---

Advisories, October 18, 2006

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200610-05


http://security.gentoo.org/


Severity: High
Title: CAPI4Hylafax fax receiver: Execution of arbitrary code
Date: October 17, 2006
Bugs: #145982
ID: 200610-05


Synopsis

CAPI4Hylafax allows remote attackers to execute arbitrary
commands.

Background

CAPI4Hylafax makes it possible to send and receive faxes via
CAPI and AVM Fritz!Cards.

Affected packages


     Package       /        Vulnerable        /             Unaffected

  1  capi4hylafax     < 01.03.00.99.300.3-r1   >= 01.03.00.99.300.3-r1

Description

Lionel Elie Mamane discovered an error in c2faxrecv, which
doesn’t properly sanitize TSI strings when handling incoming
calls.

Impact

A remote attacker can send null () and shell metacharacters in
the TSI string from an anonymous fax number, leading to the
execution of arbitrary code with the rights of the user running
c2faxrecv.

Workaround

There is no known workaround at this time.

Resolution

All CAPI4Hylafax users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/capi4hylafax-01.03.00.99.300.3-r1"

References

[ 1 ] CVE-2006-3126

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3126

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200610-06


http://security.gentoo.org/


Severity: Normal
Title: Mozilla Network Security Service (NSS): RSA signature
forgery
Date: October 17, 2006
Bugs: #148283
ID: 200610-06


Synopsis

NSS fails to properly validate PKCS #1 v1.5 signatures.

Background

The Mozilla Network Security Service is a library implementing
security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS
#11, PKCS #12, S/MIME and X.509 certificates.

Affected packages


     Package       /  Vulnerable  /                         Unaffected

  1  dev-libs/nss      < 3.11.3                              >= 3.11.3

Description

Daniel Bleichenbacher discovered that it might be possible to
forge signatures signed by RSA keys with the exponent of 3. This
affects a number of RSA signature implementations, including
Mozilla’s NSS.

Impact

Since several Certificate Authorities (CAs) are using an
exponent of 3 it might be possible for an attacker to create a key
with a false CA signature. This impacts any software using the NSS
library, like the Mozilla products Firefox, Thunderbird and
Seamonkey.

Workaround

There is no known workaround at this time.

Resolution

All NSS users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3"

Note: As usual after updating a library, you should run
‘revdep-rebuild’ (from the app-portage/gentoolkit package) to
ensure that all applications linked to it are properly rebuilt.

References

[ 1 ] CVE-2006-4339

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

[ 2 ] CVE-2006-4340

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200610-07


http://security.gentoo.org/


Severity: Normal
Title: Python: Buffer Overflow
Date: October 17, 2006
Bugs: #149065
ID: 200610-07


Synopsis

A buffer overflow in Python’s “repr()” function can be exploited
to cause a Denial of Service and potentially allows the execution
of arbitrary code.

Background

Python is an interpreted, interactive, object-oriented,
cross-platform programming language.

Affected packages


     Package          /  Vulnerable  /                      Unaffected


1 dev-lang/python < 2.4.3-r4 >= 2.4.3-r4 *>= 2.3.5-r3

Description

Benjamin C. Wiley Sittler discovered a buffer overflow in
Python’s “repr()” function when handling UTF-32/UCS-4 encoded
strings.

Impact

If a Python application processes attacker-supplied data with
the “repr()” function, this could potentially lead to the execution
of arbitrary code with the privileges of the affected application
or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Python users should update to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/2.4.3-r4"

References

[ 1 ] CVE-2006-4980

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:183
http://www.mandriva.com/security/


Package : libksba
Date : October 17, 2006
Affected: 2006.0, Corporate 4.0


Problem Description:

The libksba library, as used by gpgsm in the gnupg2 package,
allows attackers to cause a denial of service (application crash)
via a malformed X.509 certificate in a signature.

libksba-0.9.15 in Mandriva 2007.0 is not affected by this
issue.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5111


Updated Packages:

Mandriva Linux 2006.0:
8f3e8e56ed3cc75930ac17526e565e12
2006.0/i586/libksba8-0.9.11-2.1.20060mdk.i586.rpm
c3e82905d3281c6c32bf3689ad606866
2006.0/i586/libksba8-devel-0.9.11-2.1.20060mdk.i586.rpm
2e4266dd10459a85e466e0158d980b31
2006.0/SRPMS/libksba-0.9.11-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
34895ba2aef7cedd7463720a333e125c
2006.0/x86_64/lib64ksba8-0.9.11-2.1.20060mdk.x86_64.rpm
014585f62f3074d3bd6646eac7076d39
2006.0/x86_64/lib64ksba8-devel-0.9.11-2.1.20060mdk.x86_64.rpm
2e4266dd10459a85e466e0158d980b31
2006.0/SRPMS/libksba-0.9.11-2.1.20060mdk.src.rpm

