-6.0.7.1-11.s390.rpm
088f61ea3fd8733c00844ec4660c3940
ImageMagick-devel-6.0.7.1-11.s390.rpm
fa51ebe0d878e5079fa76e786bddc9c6
ImageMagick-perl-6.0.7.1-11.s390.rpm

s390x:
cc0d06a7e8de3d95b37b000bc9cb15b2
ImageMagick-6.0.7.1-11.s390x.rpm
6f823f887bd8b673630b2519081d31a7
ImageMagick-c++-6.0.7.1-11.s390x.rpm
a20512111f65942066441db7a11597df
ImageMagick-c++-devel-6.0.7.1-11.s390x.rpm
1cc6804b0b87aabfc2c01366c015c496
ImageMagick-devel-6.0.7.1-11.s390x.rpm
30fcc8201ae8a66fd6a72ec4f37b2883
ImageMagick-perl-6.0.7.1-11.s390x.rpm

x86_64:
75e1b60756dd17941aaf9a82c3ec85e8
ImageMagick-6.0.7.1-11.x86_64.rpm
918ba19e29a73f71247486e85da5f4a6
ImageMagick-c++-6.0.7.1-11.x86_64.rpm
4e4fadbb45bb05886c6e1c07ae257181
ImageMagick-c++-devel-6.0.7.1-11.x86_64.rpm
6bc4e66b410483242dea505f74019623
ImageMagick-devel-6.0.7.1-11.x86_64.rpm
497384b120f49f464823cf252240674f
ImageMagick-perl-6.0.7.1-11.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-11.src.rpm

654598df8ce20d97758403a8b1c6f533 ImageMagick-6.0.7.1-11.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-11.src.rpm

654598df8ce20d97758403a8b1c6f533 ImageMagick-6.0.7.1-11.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-11.src.rpm

654598df8ce20d97758403a8b1c6f533 ImageMagick-6.0.7.1-11.src.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.overflow.pl/adv/imheapoverflow.txt

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Moderate: ethereal security update
Advisory ID: RHSA-2005:427-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-427.html

Issue date: 2005-05-24
Updated on: 2005-05-24
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1456 CAN-2005-1457 CAN-2005-1458 CAN-2005-1459
CAN-2005-1460 CAN-2005-1461 CAN-2005-1462 CAN-2005-1463
CAN-2005-1464 CAN-2005-1465 CAN-2005-1466 CAN-2005-1467
CAN-2005-1468 CAN-2005-1469 CAN-2005-1470

1. Summary:

Updated Ethereal packages that fix various security
vulnerabilities are now available.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

The ethereal package is a program for monitoring network
traffic.

A number of security flaws have been discovered in Ethereal. On
a system where Ethereal is running, a remote attacker could send
malicious packets to trigger these flaws and cause Ethereal to
crash or potentially execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CAN-2005-1456, CAN-2005-1457, CAN-2005-1458, CAN-2005-1459,
CAN-2005-1460, CAN-2005-1461, CAN-2005-1462, CAN-2005-1463,
CAN-2005-1464, CAN-2005-1465, CAN-2005-1466, CAN-2005-1467,
CAN-2005-1468, CAN-2005-1469, and CAN-2005-1470 to these
issues.

Users of ethereal should upgrade to these updated packages,
which contain version 0.10.11 which is not vulnerable to these
issues.

4. Solution:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

156911 – multiple ethereal security issues

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.11-1.AS21.1.src.rpm

0b21799c49fc8c2cecf89d1b4cf8344f
ethereal-0.10.11-1.AS21.1.src.rpm

i386:
d073461de6033a9b54868983f1e8a57f
ethereal-0.10.11-1.AS21.1.i386.rpm
6fbab843d5b9db3dbf20dd51a5326bc5
ethereal-gnome-0.10.11-1.AS21.1.i386.rpm

ia64:
a998856f27fc440f36c4f06f3fba73a6
ethereal-0.10.11-1.AS21.1.ia64.rpm
196cc361800f73d8cd417470b8382784
ethereal-gnome-0.10.11-1.AS21.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.11-1.AS21.1.src.rpm

0b21799c49fc8c2cecf89d1b4cf8344f
ethereal-0.10.11-1.AS21.1.src.rpm

ia64:
a998856f27fc440f36c4f06f3fba73a6
ethereal-0.10.11-1.AS21.1.ia64.rpm
196cc361800f73d8cd417470b8382784
ethereal-gnome-0.10.11-1.AS21.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.11-1.AS21.1.src.rpm

0b21799c49fc8c2cecf89d1b4cf8344f
ethereal-0.10.11-1.AS21.1.src.rpm

i386:
d073461de6033a9b54868983f1e8a57f
ethereal-0.10.11-1.AS21.1.i386.rpm
6fbab843d5b9db3dbf20dd51a5326bc5
ethereal-gnome-0.10.11-1.AS21.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.11-1.AS21.1.src.rpm

