Red Hat Security Advisory: ORBit, esound, gnome-core | Linux Today

Red Hat Security Advisory: ORBit, esound, gnome-core

Written By
Web Webster
Web Webster
Dec 6, 1999

Date: Mon, 6 Dec 1999 13:10:55 -0500 (EST)
From: Elliot Lee <sopwith@redhat.com>
To: redhat-watch-list@redhat.com,
redhat-announce-list@redhat.com


Red Hat, Inc. Security Advisory

Synopsis: new ORBit, esound, and gnome-core packages
Advisory ID: RHSA-1999:058-01
Issue date: 1999-12-03


1. Topic:

ORBit and gnome-session each contained a denial-of-service
hole.

ORBit and esound each contained a security hole.

2. Relevant releases/architectures:

Red Hat Linux 6.1

3. Problem description:

ORBit and esound used a source of random data that was easily
guessable, possibly allowing an attacker with local access to guess
the authentication keys used to control access to these
services.

ORBit and gnome-session contained a bug that allowed attackers
to remotely crash a program under unusual circumstances. In
addition to fixing these problems, TCP Wrappers support has been
added to gnome-session. ORBit already makes use of TCP Wrappers. It
is recommended that this functionality be used when additional
access controls are desired on network access to these
services.

4. Solution:

For each RPM for your particular architecture, run:
rpm -Uvh
where filename is the name of the RPM.

5. RPMs required:

Intel:
ftp://updates.redhat.com/6.1/i386/ORBit-0.5.0-2.i386.rpm

ftp://updates.redhat.com/6.1/i386/ORBit-devel-0.5.0-2.i386.rpm

ftp://updates.redhat.com/6.1/i386/esound-0.2.17-1.i386.rpm

ftp://updates.redhat.com/6.1/i386/esound-devel-0.2.17-1.i386.rpm

ftp://updates.redhat.com/6.1/i386/gnome-core-1.0.54-2.i386.rpm


ftp://updates.redhat.com/6.1/i386/gnome-core-devel-1.0.54-2.i386.rpm

Sparc:
ftp://updates.redhat.com/6.1/sparc/ORBit-0.5.0-2.sparc.rpm

ftp://updates.redhat.com/6.1/sparc/ORBit-devel-0.5.0-2.sparc.rpm

ftp://updates.redhat.com/6.1/sparc/esound-0.2.17-1.sparc.rpm


ftp://updates.redhat.com/6.1/sparc/esound-devel-0.2.17-1.sparc.rpm

ftp://updates.redhat.com/6.1/sparc/gnome-core-1.0.54-2.sparc.rpm


ftp://updates.redhat.com/6.1/sparc/gnome-core-devel-1.0.54-2.sparc.rpm

Source packages:
ftp://updates.redhat.com/6.1/SRPMS/ORBit-0.5.0-2.src.rpm

ftp://updates.redhat.com/6.1/SRPMS/esound-0.2.17-1.src.rpm

ftp://updates.redhat.com/6.1/SRPMS/gnome-core-1.0.54-2.src.rpm

9. Verification:

MD5 sum                           Package Name

35cb261853a01711fb47ee6d48149bd4 i386/ORBit-0.5.0-2.i386.rpm
808e9dca462f8ef765b454b25e017614 i386/ORBit-devel-0.5.0-2.i386.rpm
261e7063065c50f5eb4235cb373c85f1 i386/esound-0.2.17-1.i386.rpm
fa44e546df9b307cec6557cac0112eff i386/esound-devel-0.2.17-1.i386.rpm
d8c3814f4b8c19c38af526271dd1c294 i386/gnome-core-1.0.54-2.i386.rpm
a689359b3ff0bbe3ebc908a4ab5aaaad i386/gnome-core-devel-1.0.54-2.i386.rpm
4ce667c72a33146c5280cc7fecba0f4d sparc/ORBit-0.5.0-2.sparc.rpm
473056e09906fe49914c1d79dd30dc98 sparc/ORBit-devel-0.5.0-2.sparc.rpm
8ed14577fb93f8c684a98962c564b772 sparc/esound-0.2.17-1.sparc.rpm
0f8965c2d13bc000a87ed26ab5459ffb sparc/esound-devel-0.2.17-1.sparc.rpm
11a28ec13e110cbaabb403333efe27c1 sparc/gnome-core-1.0.54-2.sparc.rpm
7b86b6bb257376242e88096f1aafc722 sparc/gnome-core-devel-1.0.54-2.sparc.rpm
9fa749891ed4e9505b07cac512e80808 SRPMS/ORBit-0.5.0-2.src.rpm
4d34ef79104c3b754f368900a1f09370 SRPMS/esound-0.2.17-1.src.rpm
48f5b99bc92048e99e159a026b314871 SRPMS/gnome-core-1.0.54-2.src.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg

— Elliot

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.