Corporate 4.0:
cddf7be9c4bbf73b688cc0c95a6b77ce
corporate/4.0/i586/libksba8-0.9.11-2.1.20060mlcs4.i586.rpm
d6252717330d573c24dea70899365e4d
corporate/4.0/i586/libksba8-devel-0.9.11-2.1.20060mlcs4.i586.rpm

e8c7164eac4cc325120847f858944f2d
corporate/4.0/SRPMS/libksba-0.9.11-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6e447266e8b71fa94dfc271613f1df43
corporate/4.0/x86_64/lib64ksba8-0.9.11-2.1.20060mlcs4.x86_64.rpm

6eab52fe9640a888f358ffa3e978cbea
corporate/4.0/x86_64/lib64ksba8-devel-0.9.11-2.1.20060mlcs4.x86_64.rpm

e8c7164eac4cc325120847f858944f2d
corporate/4.0/SRPMS/libksba-0.9.11-2.1.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:184
http://www.mandriva.com/security/


Package : clamav
Date : October 17, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

An integer overflow in previous versions of ClamAV could allow a
remote attacker to cause a Denial of Service (scanning service
crash) and execute arbitrary code via a Portable Executable (PE)
file (CVE-2006-4182).

Another vulnerability could allow a remote attacker to cause a
DoS via a crafted compressed HTML (CHM) file that causes ClamAV to
read an invalid memory location (CVE-2006-5295).

These issues are corrected in ClamAV 0.88.5 which is provided
with this update.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295


Updated Packages:

Mandriva Linux 2006.0:
7257c6d81308efe7ef181575b87ec174
2006.0/i586/clamav-0.88.5-0.1.20060mdk.i586.rpm
d0d67d3e7532642e12f6cea52ec8e363
2006.0/i586/clamav-db-0.88.5-0.1.20060mdk.i586.rpm
d304e0ffb807bb475e79b237809c46a2
2006.0/i586/clamav-milter-0.88.5-0.1.20060mdk.i586.rpm
a0660e5fb904772f52bdb50d7a6766fb
2006.0/i586/clamd-0.88.5-0.1.20060mdk.i586.rpm
36f0e822513b958144cd4105c706862b
2006.0/i586/libclamav1-0.88.5-0.1.20060mdk.i586.rpm
a5c42f7006936f045ee0ee46b089f0ee
2006.0/i586/libclamav1-devel-0.88.5-0.1.20060mdk.i586.rpm
cc16fc225d1d56d0595874228cd8070b
2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
1ee38fa91df468c30a0b8c071f473fc0
2006.0/x86_64/clamav-0.88.5-0.1.20060mdk.x86_64.rpm
9a1f38a560272945495b4b05cb94578b
2006.0/x86_64/clamav-db-0.88.5-0.1.20060mdk.x86_64.rpm
c35c88d15873ad4ce7a05b743b6842b4
2006.0/x86_64/clamav-milter-0.88.5-0.1.20060mdk.x86_64.rpm
1cd4471b8a3319047625662d1ac07ba4
2006.0/x86_64/clamd-0.88.5-0.1.20060mdk.x86_64.rpm
f4e78be55de9eb6fb235248cbff62f36
2006.0/x86_64/lib64clamav1-0.88.5-0.1.20060mdk.x86_64.rpm
a3e754c122085472bcb693ca31f161c7
2006.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mdk.x86_64.rpm
cc16fc225d1d56d0595874228cd8070b
2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
8432a3683591374c2e9ad286ce6ceb70
2007.0/i586/clamav-0.88.5-1.1mdv2007.0.i586.rpm
2e9e1fb63f250ca953fe06d066968b88
2007.0/i586/clamav-db-0.88.5-1.1mdv2007.0.i586.rpm
e76fc6017f13f8de7927be403d077510
2007.0/i586/clamav-milter-0.88.5-1.1mdv2007.0.i586.rpm
74742fc0f062e71dc23af86fcac8a253
2007.0/i586/clamd-0.88.5-1.1mdv2007.0.i586.rpm
226952cb531ea0fa12347a464714e409
2007.0/i586/libclamav1-0.88.5-1.1mdv2007.0.i586.rpm
8d8bd491ed7dd5be480656d205f8ca69
2007.0/i586/libclamav1-devel-0.88.5-1.1mdv2007.0.i586.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21
2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
ec998ee65a8c0277446dcf901abbd901
2007.0/x86_64/clamav-0.88.5-1.1mdv2007.0.x86_64.rpm
27a2344aa2a12f4675b5603c80afbbf8
2007.0/x86_64/clamav-db-0.88.5-1.1mdv2007.0.x86_64.rpm
e9107857a1f585ebe285b12656833a00
2007.0/x86_64/clamav-milter-0.88.5-1.1mdv2007.0.x86_64.rpm
cb15222f0d1af2f030defd8fad981a53
2007.0/x86_64/clamd-0.88.5-1.1mdv2007.0.x86_64.rpm
fff09c60e23b76a5d56cf0408309b920
2007.0/x86_64/lib64clamav1-0.88.5-1.1mdv2007.0.x86_64.rpm
54a9559d2577bf834ddb2d269d4da1f4
2007.0/x86_64/lib64clamav1-devel-0.88.5-1.1mdv2007.0.x86_64.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21
2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm

Corporate 3.0:
68f85c25ebbe918bad56cedcf995a189
corporate/3.0/i586/clamav-0.88.5-0.1.C30mdk.i586.rpm
f0079a03a83690746c47eaac22a58585
corporate/3.0/i586/clamav-db-0.88.5-0.1.C30mdk.i586.rpm
c27d329d0801f0c7d164c0e569c68e2b
corporate/3.0/i586/clamav-milter-0.88.5-0.1.C30mdk.i586.rpm
df44fa4ceda48f1cf7c3053ee1891e65
corporate/3.0/i586/clamd-0.88.5-0.1.C30mdk.i586.rpm
f1e11299f2083a1a52b68bf0ee89037a
corporate/3.0/i586/libclamav1-0.88.5-0.1.C30mdk.i586.rpm
6b2fe309926b86b83ca29b76ad611672
corporate/3.0/i586/libclamav1-devel-0.88.5-0.1.C30mdk.i586.rpm
683a0d9c4efe743a6cc9d07b818f067a
corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
b3544b024bf20115b62d3d209c5bc087
corporate/3.0/x86_64/clamav-0.88.5-0.1.C30mdk.x86_64.rpm
03a9fddd95374f6f77dff6cca8b99524
corporate/3.0/x86_64/clamav-db-0.88.5-0.1.C30mdk.x86_64.rpm
810a7025eff37a6a1382299dd643eb7d
corporate/3.0/x86_64/clamav-milter-0.88.5-0.1.C30mdk.x86_64.rpm
70ac3e42511e94348f7abc519a33b486
corporate/3.0/x86_64/clamd-0.88.5-0.1.C30mdk.x86_64.rpm
b73cc847f492ebaeb4be946eeafb8727
corporate/3.0/x86_64/lib64clamav1-0.88.5-0.1.C30mdk.x86_64.rpm
13ae64b28effa69f671d1ba15f66ad36
corporate/3.0/x86_64/lib64clamav1-devel-0.88.5-0.1.C30mdk.x86_64.rpm

683a0d9c4efe743a6cc9d07b818f067a
corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm

Corporate 4.0:
08675f7f9190ece69a25710adaecf4f7
corporate/4.0/i586/clamav-0.88.5-0.1.20060mlcs4.i586.rpm
25334fa761a4fabdf54a58e7b0f816c9
corporate/4.0/i586/clamav-db-0.88.5-0.1.20060mlcs4.i586.rpm
eb2f5b811c13df00bcb6d8cbd48ddd56
corporate/4.0/i586/clamav-milter-0.88.5-0.1.20060mlcs4.i586.rpm
136398c2a827e64e9090fb54d09038af
corporate/4.0/i586/clamd-0.88.5-0.1.20060mlcs4.i586.rpm
ce07174bf64d73244eece879a30cbd24
corporate/4.0/i586/libclamav1-0.88.5-0.1.20060mlcs4.i586.rpm
2ab18a6b380c61528afc8300c63ce69a
corporate/4.0/i586/libclamav1-devel-0.88.5-0.1.20060mlcs4.i586.rpm

f4cb68b37b1866f70520881d89fd3718
corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6b08a2c1b74209be1b2eb024f868687f
corporate/4.0/x86_64/clamav-0.88.5-0.1.20060mlcs4.x86_64.rpm
2b566bb7262e0d81c8443953d974c69f
corporate/4.0/x86_64/clamav-db-0.88.5-0.1.20060mlcs4.x86_64.rpm
6d16860abac0a7fb31992ca3ef21052c
corporate/4.0/x86_64/clamav-milter-0.88.5-0.1.20060mlcs4.x86_64.rpm

eab31907b6561495acb164328c272ce0
corporate/4.0/x86_64/clamd-0.88.5-0.1.20060mlcs4.x86_64.rpm
7a260e2c3a524d259027c8e54c63adb4
corporate/4.0/x86_64/lib64clamav1-0.88.5-0.1.20060mlcs4.x86_64.rpm

3ba6065a13cfd18d7b73366872ea8ccd
corporate/4.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mlcs4.x86_64.rpm

f4cb68b37b1866f70520881d89fd3718
corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:185
http://www.mandriva.com/security/


Package : php
Date : October 17, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0


Problem Description:

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to
bypass certain Apache HTTP Server httpd.conf options, such as
safe_mode and open_basedir, via the ini_restore function, which
resets the values to their php.ini (Master Value) defaults.
(CVE-2006-4625)

A race condition in the symlink function in PHP 5.1.6 and
earlier allows local users to bypass the open_basedir restriction
by using a combination of symlink, mkdir, and unlink functions to
change the file path after the open_basedir check and before the
file is opened by the underlying system, as demonstrated by
symlinking a symlink into a subdirectory, to point to a parent
directory via .. (dot dot) sequences, and then unlinking the
resulting symlink. (CVE-2006-5178)

Because the design flaw cannot be solved it is strongly
recommended to disable the symlink() function if you are using the
open_basedir feature. You can achieve that by adding symlink to the
list of disabled functions within your php.ini:
disable_functions=…,symlink

The updated packages do not alter the system php.ini.