0b21799c49fc8c2cecf89d1b4cf8344f
ethereal-0.10.11-1.AS21.1.src.rpm

i386:
d073461de6033a9b54868983f1e8a57f
ethereal-0.10.11-1.AS21.1.i386.rpm
6fbab843d5b9db3dbf20dd51a5326bc5
ethereal-gnome-0.10.11-1.AS21.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.11-1.EL3.1.src.rpm

2bc945fb2b41cd50103a5a6d5d06b8a9
ethereal-0.10.11-1.EL3.1.src.rpm

i386:
7ae09e2aa199a2a9481c06b92d231e1d
ethereal-0.10.11-1.EL3.1.i386.rpm
a715b1bfbb2e5eb8b9404c732b560383
ethereal-gnome-0.10.11-1.EL3.1.i386.rpm

ia64:
8c838c44496eac706a84564e3214d86c
ethereal-0.10.11-1.EL3.1.ia64.rpm
7018e509f29c7932ff54360d6636556c
ethereal-gnome-0.10.11-1.EL3.1.ia64.rpm

ppc:
6108eb261f27496e93e114da49155136
ethereal-0.10.11-1.EL3.1.ppc.rpm
d7ae48638b139142c9c99cb3d2848636
ethereal-gnome-0.10.11-1.EL3.1.ppc.rpm

s390:
ba40ab1703aa6279fb8805a8ba9c9440
ethereal-0.10.11-1.EL3.1.s390.rpm
2df76ee89a7a835fab203736a8dcd132
ethereal-gnome-0.10.11-1.EL3.1.s390.rpm

s390x:
7f1a798128a574d46874cf7c4d6fd252
ethereal-0.10.11-1.EL3.1.s390x.rpm
7f3243e9939635e20fed82fe47806605
ethereal-gnome-0.10.11-1.EL3.1.s390x.rpm

x86_64:
305b213ec8ce371cbb63659cfeeeacc8
ethereal-0.10.11-1.EL3.1.x86_64.rpm
d94093e389d30ee9647e16d0f419b3f6
ethereal-gnome-0.10.11-1.EL3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.11-1.EL3.1.src.rpm

2bc945fb2b41cd50103a5a6d5d06b8a9
ethereal-0.10.11-1.EL3.1.src.rpm

i386:
7ae09e2aa199a2a9481c06b92d231e1d
ethereal-0.10.11-1.EL3.1.i386.rpm
a715b1bfbb2e5eb8b9404c732b560383
ethereal-gnome-0.10.11-1.EL3.1.i386.rpm

x86_64:
305b213ec8ce371cbb63659cfeeeacc8
ethereal-0.10.11-1.EL3.1.x86_64.rpm
d94093e389d30ee9647e16d0f419b3f6
ethereal-gnome-0.10.11-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.11-1.EL3.1.src.rpm

2bc945fb2b41cd50103a5a6d5d06b8a9
ethereal-0.10.11-1.EL3.1.src.rpm

i386:
7ae09e2aa199a2a9481c06b92d231e1d
ethereal-0.10.11-1.EL3.1.i386.rpm
a715b1bfbb2e5eb8b9404c732b560383
ethereal-gnome-0.10.11-1.EL3.1.i386.rpm

ia64:
8c838c44496eac706a84564e3214d86c
ethereal-0.10.11-1.EL3.1.ia64.rpm
7018e509f29c7932ff54360d6636556c
ethereal-gnome-0.10.11-1.EL3.1.ia64.rpm

x86_64:
305b213ec8ce371cbb63659cfeeeacc8
ethereal-0.10.11-1.EL3.1.x86_64.rpm
d94093e389d30ee9647e16d0f419b3f6
ethereal-gnome-0.10.11-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.11-1.EL3.1.src.rpm

2bc945fb2b41cd50103a5a6d5d06b8a9
ethereal-0.10.11-1.EL3.1.src.rpm

i386:
7ae09e2aa199a2a9481c06b92d231e1d
ethereal-0.10.11-1.EL3.1.i386.rpm
a715b1bfbb2e5eb8b9404c732b560383
ethereal-gnome-0.10.11-1.EL3.1.i386.rpm

ia64:
8c838c44496eac706a84564e3214d86c
ethereal-0.10.11-1.EL3.1.ia64.rpm
7018e509f29c7932ff54360d6636556c
ethereal-gnome-0.10.11-1.EL3.1.ia64.rpm

x86_64:
305b213ec8ce371cbb63659cfeeeacc8
ethereal-0.10.11-1.EL3.1.x86_64.rpm
d94093e389d30ee9647e16d0f419b3f6
ethereal-gnome-0.10.11-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ethereal-0.10.11-1.EL4.1.src.rpm