Updated packages have been patched to correct the CVE-2006-4625
issue. Users must restart Apache for the changes to take
effect.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5178


Updated Packages:

Mandriva Linux 2006.0:
7b9ad6634f3b5307025b87ad98561bd4
2006.0/i586/libphp5_common5-5.0.4-9.16.20060mdk.i586.rpm
0d8236ff100de2f5302823d5ba5b2352
2006.0/i586/php-cgi-5.0.4-9.16.20060mdk.i586.rpm
2a571c3bce931c414c23cf60a7adf794
2006.0/i586/php-cli-5.0.4-9.16.20060mdk.i586.rpm
1b5cc543c1274843eaa00e72d9ee0862
2006.0/i586/php-devel-5.0.4-9.16.20060mdk.i586.rpm
7c1c90f460b51eb7675f9fa297e49db6
2006.0/i586/php-fcgi-5.0.4-9.16.20060mdk.i586.rpm
017578a23304ae4f57d24de3d3f15cd8
2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2a059bc5330467dbeba77ea79b647874
2006.0/x86_64/lib64php5_common5-5.0.4-9.16.20060mdk.x86_64.rpm
3a59479574575a357e841abfbce8b143
2006.0/x86_64/php-cgi-5.0.4-9.16.20060mdk.x86_64.rpm
75e164fa3b7be5cd31d89c14e97abc7c
2006.0/x86_64/php-cli-5.0.4-9.16.20060mdk.x86_64.rpm
247d30753dfd7905dd551acddfe9ec38
2006.0/x86_64/php-devel-5.0.4-9.16.20060mdk.x86_64.rpm
30c793f9c493c8f75d554b9831adcc41
2006.0/x86_64/php-fcgi-5.0.4-9.16.20060mdk.x86_64.rpm
017578a23304ae4f57d24de3d3f15cd8
2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm

Mandriva Linux 2007.0:
6fe8562e783fc7ba1ffe6004747f6ea1
2007.0/i586/libphp5_common5-5.1.6-1.2mdv2007.0.i586.rpm
9535734bceebf3f5866d88df9ce13416
2007.0/i586/php-cgi-5.1.6-1.2mdv2007.0.i586.rpm
9c205cc11ea4bd566528cf484da6a799
2007.0/i586/php-cli-5.1.6-1.2mdv2007.0.i586.rpm
ea9d3720bab8912cedb03ba031448f02
2007.0/i586/php-devel-5.1.6-1.2mdv2007.0.i586.rpm
dbfdb03f5d8959305a74bee6d01f87bb
2007.0/i586/php-fcgi-5.1.6-1.2mdv2007.0.i586.rpm
7576b12cb3591dbc2ccda6a364ad78a0
2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1d5b9358b862e3d5a329d9e8dfdca7d6
2007.0/x86_64/lib64php5_common5-5.1.6-1.2mdv2007.0.x86_64.rpm
e761594b551c9416d3c525acd3404ec9
2007.0/x86_64/php-cgi-5.1.6-1.2mdv2007.0.x86_64.rpm
e33c203f34d05200eae7e807eb55db06
2007.0/x86_64/php-cli-5.1.6-1.2mdv2007.0.x86_64.rpm
8ff2c627456c5be71a49fe9713d7a04b
2007.0/x86_64/php-devel-5.1.6-1.2mdv2007.0.x86_64.rpm
251c46935c1137cec958766aef5940ee
2007.0/x86_64/php-fcgi-5.1.6-1.2mdv2007.0.x86_64.rpm
7576b12cb3591dbc2ccda6a364ad78a0
2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm

Corporate 3.0:
94d92ba1402025e29384e46c1e1d8417
corporate/3.0/i586/libphp_common432-4.3.4-4.21.C30mdk.i586.rpm
24b459dc2a595622306ffa6dd81110eb
corporate/3.0/i586/php432-devel-4.3.4-4.21.C30mdk.i586.rpm
dbcf46a2ea6ec148aef9def41559cb2c
corporate/3.0/i586/php-cgi-4.3.4-4.21.C30mdk.i586.rpm
c20d060d73d89bab88e20a1d2b7eb317
corporate/3.0/i586/php-cli-4.3.4-4.21.C30mdk.i586.rpm
2f30a3b70a2a71033239ab9f1a225007
corporate/3.0/SRPMS/php-4.3.4-4.21.C30mdk.src.rpm

Corporate 3.0/X86_64:
6a8d26121ca42d6412027e782ab3155e
corporate/3.0/x86_64/lib64php_common432-4.3.4-4.21.C30mdk.x86_64.rpm

f57e2926bd5720c4a701c30eff89c3d9
corporate/3.0/x86_64/php432-devel-4.3.4-4.21.C30mdk.x86_64.rpm
6bc7d2d669a7de8488a916daca0f9537
corporate/3.0/x86_64/php-cgi-4.3.4-4.21.C30mdk.x86_64.rpm
36a84a2b19392ac8fc233f284fefd4b1
corporate/3.0/x86_64/php-cli-4.3.4-4.21.C30mdk.x86_64.rpm
2f30a3b70a2a71033239ab9f1a225007
corporate/3.0/SRPMS/php-4.3.4-4.21.C30mdk.src.rpm

Corporate 4.0:
9a16fa6647a207b0b1bb83d3ffa9c0a7
corporate/4.0/i586/libphp4_common4-4.4.4-1.1.20060mlcs4.i586.rpm

cf05e55a175a6ef9082f921138e075d8
corporate/4.0/i586/libphp5_common5-5.1.6-1.1.20060mlcs4.i586.rpm

e21a56860c5b39ad4d0a973d0b5c04ae
corporate/4.0/i586/php4-cgi-4.4.4-1.1.20060mlcs4.i586.rpm
80ace134c6d464d2eae73f412792f824
corporate/4.0/i586/php4-cli-4.4.4-1.1.20060mlcs4.i586.rpm
41eb1b206d4ee9fc4e7a9536fe736e71
corporate/4.0/i586/php4-devel-4.4.4-1.1.20060mlcs4.i586.rpm
59f2320d9b1a149bde3addd9e6cd6f62
corporate/4.0/i586/php-cgi-5.1.6-1.1.20060mlcs4.i586.rpm
20a49834ba864b820956b8758cecbfe4
corporate/4.0/i586/php-cli-5.1.6-1.1.20060mlcs4.i586.rpm
a02cc4ffa1999da4ee3479b0af25972b
corporate/4.0/i586/php-devel-5.1.6-1.1.20060mlcs4.i586.rpm
4e4d849a1af4e2d74175ee0492585472
corporate/4.0/i586/php-fcgi-5.1.6-1.1.20060mlcs4.i586.rpm
8d0b699e033d7032f7a7395c09db0d8d
corporate/4.0/SRPMS/php4-4.4.4-1.1.20060mlcs4.src.rpm
ebb91921a4759e8f8c796a76b19903e0
corporate/4.0/SRPMS/php-5.1.6-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
88081e7ca8787e0c3a28bf09b8a3b276
corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.1.20060mlcs4.x86_64.rpm

06b0f4c04cc26c495421ad45dd54fbef
corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.1.20060mlcs4.x86_64.rpm

a978e89b61aebec8ab614f5fae97610b
corporate/4.0/x86_64/php4-cgi-4.4.4-1.1.20060mlcs4.x86_64.rpm
f63d42fbfadba50cc664e6e1d45cd75b
corporate/4.0/x86_64/php4-cli-4.4.4-1.1.20060mlcs4.x86_64.rpm
8ffc4994ae4916f3f02affe22e34506d
corporate/4.0/x86_64/php4-devel-4.4.4-1.1.20060mlcs4.x86_64.rpm
973b5ad29c8824382bdc590938275edb
corporate/4.0/x86_64/php-cgi-5.1.6-1.1.20060mlcs4.x86_64.rpm
db0a9003ca5f6a0a45e480755a32a6c9
corporate/4.0/x86_64/php-cli-5.1.6-1.1.20060mlcs4.x86_64.rpm
18aa080e3686268e6127857c354cda6a
corporate/4.0/x86_64/php-devel-5.1.6-1.1.20060mlcs4.x86_64.rpm
f3a6f93b353b9d4bdbf45f0d90b31d3f
corporate/4.0/x86_64/php-fcgi-5.1.6-1.1.20060mlcs4.x86_64.rpm
8d0b699e033d7032f7a7395c09db0d8d
corporate/4.0/SRPMS/php4-4.4.4-1.1.20060mlcs4.src.rpm
ebb91921a4759e8f8c796a76b19903e0
corporate/4.0/SRPMS/php-5.1.6-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
0658393ea4e410043f9870bd7c501c94
mnf/2.0/i586/libphp_common432-4.3.4-4.21.M20mdk.i586.rpm
bd00bdb12dd43728047dff4eda4e31bf
mnf/2.0/i586/php432-devel-4.3.4-4.21.M20mdk.i586.rpm
d7a103f7ec687688b117d1ed1193ef47
mnf/2.0/i586/php-cgi-4.3.4-4.21.M20mdk.i586.rpm
872e6981783ce2afe256210322997b5c
mnf/2.0/i586/php-cli-4.3.4-4.21.M20mdk.i586.rpm
30afbb282708f88fb06eb0b1fd2ae371
mnf/2.0/SRPMS/php-4.3.4-4.21.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: kdelibs security update
Advisory ID: RHSA-2006:0720-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0720.html
Issue date: 2006-10-18
Updated on: 2006-10-18
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4811


1. Summary:

Updated kdelibs packages that correct an integer overflow flaw
are now available.

This update has been rated as having critical security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

The kdelibs package provides libraries for the K Desktop
Environment (KDE). Qt is a GUI software toolkit for the X Window
System.