31827231cfd39c1f58c507b5f6b18f0a
ethereal-0.10.11-1.EL4.1.src.rpm

i386:
242ac3e7bf5c4ce383846f0da2c75bb3
ethereal-0.10.11-1.EL4.1.i386.rpm
fd29b49e9fd1fed6fea304f5bce3c635
ethereal-gnome-0.10.11-1.EL4.1.i386.rpm

ia64:
a681b93f9a5fdf707fbeb45f5388ab60
ethereal-0.10.11-1.EL4.1.ia64.rpm
865a6db98828885c06f2830647d717c8
ethereal-gnome-0.10.11-1.EL4.1.ia64.rpm

ppc:
871b6520758e58526df3cd6dc0089002
ethereal-0.10.11-1.EL4.1.ppc.rpm
8ff35168d4a835a3170df2dd30ee9385
ethereal-gnome-0.10.11-1.EL4.1.ppc.rpm

s390:
c88c44f2d1c04d4287b69ae59671f364
ethereal-0.10.11-1.EL4.1.s390.rpm
ddd61e3d6dee74355a57cee01181b4a8
ethereal-gnome-0.10.11-1.EL4.1.s390.rpm

s390x:
6dab852b08c392fffe26cb57372910ec
ethereal-0.10.11-1.EL4.1.s390x.rpm
1fb0433a4c4be9d7fd16f05236a65396
ethereal-gnome-0.10.11-1.EL4.1.s390x.rpm

x86_64:
29c7d4f991b56f5ce0f11c4a7967049b
ethereal-0.10.11-1.EL4.1.x86_64.rpm
4ae4f5ccd3fc44ff5fe29563702178fb
ethereal-gnome-0.10.11-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ethereal-0.10.11-1.EL4.1.src.rpm

31827231cfd39c1f58c507b5f6b18f0a
ethereal-0.10.11-1.EL4.1.src.rpm

i386:
242ac3e7bf5c4ce383846f0da2c75bb3
ethereal-0.10.11-1.EL4.1.i386.rpm
fd29b49e9fd1fed6fea304f5bce3c635
ethereal-gnome-0.10.11-1.EL4.1.i386.rpm

x86_64:
29c7d4f991b56f5ce0f11c4a7967049b
ethereal-0.10.11-1.EL4.1.x86_64.rpm
4ae4f5ccd3fc44ff5fe29563702178fb
ethereal-gnome-0.10.11-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ethereal-0.10.11-1.EL4.1.src.rpm

31827231cfd39c1f58c507b5f6b18f0a
ethereal-0.10.11-1.EL4.1.src.rpm

i386:
242ac3e7bf5c4ce383846f0da2c75bb3
ethereal-0.10.11-1.EL4.1.i386.rpm
fd29b49e9fd1fed6fea304f5bce3c635
ethereal-gnome-0.10.11-1.EL4.1.i386.rpm

ia64:
a681b93f9a5fdf707fbeb45f5388ab60
ethereal-0.10.11-1.EL4.1.ia64.rpm
865a6db98828885c06f2830647d717c8
ethereal-gnome-0.10.11-1.EL4.1.ia64.rpm

x86_64:
29c7d4f991b56f5ce0f11c4a7967049b
ethereal-0.10.11-1.EL4.1.x86_64.rpm
4ae4f5ccd3fc44ff5fe29563702178fb
ethereal-gnome-0.10.11-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ethereal-0.10.11-1.EL4.1.src.rpm

31827231cfd39c1f58c507b5f6b18f0a
ethereal-0.10.11-1.EL4.1.src.rpm

i386:
242ac3e7bf5c4ce383846f0da2c75bb3
ethereal-0.10.11-1.EL4.1.i386.rpm
fd29b49e9fd1fed6fea304f5bce3c635
ethereal-gnome-0.10.11-1.EL4.1.i386.rpm

ia64:
a681b93f9a5fdf707fbeb45f5388ab60
ethereal-0.10.11-1.EL4.1.ia64.rpm
865a6db98828885c06f2830647d717c8
ethereal-gnome-0.10.11-1.EL4.1.ia64.rpm

x86_64:
29c7d4f991b56f5ce0f11c4a7967049b
ethereal-0.10.11-1.EL4.1.x86_64.rpm
4ae4f5ccd3fc44ff5fe29563702178fb
ethereal-gnome-0.10.11-1.EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.ethereal.com/appnotes/enpa-sa-00019.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2005:472-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-472.html

Issue date: 2005-05-25
Updated on: 2005-05-25
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2005:294
CVE Names: CAN-2004-0491 CAN-2005-0176 CAN-2005-1263

1. Summary:

Updated kernel packages that fix several security issues in the
Red Hat Enterprise L

Advisories: May 25, 2005

Debian GNU/Linux

Red Hat Linux

Get the Free Newsletter!

Must Read

Proxmox Backup Server 3.4 Brings Performance and Sync Enhancements

PinePods is a Rust-based podcast management system

A Beginners Guide To Convert A PDF File To Markdown (With Images) In Linux

PipeWire 1.4.2 Adds Extra MIDI Checks to Avoid 100% CPU Usage on Older Kernels

10 Free and Open Source Game Engines – Part 3

Our Brands