An integer overflow flaw was found in the way Qt handled pixmap
images. The KDE khtml library uses Qt in such a way that untrusted
parameters could be passed to Qt, triggering the overflow. An
attacker could for example create a malicious web page that when
viewed by a victim in the Konqueror browser would cause Konqueror
to crash or possibly execute arbitrary code with the privileges of
the victim. (CVE-2006-4811)

Users of KDE should upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

210742 – CVE-2006-4811 qt integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-21.EL2.src.rpm

7bb39d081bee9bfa1413e78c9ff0f2b3 kdelibs-2.2.2-21.EL2.src.rpm

i386:
e0ee638b0a77beb375bc060bfaca2641 arts-2.2.2-21.EL2.i386.rpm
03967e80022cf2761be284aa53261e20 kdelibs-2.2.2-21.EL2.i386.rpm
53a1ce03e3f18ef2cd2ebea9ed7435b7
kdelibs-devel-2.2.2-21.EL2.i386.rpm
2c25355a146310d01eef70852d00339a
kdelibs-sound-2.2.2-21.EL2.i386.rpm
47e69160a42afe9e96ea35ac0eac4c24
kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm

ia64:
f380e28d6a7d8fe6a9ad2b85db431afe arts-2.2.2-21.EL2.ia64.rpm
d36cf8ece25170b621ec363fdaf1c4d7 kdelibs-2.2.2-21.EL2.ia64.rpm
00d5b7cea3e8180f4b75d12162939ffb
kdelibs-devel-2.2.2-21.EL2.ia64.rpm
d6df99d11aec63bd41fd1c4729500f33
kdelibs-sound-2.2.2-21.EL2.ia64.rpm
294cbf6d4556abe209000a77fe7158c9
kdelibs-sound-devel-2.2.2-21.EL2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-21.EL2.src.rpm

7bb39d081bee9bfa1413e78c9ff0f2b3 kdelibs-2.2.2-21.EL2.src.rpm

ia64:
f380e28d6a7d8fe6a9ad2b85db431afe arts-2.2.2-21.EL2.ia64.rpm
d36cf8ece25170b621ec363fdaf1c4d7 kdelibs-2.2.2-21.EL2.ia64.rpm
00d5b7cea3e8180f4b75d12162939ffb
kdelibs-devel-2.2.2-21.EL2.ia64.rpm
d6df99d11aec63bd41fd1c4729500f33
kdelibs-sound-2.2.2-21.EL2.ia64.rpm
294cbf6d4556abe209000a77fe7158c9
kdelibs-sound-devel-2.2.2-21.EL2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-21.EL2.src.rpm

7bb39d081bee9bfa1413e78c9ff0f2b3 kdelibs-2.2.2-21.EL2.src.rpm

i386:
e0ee638b0a77beb375bc060bfaca2641 arts-2.2.2-21.EL2.i386.rpm
03967e80022cf2761be284aa53261e20 kdelibs-2.2.2-21.EL2.i386.rpm
53a1ce03e3f18ef2cd2ebea9ed7435b7
kdelibs-devel-2.2.2-21.EL2.i386.rpm
2c25355a146310d01eef70852d00339a
kdelibs-sound-2.2.2-21.EL2.i386.rpm
47e69160a42afe9e96ea35ac0eac4c24
kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-21.EL2.src.rpm

7bb39d081bee9bfa1413e78c9ff0f2b3 kdelibs-2.2.2-21.EL2.src.rpm

i386:
e0ee638b0a77beb375bc060bfaca2641 arts-2.2.2-21.EL2.i386.rpm
03967e80022cf2761be284aa53261e20 kdelibs-2.2.2-21.EL2.i386.rpm
53a1ce03e3f18ef2cd2ebea9ed7435b7
kdelibs-devel-2.2.2-21.EL2.i386.rpm
2c25355a146310d01eef70852d00339a
kdelibs-sound-2.2.2-21.EL2.i386.rpm
47e69160a42afe9e96ea35ac0eac4c24
kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.12.src.rpm

cdeb513ec6b326e719373afb39420b92 kdelibs-3.1.3-6.12.src.rpm

i386:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
1d572edb05e3c2fe8c5d77941a568cb8
kdelibs-devel-3.1.3-6.12.i386.rpm

ia64:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
e82d1157966f70ecc76b52b24daf0e4e kdelibs-3.1.3-6.12.ia64.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
e512dc01b3317adbe33ecf80e177c8b4
kdelibs-debuginfo-3.1.3-6.12.ia64.rpm
53b498e76562c78677ecba5849c8fe1d
kdelibs-devel-3.1.3-6.12.ia64.rpm

ppc:
21d58199f68c8397123a2588353804d4 kdelibs-3.1.3-6.12.ppc.rpm
648937ed5e2debab9a20c359fd98366e kdelibs-3.1.3-6.12.ppc64.rpm
6ae93eca4d0ab2e147814a5fe65f090e
kdelibs-debuginfo-3.1.3-6.12.ppc.rpm
c775cd973afff159cf0d0a675bcca9ac
kdelibs-debuginfo-3.1.3-6.12.ppc64.rpm
a42a48b95f9a99818162c5935126b095
kdelibs-devel-3.1.3-6.12.ppc.rpm

s390:
56c438a932ba65b4cd8cb5eb762c13e2 kdelibs-3.1.3-6.12.s390.rpm
f9e71ed2eafc6dfc8b9c05e98a29977b
kdelibs-debuginfo-3.1.3-6.12.s390.rpm
a0d89f77b3bbea0645dd4a647fd54418
kdelibs-devel-3.1.3-6.12.s390.rpm

s390x:
56c438a932ba65b4cd8cb5eb762c13e2 kdelibs-3.1.3-6.12.s390.rpm
95a04b9f581838eeb9a5a460888b395d kdelibs-3.1.3-6.12.s390x.rpm
f9e71ed2eafc6dfc8b9c05e98a29977b
kdelibs-debuginfo-3.1.3-6.12.s390.rpm
6bf6754fa06c51e1325d84a519e84ace
kdelibs-debuginfo-3.1.3-6.12.s390x.rpm
4900daf824ed5a24a7be87951abc7e46
kdelibs-devel-3.1.3-6.12.s390x.rpm

x86_64:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
05cddb98cc096807430e17eab725d811 kdelibs-3.1.3-6.12.x86_64.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
489fc6bab15b4271e0f7959dc843cbd2
kdelibs-debuginfo-3.1.3-6.12.x86_64.rpm
2ec6fcb91b8cf102e915755dd08632bd
kdelibs-devel-3.1.3-6.12.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.12.src.rpm

cdeb513ec6b326e719373afb39420b92 kdelibs-3.1.3-6.12.src.rpm

i386:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
1d572edb05e3c2fe8c5d77941a568cb8
kdelibs-devel-3.1.3-6.12.i386.rpm

x86_64:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
05cddb98cc096807430e17eab725d811 kdelibs-3.1.3-6.12.x86_64.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
489fc6bab15b4271e0f7959dc843cbd2
kdelibs-debuginfo-3.1.3-6.12.x86_64.rpm
2ec6fcb91b8cf102e915755dd08632bd
kdelibs-devel-3.1.3-6.12.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.12.src.rpm

cdeb513ec6b326e719373afb39420b92 kdelibs-3.1.3-6.12.src.rpm

i386:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
1d572edb05e3c2fe8c5d77941a568cb8
kdelibs-devel-3.1.3-6.12.i386.rpm

ia64:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
e82d1157966f70ecc76b52b24daf0e4e kdelibs-3.1.3-6.12.ia64.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
e512dc01b3317adbe33ecf80e177c8b4
kdelibs-debuginfo-3.1.3-6.12.ia64.rpm
53b498e76562c78677ecba5849c8fe1d
kdelibs-devel-3.1.3-6.12.ia64.rpm

x86_64:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
05cddb98cc096807430e17eab725d811 kdelibs-3.1.3-6.12.x86_64.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
489fc6bab15b4271e0f7959dc843cbd2
kdelibs-debuginfo-3.1.3-6.12.x86_64.rpm
2ec6fcb91b8cf102e915755dd08632bd
kdelibs-devel-3.1.3-6.12.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.12.src.rpm

cdeb513ec6b326e719373afb39420b92 kdelibs-3.1.3-6.12.src.rpm

i386:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
1d572edb05e3c2fe8c5d77941a568cb8
kdelibs-devel-3.1.3-6.12.i386.rpm

ia64:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
e82d1157966f70ecc76b52b24daf0e4e kdelibs-3.1.3-6.12.ia64.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
e512dc01b3317adbe33ecf80e177c8b4
kdelibs-debuginfo-3.1.3-6.12.ia64.rpm
53b498e76562c78677ecba5849c8fe1d
kdelibs-devel-3.1.3-6.12.ia64.rpm

x86_64:
403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.i386.rpm
05cddb98cc096807430e17eab725d811 kdelibs-3.1.3-6.12.x86_64.rpm
58ee9b6c0d991f6574ff77dea86cea62
kdelibs-debuginfo-3.1.3-6.12.i386.rpm
489fc6bab15b4271e0f7959dc843cbd2
kdelibs-debuginfo-3.1.3-6.12.x86_64.rpm
2ec6fcb91b8cf102e915755dd08632bd
kdelibs-devel-3.1.3-6.12.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdelibs-3.3.1-6.RHEL4.src.rpm

d07aedc884e8060bb5cbadce17445170 kdelibs-3.3.1-6.RHEL4.src.rpm

i386:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
d86a20d022f4ea51d8875b487c1c75da
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm

ia64:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
e123583a0a21fb489563815c9c9d1868 kdelibs-3.3.1-6.RHEL4.ia64.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
bba59d8b12cb7258260f1c2f328433c3
kdelibs-debuginfo-3.3.1-6.RHEL4.ia64.rpm
44fa4375f7b78e612f9b04b11d8bf8f5
kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm

ppc:
c18280f098ff9b6d99dd58ad51782041 kdelibs-3.3.1-6.RHEL4.ppc.rpm
1c334f023c58a14d572454e9b45f1b2b
kdelibs-3.3.1-6.RHEL4.ppc64.rpm
deb54fac47c6418b098e9b96b3906c4e
kdelibs-debuginfo-3.3.1-6.RHEL4.ppc.rpm
2f06ccb2ffecf0d06df4f2e62f8463b4
kdelibs-debuginfo-3.3.1-6.RHEL4.ppc64.rpm
095995d375aa9760e4a4c1bdb9388634
kdelibs-devel-3.3.1-6.RHEL4.ppc.rpm

s390:
85f41346ff63f6d21f39dd3febbec970 kdelibs-3.3.1-6.RHEL4.s390.rpm
3b948e3ddc6de216f06b2f09a34f5ba2
kdelibs-debuginfo-3.3.1-6.RHEL4.s390.rpm
8ec078b136feb262c48b44ed36c5dc2e
kdelibs-devel-3.3.1-6.RHEL4.s390.rpm

s390x:
85f41346ff63f6d21f39dd3febbec970 kdelibs-3.3.1-6.RHEL4.s390.rpm
9e610b0137cce3c69aa0e07a937171e1
kdelibs-3.3.1-6.RHEL4.s390x.rpm
3b948e3ddc6de216f06b2f09a34f5ba2
kdelibs-debuginfo-3.3.1-6.RHEL4.s390.rpm
53c751ceb0962651490067fa8007a88f
kdelibs-debuginfo-3.3.1-6.RHEL4.s390x.rpm
f9cbe45ea627ac1239568ec1a71052fb
kdelibs-devel-3.3.1-6.RHEL4.s390x.rpm

x86_64:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
84bbed7e29aaab4bba60154ff934985c
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
c52c0a3bc9f90a3e389e38534d8a65a4
kdelibs-debuginfo-3.3.1-6.RHEL4.x86_64.rpm
cde349bab7f05a191e2d8cdbd150be65
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdelibs-3.3.1-6.RHEL4.src.rpm

d07aedc884e8060bb5cbadce17445170 kdelibs-3.3.1-6.RHEL4.src.rpm

i386:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
d86a20d022f4ea51d8875b487c1c75da
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm

x86_64:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
84bbed7e29aaab4bba60154ff934985c
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
c52c0a3bc9f90a3e389e38534d8a65a4
kdelibs-debuginfo-3.3.1-6.RHEL4.x86_64.rpm
cde349bab7f05a191e2d8cdbd150be65
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdelibs-3.3.1-6.RHEL4.src.rpm

d07aedc884e8060bb5cbadce17445170 kdelibs-3.3.1-6.RHEL4.src.rpm

i386:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
d86a20d022f4ea51d8875b487c1c75da
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm

ia64:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
e123583a0a21fb489563815c9c9d1868 kdelibs-3.3.1-6.RHEL4.ia64.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
bba59d8b12cb7258260f1c2f328433c3
kdelibs-debuginfo-3.3.1-6.RHEL4.ia64.rpm
44fa4375f7b78e612f9b04b11d8bf8f5
kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm

x86_64:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
84bbed7e29aaab4bba60154ff934985c
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
c52c0a3bc9f90a3e389e38534d8a65a4
kdelibs-debuginfo-3.3.1-6.RHEL4.x86_64.rpm
cde349bab7f05a191e2d8cdbd150be65
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdelibs-3.3.1-6.RHEL4.src.rpm

d07aedc884e8060bb5cbadce17445170 kdelibs-3.3.1-6.RHEL4.src.rpm

i386:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
d86a20d022f4ea51d8875b487c1c75da
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm

ia64:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
e123583a0a21fb489563815c9c9d1868 kdelibs-3.3.1-6.RHEL4.ia64.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
bba59d8b12cb7258260f1c2f328433c3
kdelibs-debuginfo-3.3.1-6.RHEL4.ia64.rpm
44fa4375f7b78e612f9b04b11d8bf8f5
kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm

x86_64:
39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.i386.rpm
84bbed7e29aaab4bba60154ff934985c
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
7d142be854bb659f6fda5e9e5e18c6a6
kdelibs-debuginfo-3.3.1-6.RHEL4.i386.rpm
c52c0a3bc9f90a3e389e38534d8a65a4
kdelibs-debuginfo-3.3.1-6.RHEL4.x86_64.rpm
cde349bab7f05a191e2d8cdbd150be65
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.
More contact details at
https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

rPath Linux

rPath Security Advisory: 2006-0194-1
Published: 2006-10-17
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Remote Deterministic Denial of
Service
Updated Versions:
kernel=/conary.rpath.com@rpl:devel//1/2.6.17.14-0.1-1

References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4623
https://issues.rpath.com/browse/RPL-721

Description:

Previous versions of the kernel package are vulnerable to remote
denial of service attacks if the dvb-core module is loaded and
configured to enable IP traffic over Digital Video Broadcast ISO
MPEG-2 Transport Streams (RFC4326, RFC4259). The tools to configure
it are not included in rPath Linux, so rPath Linux in its default
configuration is not vulnerable.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis