RHSA-2010:0271-04 Important: kvm security, bug fix and enhancement update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kvm security, bug fix and enhancement update
Advisory ID: RHSA-2010:0271-04
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0271.html
Issue date: 2010-03-30
CVE Names: CVE-2010-0741
=====================================================================

1. Summary:

Updated kvm packages that fix one security issue, multiple bugs, and add
enhancements are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Multi OS (v. 5 client) - x86_64
RHEL Virtualization (v. 5 server) - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

A flaw was found in the way QEMU-KVM handled erroneous data provided by
the Linux virtio-net driver, used by guest operating systems. Due to a
deficiency in the TSO (TCP segment offloading) implementation, a guest's
virtio-net driver would transmit improper data to a certain QEMU-KVM
process on the host, causing the guest to crash. A remote attacker could
use this flaw to send specially-crafted data to a target guest system,
causing that guest to crash. (CVE-2010-0741)

Additionally, these updated packages include numerous bug fixes and
enhancements. Refer to the KVM chapter of the Red Hat Enterprise Linux 5.5
Technical Notes for details:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kvm.html

All KVM users should upgrade to these updated packages, which resolve this
issue as well as fixing the bugs and adding the enhancements noted in the
Technical Notes. Note: The procedure in the Solution section must be
performed before this update will take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

5. Bugs fixed (http://bugzilla.redhat.com/):

508040 - Windows XP not using all CPUS
510706 - qemu-kvm segfault when using i82551 vnic
511072 - KVM - qemu-img fail to copy a RAW format image over FCP storage
512672 - Remove initrd warning message
515549 - upstream qemu issues on rhel 5.4
515655 - Add result test to prevent Infinite loop in raw_pread, reading too large offset
515749 - Remove warnings from kvm compilation
516545 - qemu-kvm crashed when setting 32bitwin28k with 64G ram
516672 - Disable unused/unsupported features on qemu-kvm
516762 - qemu aborted when restart 32bitwin23k with more than 4G mem in intel host.
517223 - BUG: warning at /builddir/build/BUILD/kvm-83-maint-snapshot-20090205/kernel-/x86/x86.c:240/kvm_queue_exception_e() (Tainted: G )
518090 - [RFE] KVM should be able to export advanced cpu flags to the guest
518169 - Bad qcow2 performance with cache=off
519397 - KVM: MMU: make __kvm_mmu_free_some_pages handle empty list (upstream backport)
520285 - windows 64 bit does vmexit on each cr8 access.
521025 - rtc-td-hack stopped working. Time drifts in windows
521749 - Guest Window2008-R2-datacenter installation is stopped at step "Setup will continue after restarting your computer" (AMD host only)
521835 - German keymap using KVM+VNC missing some keys
522887 - Call to migrate_set_speed after a migrate_cancel causes segmentation fault in kvm
524970 - Guest single-cpu IPI leads to a global IPI on host
525323 - QEMU terminates without warning with virtio-net and SMP enabled
525699 - x86_64 guest hang when set guest's cpu1 online on AMD host
526124 - ne model failed to get ip address
526837 - KVM: x86: verify MTRR/PAT validity (upstream backport)
527722 - Build tree for RHEL 5.X and RHEL 5.4.z contains build bugs
528310 - when kvm is load, Kernel panic on rebooting after implement suspend and resume
529694 - -initrd is broken with > 4GB guests
530134 - RFE - In-place backing file format change
530533 - debug message is displayed when save VM state into a compressed file
531631 - Windows XP unattended install doesn't get an IP address after rebooting, if using -net user
531701 - pvclock msr values are not preserved across remote migration
531827 - O/S Filesystem Corruption with RHEL-5.4 on a RHEV Guest
532086 - Rhev-Block driver causes 'unhandled vm exit' with 32bit win2k3r2sp2 Guest VM on restart
533059 - kvm modules can't be built against latest kernel-devel package
533197 - kvm kmod package should filter only some specific ksym dependencies
533390 - RHEL5.4 VM image corruption with an IDE v-disk
533453 - kvm kmod package should require a compatible kernel version
537075 - qcow2: infinite recursion on grow_refcount_table() error handling
537077 - error codes aren't always propagated up through the block layer (e.g. -ENOSPC)
537646 - backports of qemu barrier support
537655 - qemu-img: error creating a new preallocated volume image on FCP storage
537888 - fix unsafe device data handling
539250 - Cannot eject cd-rom when configured to host cd-rom
539589 - kvm can't build against kernel-2.6.18-174.el5
540893 - qemu-img: snapshot info error
541084 - KVM: x86: Add KVM_GET/SET_VCPU_EVENTS
541731 - kvm: migration: mechanism to make older savevm versions to be emitted on some cases
542923 - Get segmentation fault when running with ide block on kvm-83-136.el5
543137 - time drift in win2k364 KVM guest
543979 - gPXE fails to PXE boot on e1000 virtual NIC
545136 - CVE-2010-0741 whitelist host virtio networking features
545194 - Discrepancy between man page and source code for qcow2 with regards to default value used when no explicit caching is specified
546019 - kvm: use gpxe PXE roms if available
546039 - [FEAT] Supported KVM guests for RHEL5.5
549938 - Maintain barrier state after migration
550053 - require newer etherboot package that is compatible with new pxe ROM paths
550265 - gPXE fails to PXE boot on e1000 virtual NIC
550755 - Hypercall driver doesn't reset device on power-down
552487 - Guest image corruption after RHEV-H update to 5.4-2.1.3.el5_4rhev2_1 using virtio-blk
553187 - Add rhel-5.4.4 support to rhel5.5.0
555780 - iozone test can not finish when using virtio_blk in RHEL5u4 guest.
557327 - migration failed with -M rhel5.4.4 between host 5.5 and host 5.4.4
558195 - kvm: NFS : kvm-qemu-img convert failure on RAW/Sparse template with COW/Sparse snapshot
559163 - migration failed host 5.5 with -M rhel5.5.0 to host 5.5 with -M rhel5.5.0.
559509 - KVM:Wake up from hibernation operation failed ( migration to file )
563141 - qemu-img re-base subcommand got Segmentation fault
569762 - 'qemu-img re-base' broken on block devices
577218 - CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver

6. Package List:

RHEL Desktop Multi OS (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-164.el5.src.rpm

x86_64:
kmod-kvm-83-164.el5.x86_64.rpm
kvm-83-164.el5.x86_64.rpm
kvm-debuginfo-83-164.el5.x86_64.rpm
kvm-qemu-img-83-164.el5.x86_64.rpm
kvm-tools-83-164.el5.x86_64.rpm

RHEL Virtualization (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-164.el5.src.rpm

x86_64:
kmod-kvm-83-164.el5.x86_64.rpm
kvm-83-164.el5.x86_64.rpm
kvm-debuginfo-83-164.el5.x86_64.rpm
kvm-qemu-img-83-164.el5.x86_64.rpm
kvm-tools-83-164.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0741.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLsi8fXlSAg2UNWIIRAgfYAJ9LZwTOO4UlmeSOQJZQ7zotl0ZBLQCfeLn2
lByI1aSKVsI9RnlzTJqYoIY=
=CCMj
-----END PGP SIGNATURE-----
"

RHSA-2010:0126-01 Important: kvm security and bug fix updateCypress Hill ‘Trouble Seeker’ collaboration clip

RHSA-2010:0237-05 Low: sendmail security and bug fix update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: sendmail security and bug fix update
Advisory ID: RHSA-2010:0237-05
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0237.html
Issue date: 2010-03-30
CVE Names: CVE-2006-7176 CVE-2009-4565
=====================================================================

1. Summary:

Updated sendmail packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver
mail from one machine to another. Sendmail is not a client program, but
rather a behind-the-scenes daemon that moves email over networks or the
Internet to its final destination.

The configuration of sendmail in Red Hat Enterprise Linux was found to not
reject the "localhost.localdomain" domain name for email messages that come
from external hosts. This could allow remote attackers to disguise spoofed
messages. (CVE-2006-7176)

A flaw was found in the way sendmail handled NUL characters in the
CommonName field of X.509 certificates. An attacker able to get a
carefully-crafted certificate signed by a trusted Certificate Authority
could trick sendmail into accepting it by mistake, allowing the attacker to
perform a man-in-the-middle attack or bypass intended client certificate
authentication. (CVE-2009-4565)

Note: The CVE-2009-4565 issue only affected configurations using TLS with
certificate verification and CommonName checking enabled, which is not a
typical configuration.

This update also fixes the following bugs:

* sendmail was unable to parse files specified by the ServiceSwitchFile
option which used a colon as a separator. (BZ#512871)

* sendmail incorrectly returned a zero exit code when free space was low.
(BZ#299951)

* the sendmail manual page had a blank space between the -qG option and
parameter. (BZ#250552)

* the comments in the sendmail.mc file specified the wrong path to SSL
certificates. (BZ#244012)

* the sendmail packages did not provide the MTA capability. (BZ#494408)

All users of sendmail are advised to upgrade to these updated packages,
which resolve these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

238540 - CVE-2006-7176 sendmail allows external mail with from address xxx@localhost.localdomain
244012 - Old path to openssl used in sendmail.mc
250552 - the description about option '-qG name' should be modified in the manpage
440616 - there should be %{?dist} instead of %{dist} in the *.spec on the Release: line
449391 - sendmail allows external mail with from address xxx@localhost.localdomain
494408 - Sendmail should provide "MTA"
552622 - CVE-2009-4565 sendmail: incorrect verification of SSL certificate with NUL in name

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sendmail-8.13.8-8.el5.src.rpm

i386:
sendmail-8.13.8-8.el5.i386.rpm
sendmail-cf-8.13.8-8.el5.i386.rpm
sendmail-debuginfo-8.13.8-8.el5.i386.rpm
sendmail-doc-8.13.8-8.el5.i386.rpm

x86_64:
sendmail-8.13.8-8.el5.x86_64.rpm
sendmail-cf-8.13.8-8.el5.x86_64.rpm
sendmail-debuginfo-8.13.8-8.el5.x86_64.rpm
sendmail-doc-8.13.8-8.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sendmail-8.13.8-8.el5.src.rpm

i386:
sendmail-debuginfo-8.13.8-8.el5.i386.rpm
sendmail-devel-8.13.8-8.el5.i386.rpm

x86_64:
sendmail-debuginfo-8.13.8-8.el5.i386.rpm
sendmail-debuginfo-8.13.8-8.el5.x86_64.rpm
sendmail-devel-8.13.8-8.el5.i386.rpm
sendmail-devel-8.13.8-8.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sendmail-8.13.8-8.el5.src.rpm

i386:
sendmail-8.13.8-8.el5.i386.rpm
sendmail-cf-8.13.8-8.el5.i386.rpm
sendmail-debuginfo-8.13.8-8.el5.i386.rpm
sendmail-devel-8.13.8-8.el5.i386.rpm
sendmail-doc-8.13.8-8.el5.i386.rpm

ia64:
sendmail-8.13.8-8.el5.ia64.rpm
sendmail-cf-8.13.8-8.el5.ia64.rpm
sendmail-debuginfo-8.13.8-8.el5.ia64.rpm
sendmail-devel-8.13.8-8.el5.ia64.rpm
sendmail-doc-8.13.8-8.el5.ia64.rpm

ppc:
sendmail-8.13.8-8.el5.ppc.rpm
sendmail-cf-8.13.8-8.el5.ppc.rpm
sendmail-debuginfo-8.13.8-8.el5.ppc.rpm
sendmail-debuginfo-8.13.8-8.el5.ppc64.rpm
sendmail-devel-8.13.8-8.el5.ppc.rpm
sendmail-devel-8.13.8-8.el5.ppc64.rpm
sendmail-doc-8.13.8-8.el5.ppc.rpm

s390x:
sendmail-8.13.8-8.el5.s390x.rpm
sendmail-cf-8.13.8-8.el5.s390x.rpm
sendmail-debuginfo-8.13.8-8.el5.s390.rpm
sendmail-debuginfo-8.13.8-8.el5.s390x.rpm
sendmail-devel-8.13.8-8.el5.s390.rpm
sendmail-devel-8.13.8-8.el5.s390x.rpm
sendmail-doc-8.13.8-8.el5.s390x.rpm

x86_64:
sendmail-8.13.8-8.el5.x86_64.rpm
sendmail-cf-8.13.8-8.el5.x86_64.rpm
sendmail-debuginfo-8.13.8-8.el5.i386.rpm
sendmail-debuginfo-8.13.8-8.el5.x86_64.rpm
sendmail-devel-8.13.8-8.el5.i386.rpm
sendmail-devel-8.13.8-8.el5.x86_64.rpm
sendmail-doc-8.13.8-8.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2006-7176.html
https://www.redhat.com/security/data/cve/CVE-2009-4565.html
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLsi5eXlSAg2UNWIIRAlOpAJ4gp1kqN+jdrzeE8qXWBaebBxJahQCgo73H
n00iMkWN1fCmnabjXrFzOPo=
=aqpQ
-----END PGP SIGNATURE-----
"

RHSA-2010:0115-01 Moderate: pidgin security updateSusan Boyle thief to face court

USN-919-1: Emacs vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-919-1 March 29, 2010
emacs22, emacs23 vulnerability
CVE-2010-0825
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
emacs22-bin-common 22.1-0ubuntu10.2

Ubuntu 8.10:
emacs22-bin-common 22.2-0ubuntu2.8.10.1

Ubuntu 9.04:
emacs22-bin-common 22.2-0ubuntu2.9.04.1

Ubuntu 9.10:
emacs22-bin-common 22.2-0ubuntu6.2
emacs23-bin-common 23.1+1-4ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Dan Rosenberg discovered that the email helper in Emacs did not correctly
check file permissions. A local attacker could perform a symlink race
to read or append to another user's mailbox if it was stored under a
group-writable group-"mail" directory.


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu10.2.diff.gz
Size/MD5: 38655 cbe84aef313d2e8bd3e08599b81bdf2b
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu10.2.dsc
Size/MD5: 1122 fbfe65bdf6165a8ba5583ed02e8f1cab
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1.orig.tar.gz
Size/MD5: 38172226 6949df37caec2d7a2e0eee3f1b422726

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22.1-0ubuntu10.2_all.deb
Size/MD5: 18579808 d74d62011312e509476e2629f150933d
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.1-0ubuntu10.2_all.deb
Size/MD5: 11172978 42d15ac1064967788698dd4cf4eb40a0
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_22.1-0ubuntu10.2_all.deb
Size/MD5: 6440 32e8fcf02b0ace38cc1d5a8754a3c576

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu10.2_amd64.deb
Size/MD5: 181892 9032c6a6920a81a77142fd560ba4e45a
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu10.2_amd64.deb
Size/MD5: 1935066 c2d889351ab581df818063b26dcabddd
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu10.2_amd64.deb
Size/MD5: 2216596 1bc65224a700c6b0598a572b09abe677
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu10.2_amd64.deb
Size/MD5: 2209332 85d008c0cb14172bfffee5643d25694b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu10.2_i386.deb
Size/MD5: 163548 202c4f7ae1c50e746c1e4847b91de068
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu10.2_i386.deb
Size/MD5: 1708274 f267506e27da59c3f9093767e2db8401
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu10.2_i386.deb
Size/MD5: 1957134 cb696888d4de2de28f371e84976dab2e
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu10.2_i386.deb
Size/MD5: 1951340 781cf671c8efa3137c7bbc4ece7391b1

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu10.2_lpia.deb
Size/MD5: 164208 0b21e188a6bc47d2c05486bfc2d05b18
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu10.2_lpia.deb
Size/MD5: 1720652 183dbf8108227ca5dcfb16f9b24d586a
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.1-0ubuntu10.2_lpia.deb
Size/MD5: 1971638 91cee58da2c0e43d1635a7fce6f0b2a2
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu10.2_lpia.deb
Size/MD5: 1964228 0740571795bbbb7b13d877fe17647724

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu10.2_powerpc.deb
Size/MD5: 180684 f8bc60549bb97edf643b45ea0bd60669
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu10.2_powerpc.deb
Size/MD5: 1849642 8a454f033a136d8388934186b9d736b9
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.1-0ubuntu10.2_powerpc.deb
Size/MD5: 2125518 17c1605189e7027b9d557ff77239243e
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu10.2_powerpc.deb
Size/MD5: 2112776 0fc29037d072138fa3673cbf7c6c5ee6

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu10.2_sparc.deb
Size/MD5: 168942 3d0cdd462f145a82039c6cb49644abf1
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu10.2_sparc.deb
Size/MD5: 1802114 73b59c3e17ff0b5063bdffed3d137927
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.1-0ubuntu10.2_sparc.deb
Size/MD5: 2053796 ef3767734945d2a19cb45cc84c0626f5
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu10.2_sparc.deb
Size/MD5: 2048560 50e2cfc034f17b74f9a45e1461fe8f38

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.8.10.1.diff.gz
Size/MD5: 29547 0c5f5a4ab112c90dd2e3f1bfea60fbe3
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.8.10.1.dsc
Size/MD5: 1536 63c9cdaa4ab35bf60c53e0b6f3296043
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2.orig.tar.gz
Size/MD5: 38694318 d6ee586b8752351334ebf072904c4d51

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22.2-0ubuntu2.8.10.1_all.deb
Size/MD5: 18786054 95c5bab14043d952307869a2807c4893
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.2-0ubuntu2.8.10.1_all.deb
Size/MD5: 11341292 4feccd81f69b2c16b786133b0645df05
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_22.2-0ubuntu2.8.10.1_all.deb
Size/MD5: 6482 736f310faecd206ba850b22bc2554e87

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.8.10.1_amd64.deb
Size/MD5: 186396 25ecb44a7e2faa96fa5db7c21c1f51ec
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.8.10.1_amd64.deb
Size/MD5: 1957334 8a1f10fba68dde139389d5cd40c6f925
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.8.10.1_amd64.deb
Size/MD5: 2256898 7d05458bf546b81e57f6436b2cfe7eba
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.8.10.1_amd64.deb
Size/MD5: 2253002 2073f6006af89daac64aafd3d150059c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.8.10.1_i386.deb
Size/MD5: 167798 40d23593020ed637b7c454a23817b3e4
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.8.10.1_i386.deb
Size/MD5: 1724990 b1fc2faa50ed90d40b7909645587e75a
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.8.10.1_i386.deb
Size/MD5: 1987260 fd8a00a732872c07ca360f31a0c46199
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.8.10.1_i386.deb
Size/MD5: 1979304 e809f77f0d286b5eee6d7f39194588cd

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.8.10.1_lpia.deb
Size/MD5: 166802 4cc450f09be18b0879e6de787d4facb6
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.8.10.1_lpia.deb
Size/MD5: 1736652 46e2b67683164cdb82d87bc4eaa673e2
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.8.10.1_lpia.deb
Size/MD5: 1997832 ffbe9f81845d2d489f9e7e7ab2b44b22
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.8.10.1_lpia.deb
Size/MD5: 1992342 c28f92b0c098505c121df00b2f099ae7

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.8.10.1_powerpc.deb
Size/MD5: 180558 630e134d21d3ec1b9a84aa0c890fc2f3
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.8.10.1_powerpc.deb
Size/MD5: 1869408 e3e99377f918131f1b256aef182ef63b
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.8.10.1_powerpc.deb
Size/MD5: 2154228 5e07fb85d9c39483e6edfec44ff48dd0
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.8.10.1_powerpc.deb
Size/MD5: 2141538 447ca48aebf9448dceb9ea5571b81e93

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.8.10.1_sparc.deb
Size/MD5: 174516 4b11033d324fd6c73811640800a6cc83
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.8.10.1_sparc.deb
Size/MD5: 1819808 e4835ba72d9178e0b6f5a2cbbc51f766
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.8.10.1_sparc.deb
Size/MD5: 2081240 50f48e66531ad7b02c1ac054aebd1595
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.8.10.1_sparc.deb
Size/MD5: 2073432 9c5e35c71b9e3b786a436702b5e3064e

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.9.04.1.diff.gz
Size/MD5: 29552 8b671a3d031186e746541b08bc50341c
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.9.04.1.dsc
Size/MD5: 1536 cf9490eb317d68e5f9d41d8db4ede9b1
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2.orig.tar.gz
Size/MD5: 38694318 d6ee586b8752351334ebf072904c4d51

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22.2-0ubuntu2.9.04.1_all.deb
Size/MD5: 18784278 e6e4244719d79f2287b6fc31daaaeb94
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.2-0ubuntu2.9.04.1_all.deb
Size/MD5: 11341306 1bd369ef196b4f4ec5437f1c0b196fbb
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_22.2-0ubuntu2.9.04.1_all.deb
Size/MD5: 6476 1458fbca336810f27c7d363834387d1c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.9.04.1_amd64.deb
Size/MD5: 186404 f5b08c4375ba1a743de3124c820405d5
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.9.04.1_amd64.deb
Size/MD5: 1957316 79b0d20e0610ba8da4f123dac603a401
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.9.04.1_amd64.deb
Size/MD5: 2256758 d8d04f5894b78b41dba4076e12cc033c
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.9.04.1_amd64.deb
Size/MD5: 2252796 8f350568a8af3aaf639267139ef20d73

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.9.04.1_i386.deb
Size/MD5: 167810 2a26d0664029383ae4dbebcac4a70f0d
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.9.04.1_i386.deb
Size/MD5: 1725148 8544627294815e1d2a4c86e9e008ddc3
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.9.04.1_i386.deb
Size/MD5: 1987130 c34ba677ce76825522dc337761865ca2
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.9.04.1_i386.deb
Size/MD5: 1979138 55b7ee8ca0a8453dd73123870858fee9

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.9.04.1_lpia.deb
Size/MD5: 166862 eee082cd01a2e928777070243a1a1a1a
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.9.04.1_lpia.deb
Size/MD5: 1736620 abe68f2f675b32fe66e53d7778d1b921
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.9.04.1_lpia.deb
Size/MD5: 1997670 030f2209614b2fd6659fe71f1382aa76
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.9.04.1_lpia.deb
Size/MD5: 1992302 804c0d86965d179bab4c7e767cdca546

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.9.04.1_powerpc.deb
Size/MD5: 180514 029ba18b8df6db6b866c60f24df90b29
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.9.04.1_powerpc.deb
Size/MD5: 1869334 6ca25c95496afbdb988401a9cab7c3d0
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.9.04.1_powerpc.deb
Size/MD5: 2153826 820332a618c82f122479c0ec35965db4
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.9.04.1_powerpc.deb
Size/MD5: 2141344 41291f95d69cf157136a9e28dd9dce79

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu2.9.04.1_sparc.deb
Size/MD5: 174412 334e0598ec5eab1e59f17044bac404a3
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu2.9.04.1_sparc.deb
Size/MD5: 1819790 81944c050c3b327b1acac5bb4865fecc
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu2.9.04.1_sparc.deb
Size/MD5: 2081204 fa0e238159781de58d0ef1fbf191436a
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu2.9.04.1_sparc.deb
Size/MD5: 2075786 3bf83db227d543b01443aa5ff89ffa8e

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu6.2.diff.gz
Size/MD5: 31877 8fc012e0ec3d35e209244a79eac9baa2
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu6.2.dsc
Size/MD5: 1516 155c2c690fce20a0af2684b19a185ba7
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2.orig.tar.gz
Size/MD5: 38694318 d6ee586b8752351334ebf072904c4d51
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23_23.1+1-4ubuntu3.2.diff.gz
Size/MD5: 3999845 8bfeee3f31ef2c4c318d03eefd25d667
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23_23.1+1-4ubuntu3.2.dsc
Size/MD5: 1670 fcb4dcd7d51b5330028b38d644078583
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23_23.1+1.orig.tar.gz
Size/MD5: 25487304 1706bfc4ad49a2d98c289f7b24527a56

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22.2-0ubuntu6.2_all.deb
Size/MD5: 18783356 04cc3b7ffe2e92f6f808d4ba3925a188
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.2-0ubuntu6.2_all.deb
Size/MD5: 11341772 54c9dba83919461e33eb5788cb5adbcf
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_23.1+1-4ubuntu2+22.2+0ubuntu6.2_all.deb
Size/MD5: 6968 00fe5d96053f33f9f37ccc61f5269d0f
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-common_23.1+1-4ubuntu3.2_all.deb
Size/MD5: 20629134 33a3942565bea6743cae4585c20787bf
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-el_23.1+1-4ubuntu3.2_all.deb
Size/MD5: 12267256 77dcf68f99350f03adfe0d7ea4f8296b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu6.2_amd64.deb
Size/MD5: 188360 54db1802338b6c717a70d0c40d1060e6
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu6.2_amd64.deb
Size/MD5: 1973824 963c76da1319a5defe13db34fc56e648
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu6.2_amd64.deb
Size/MD5: 2275230 7ae9063a2dd983159ae01991496b8ffd
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu6.2_amd64.deb
Size/MD5: 2270762 679b951e743e2de74361b79fc05eed3a
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-bin-common_23.1+1-4ubuntu3.2_amd64.deb
Size/MD5: 192018 762adf13bec5f00b4e34443f9f11e945
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-lucid_23.1+1-4ubuntu3.2_amd64.deb
Size/MD5: 3384630 4e1f2821e73b7fa644fe53d0c58a4e14
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-nox_23.1+1-4ubuntu3.2_amd64.deb
Size/MD5: 3048918 4ddfe550941347f1e380bac235253bd0
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23_23.1+1-4ubuntu3.2_amd64.deb
Size/MD5: 3382452 22789c166880c6e55b99ae38b4d7ae87

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu6.2_i386.deb
Size/MD5: 167700 710d51114014c13b5593184e6f028f31
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu6.2_i386.deb
Size/MD5: 1743392 086add7ddfeea9686b2b750678138544
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.2-0ubuntu6.2_i386.deb
Size/MD5: 1999280 07ccc1add3ac83a44bdf4901a06ab6a4
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu6.2_i386.deb
Size/MD5: 1994012 69b66b5db1fda1cd604897925d8850b4
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-bin-common_23.1+1-4ubuntu3.2_i386.deb
Size/MD5: 170572 6d6ac0604feccad71d2936388007525b
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-lucid_23.1+1-4ubuntu3.2_i386.deb
Size/MD5: 3043004 f5d1a8e4dd7cfebb8aa4e192b14776dd
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23-nox_23.1+1-4ubuntu3.2_i386.deb
Size/MD5: 2735468 46087e0a9d656d29d67038b5d1406c02
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs23/emacs23_23.1+1-4ubuntu3.2_i386.deb
Size/MD5: 3037318 20add1632fa5295cdf0e3a20e34b1993

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu6.2_lpia.deb
Size/MD5: 167744 a42de95cc1834612cf919d4ab8db9505
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu6.2_lpia.deb
Size/MD5: 1752462 6358d66e3c00ffaf2f9408413185759b
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu6.2_lpia.deb
Size/MD5: 2011182 a7aa44f2ee53bb838c1e65ec5f90b81d
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu6.2_lpia.deb
Size/MD5: 2003744 314c0502adb83d69a91f58016cfd4f68
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-bin-common_23.1+1-4ubuntu3.2_lpia.deb
Size/MD5: 170378 6a2175d9890ca29e49d232d298609e3f
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-lucid_23.1+1-4ubuntu3.2_lpia.deb
Size/MD5: 3057014 5d1bd97ee574e02f5f13f00ea69d4f7e
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-nox_23.1+1-4ubuntu3.2_lpia.deb
Size/MD5: 2752006 001f2a6f5587d351657500be90c19e0a
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23_23.1+1-4ubuntu3.2_lpia.deb
Size/MD5: 3046598 e8a0ce8bc7ff90c208eff5ce88f2cb4e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu6.2_powerpc.deb
Size/MD5: 181246 6f0afb5b7b71bfbdad4ad416ca560f56
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu6.2_powerpc.deb
Size/MD5: 1901462 d2fbb25b59ab918eee7bf521ac1c82fb
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu6.2_powerpc.deb
Size/MD5: 2181850 7caaf30b7fdf4bdedd2e6861dc4f4ef4
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu6.2_powerpc.deb
Size/MD5: 2174698 6074d299503dd7ccbee05176c0197144
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-bin-common_23.1+1-4ubuntu3.2_powerpc.deb
Size/MD5: 184990 8a57701e7154a4ab09e50c5126c5409a
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-lucid_23.1+1-4ubuntu3.2_powerpc.deb
Size/MD5: 3239008 2d234d0e01ad8c33d076645c98d41ea7
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-nox_23.1+1-4ubuntu3.2_powerpc.deb
Size/MD5: 2903266 430353a2644115251613744cb96bf927
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23_23.1+1-4ubuntu3.2_powerpc.deb
Size/MD5: 3237746 b060b16972503897bdb405baf9f8943b

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-bin-common_22.2-0ubuntu6.2_sparc.deb
Size/MD5: 177666 79084fb2059562a44eefa63da2e95fa2
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22-nox_22.2-0ubuntu6.2_sparc.deb
Size/MD5: 1846880 ed489327cfa1a9a4e9d8e9196d001db9
http://ports.ubuntu.com/pool/main/e/emacs22/emacs22_22.2-0ubuntu6.2_sparc.deb
Size/MD5: 2108174 a28c7e52c90a7b91ea6dbbabbb6b7ef7
http://ports.ubuntu.com/pool/universe/e/emacs22/emacs22-gtk_22.2-0ubuntu6.2_sparc.deb
Size/MD5: 2104482 369ebe0ead5355d411616efa75092de3
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-bin-common_23.1+1-4ubuntu3.2_sparc.deb
Size/MD5: 180748 5a8f21c2afd895ab81d5c3123e955e99
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-lucid_23.1+1-4ubuntu3.2_sparc.deb
Size/MD5: 3159098 e2cfa30ec84af5ab25c611fd66ed74b9
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23-nox_23.1+1-4ubuntu3.2_sparc.deb
Size/MD5: 2842968 4d9c13509ef6f6ccf1fe31a087d58af6
http://ports.ubuntu.com/pool/universe/e/emacs23/emacs23_23.1+1-4ubuntu3.2_sparc.deb
Size/MD5: 3150140 cba9915b6b867cb91734bc1faa563852


--KN5l+BnMqAQyZLvT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Kees Cook

iEYEARECAAYFAkuxIpYACgkQH/9LqRcGPm3FNgCfUqRv9+U8UKHcNUnWH+q7duWc
q9wAn1eFySFJzqmEZ0J4QKlDycCV7Hfd
=mLkW
-----END PGP SIGNATURE-----
"

USN-890-5: XML-RPC for C and C++ vulnerabilitiesGirls Aloud use elastic bands to keep shoes on

RHSA-2010:0175-01 Low: httpd security, bug fix, and enhancement update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Low: httpd security, bug fix, and enhancement update
Advisory ID: RHSA-2010:0175-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0175.html
Issue date: 2010-03-25
CVE Names: CVE-2010-0434
=====================================================================

1. Summary:

Updated httpd packages that fix one security issue, a bug, and add an
enhancement are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The Apache HTTP Server is a popular web server.

A use-after-free flaw was discovered in the way the Apache HTTP Server
handled request headers in subrequests. In configurations where subrequests
are used, a multithreaded MPM (Multi-Processing Module) could possibly leak
information from other requests in request replies. (CVE-2010-0434)

This update also fixes the following bug:

* a bug was found in the mod_dav module. If a PUT request for an existing
file failed, that file would be unexpectedly deleted and a "Could not get
next bucket brigade" error logged. With this update, failed PUT requests no
longer cause mod_dav to delete files, which resolves this issue.
(BZ#572932)

As well, this update adds the following enhancement:

* with the updated openssl packages from RHSA-2010:0163 installed, mod_ssl
will refuse to renegotiate a TLS/SSL connection with an unpatched client
that does not support RFC 5746. This update adds the
"SSLInsecureRenegotiation" configuration directive. If this directive is
enabled, mod_ssl will renegotiate insecurely with unpatched clients.
(BZ#575805)

Refer to the following Red Hat Knowledgebase article for more details about
the changed mod_ssl behavior: http://kbase.redhat.com/faq/docs/DOC-20491

All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues and add this enhancement. After
installing the updated packages, the httpd daemon must be restarted for the
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

570171 - CVE-2010-0434 httpd: request header information leak
572932 - "could not get next bucket brigade" while a client is doing a PUT results in data loss
575805 - mod_ssl: Add SSLInsecureRenegotiation directive [rhel-4]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm

i386:
httpd-2.0.52-41.ent.7.i386.rpm
httpd-debuginfo-2.0.52-41.ent.7.i386.rpm
httpd-devel-2.0.52-41.ent.7.i386.rpm
httpd-manual-2.0.52-41.ent.7.i386.rpm
httpd-suexec-2.0.52-41.ent.7.i386.rpm
mod_ssl-2.0.52-41.ent.7.i386.rpm

ia64:
httpd-2.0.52-41.ent.7.ia64.rpm
httpd-debuginfo-2.0.52-41.ent.7.ia64.rpm
httpd-devel-2.0.52-41.ent.7.ia64.rpm
httpd-manual-2.0.52-41.ent.7.ia64.rpm
httpd-suexec-2.0.52-41.ent.7.ia64.rpm
mod_ssl-2.0.52-41.ent.7.ia64.rpm

ppc:
httpd-2.0.52-41.ent.7.ppc.rpm
httpd-debuginfo-2.0.52-41.ent.7.ppc.rpm
httpd-devel-2.0.52-41.ent.7.ppc.rpm
httpd-manual-2.0.52-41.ent.7.ppc.rpm
httpd-suexec-2.0.52-41.ent.7.ppc.rpm
mod_ssl-2.0.52-41.ent.7.ppc.rpm

s390:
httpd-2.0.52-41.ent.7.s390.rpm
httpd-debuginfo-2.0.52-41.ent.7.s390.rpm
httpd-devel-2.0.52-41.ent.7.s390.rpm
httpd-manual-2.0.52-41.ent.7.s390.rpm
httpd-suexec-2.0.52-41.ent.7.s390.rpm
mod_ssl-2.0.52-41.ent.7.s390.rpm

s390x:
httpd-2.0.52-41.ent.7.s390x.rpm
httpd-debuginfo-2.0.52-41.ent.7.s390x.rpm
httpd-devel-2.0.52-41.ent.7.s390x.rpm
httpd-manual-2.0.52-41.ent.7.s390x.rpm
httpd-suexec-2.0.52-41.ent.7.s390x.rpm
mod_ssl-2.0.52-41.ent.7.s390x.rpm

x86_64:
httpd-2.0.52-41.ent.7.x86_64.rpm
httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm
httpd-devel-2.0.52-41.ent.7.x86_64.rpm
httpd-manual-2.0.52-41.ent.7.x86_64.rpm
httpd-suexec-2.0.52-41.ent.7.x86_64.rpm
mod_ssl-2.0.52-41.ent.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm

i386:
httpd-2.0.52-41.ent.7.i386.rpm
httpd-debuginfo-2.0.52-41.ent.7.i386.rpm
httpd-devel-2.0.52-41.ent.7.i386.rpm
httpd-manual-2.0.52-41.ent.7.i386.rpm
httpd-suexec-2.0.52-41.ent.7.i386.rpm
mod_ssl-2.0.52-41.ent.7.i386.rpm

x86_64:
httpd-2.0.52-41.ent.7.x86_64.rpm
httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm
httpd-devel-2.0.52-41.ent.7.x86_64.rpm
httpd-manual-2.0.52-41.ent.7.x86_64.rpm
httpd-suexec-2.0.52-41.ent.7.x86_64.rpm
mod_ssl-2.0.52-41.ent.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm

i386:
httpd-2.0.52-41.ent.7.i386.rpm
httpd-debuginfo-2.0.52-41.ent.7.i386.rpm
httpd-devel-2.0.52-41.ent.7.i386.rpm
httpd-manual-2.0.52-41.ent.7.i386.rpm
httpd-suexec-2.0.52-41.ent.7.i386.rpm
mod_ssl-2.0.52-41.ent.7.i386.rpm

ia64:
httpd-2.0.52-41.ent.7.ia64.rpm
httpd-debuginfo-2.0.52-41.ent.7.ia64.rpm
httpd-devel-2.0.52-41.ent.7.ia64.rpm
httpd-manual-2.0.52-41.ent.7.ia64.rpm
httpd-suexec-2.0.52-41.ent.7.ia64.rpm
mod_ssl-2.0.52-41.ent.7.ia64.rpm

x86_64:
httpd-2.0.52-41.ent.7.x86_64.rpm
httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm
httpd-devel-2.0.52-41.ent.7.x86_64.rpm
httpd-manual-2.0.52-41.ent.7.x86_64.rpm
httpd-suexec-2.0.52-41.ent.7.x86_64.rpm
mod_ssl-2.0.52-41.ent.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm

i386:
httpd-2.0.52-41.ent.7.i386.rpm
httpd-debuginfo-2.0.52-41.ent.7.i386.rpm
httpd-devel-2.0.52-41.ent.7.i386.rpm
httpd-manual-2.0.52-41.ent.7.i386.rpm
httpd-suexec-2.0.52-41.ent.7.i386.rpm
mod_ssl-2.0.52-41.ent.7.i386.rpm

ia64:
httpd-2.0.52-41.ent.7.ia64.rpm
httpd-debuginfo-2.0.52-41.ent.7.ia64.rpm
httpd-devel-2.0.52-41.ent.7.ia64.rpm
httpd-manual-2.0.52-41.ent.7.ia64.rpm
httpd-suexec-2.0.52-41.ent.7.ia64.rpm
mod_ssl-2.0.52-41.ent.7.ia64.rpm

x86_64:
httpd-2.0.52-41.ent.7.x86_64.rpm
httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm
httpd-devel-2.0.52-41.ent.7.x86_64.rpm
httpd-manual-2.0.52-41.ent.7.x86_64.rpm
httpd-suexec-2.0.52-41.ent.7.x86_64.rpm
mod_ssl-2.0.52-41.ent.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0434.html
http://www.redhat.com/security/updates/classification/#low
http://kbase.redhat.com/faq/docs/DOC-20491

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLq4dLXlSAg2UNWIIRAh0RAJ9NmKVsRI0K4yn+2572bhneJpN3rwCaAtto
0JZcH3quVhxOA4XqTIVEQQU=
=1JNH
-----END PGP SIGNATURE-----
"

Susan Boyle thief to face courtRHSA-2010:0168-01 Moderate: httpd security and enhancement update

USN-917-1: Puppet vulnerabilities  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-917-1 March 24, 2010
puppet vulnerabilities
CVE-2009-3564, CVE-2010-0156
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
puppet 0.24.8-2ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Puppet did not drop supplementary groups when being
run as a different user. A local user may be able to use this flaw to
bypass security restrictions and gain access to restricted files.
(CVE-2009-3564)

It was discovered that Puppet did not correctly handle temporary files. A
local user can exploit this flaw to bypass security restrictions and
overwrite arbitrary files. (CVE-2010-0156)


Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/puppet/puppet_0.24.8-2ubu=
ntu4.1.diff.gz
Size/MD5: 16108 228231bb7fafde0cd8555618017939ce
http://security.ubuntu.com/ubuntu/pool/main/p/puppet/puppet_0.24.8-2ubu=
ntu4.1.dsc
Size/MD5: 1517 22118d6cf21742ca62796a0957bee5f8
http://security.ubuntu.com/ubuntu/pool/main/p/puppet/puppet_0.24.8.orig=
.tar.gz
Size/MD5: 1093533 db02f46288794225d54b36f89e2725a7

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/puppet/puppet_0.24.8-2ubu=
ntu4.1_all.deb
Size/MD5: 518402 b050c03fffa3df3dc31faa12b17f6aa2
http://security.ubuntu.com/ubuntu/pool/main/p/puppet/puppetmaster_0.24.=
8-2ubuntu4.1_all.deb
Size/MD5: 47806 5fb4e692c93a7388d34f6a284f4a5e92
http://security.ubuntu.com/ubuntu/pool/universe/p/puppet/puppet-testsui=
te_0.24.8-2ubuntu4.1_all.deb
Size/MD5: 418926 5785eb3a1e0d6373f0d891f72afca170




--=-DUYK/X6AwngR6lNsE7XW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkuqGRUACgkQLMAs/0C4zNpwpQCfeBH8WjiPWfLZnXmuVZ1OUJ6/
4IAAoKiyesCy8oG+288gJ4MssvEzvyTl
=lKLL
-----END PGP SIGNATURE-----
"

USN-890-5: XML-RPC for C and C++ vulnerabilitiesGirls Aloud use elastic bands to keep shoes on

RHSA-2010:0166-01 Moderate: gnutls security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: gnutls security update
Advisory ID: RHSA-2010:0166-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0166.html
Issue date: 2010-03-25
CVE Names: CVE-2009-2409 CVE-2009-3555
=====================================================================

1. Summary:

Updated gnutls packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handled session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update addresses this flaw by implementing the
TLS Renegotiation Indication Extension, as defined in RFC 5746.
(CVE-2009-3555)

Refer to the following Knowledgebase article for additional details about
the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491

Dan Kaminsky found that browsers could accept certificates with MD2 hash
signatures, even though MD2 is no longer considered a cryptographically
strong algorithm. This could make it easier for an attacker to create a
malicious certificate that would be treated as trusted by a browser. GnuTLS
now disables the use of the MD2 algorithm inside signatures by default.
(CVE-2009-2409)

Users of GnuTLS are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all applications linked to the GnuTLS library must be restarted, or
the system rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_4.8.src.rpm

i386:
gnutls-1.4.1-3.el5_4.8.i386.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm
gnutls-utils-1.4.1-3.el5_4.8.i386.rpm

x86_64:
gnutls-1.4.1-3.el5_4.8.i386.rpm
gnutls-1.4.1-3.el5_4.8.x86_64.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.x86_64.rpm
gnutls-utils-1.4.1-3.el5_4.8.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_4.8.src.rpm

i386:
gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm
gnutls-devel-1.4.1-3.el5_4.8.i386.rpm

x86_64:
gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.x86_64.rpm
gnutls-devel-1.4.1-3.el5_4.8.i386.rpm
gnutls-devel-1.4.1-3.el5_4.8.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnutls-1.4.1-3.el5_4.8.src.rpm

i386:
gnutls-1.4.1-3.el5_4.8.i386.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm
gnutls-devel-1.4.1-3.el5_4.8.i386.rpm
gnutls-utils-1.4.1-3.el5_4.8.i386.rpm

ia64:
gnutls-1.4.1-3.el5_4.8.i386.rpm
gnutls-1.4.1-3.el5_4.8.ia64.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.ia64.rpm
gnutls-devel-1.4.1-3.el5_4.8.ia64.rpm
gnutls-utils-1.4.1-3.el5_4.8.ia64.rpm

ppc:
gnutls-1.4.1-3.el5_4.8.ppc.rpm
gnutls-1.4.1-3.el5_4.8.ppc64.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.ppc.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.ppc64.rpm
gnutls-devel-1.4.1-3.el5_4.8.ppc.rpm
gnutls-devel-1.4.1-3.el5_4.8.ppc64.rpm
gnutls-utils-1.4.1-3.el5_4.8.ppc.rpm

s390x:
gnutls-1.4.1-3.el5_4.8.s390.rpm
gnutls-1.4.1-3.el5_4.8.s390x.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.s390.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.s390x.rpm
gnutls-devel-1.4.1-3.el5_4.8.s390.rpm
gnutls-devel-1.4.1-3.el5_4.8.s390x.rpm
gnutls-utils-1.4.1-3.el5_4.8.s390x.rpm

x86_64:
gnutls-1.4.1-3.el5_4.8.i386.rpm
gnutls-1.4.1-3.el5_4.8.x86_64.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm
gnutls-debuginfo-1.4.1-3.el5_4.8.x86_64.rpm
gnutls-devel-1.4.1-3.el5_4.8.i386.rpm
gnutls-devel-1.4.1-3.el5_4.8.x86_64.rpm
gnutls-utils-1.4.1-3.el5_4.8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-2409.html
https://www.redhat.com/security/data/cve/CVE-2009-3555.html
http://www.redhat.com/security/updates/classification/#moderate
http://kbase.redhat.com/faq/docs/DOC-20491

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLq0L9XlSAg2UNWIIRAlTdAJ9/f95/Xu9E4bQ0yhF0BTFP4PrMLwCgkgip
/nHNcTR+TNuZsl7SzbvQozo=
=hJDd
-----END PGP SIGNATURE-----
"

Susan Boyle thief to face courtRHSA-2010:0167-01 Moderate: gnutls security update

RHSA-2010:0173-02 Important: openssl096b security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: openssl096b security update
Advisory ID: RHSA-2010:0173-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0173.html
Issue date: 2010-03-25
CVE Names: CVE-2009-3245
=====================================================================

1. Summary:

Updated openssl096b packages that fix one security issue are now available
for Red Hat Enterprise Linux 3 and 4.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was discovered that OpenSSL did not always check the return value of the
bn_wexpand() function. An attacker able to trigger a memory allocation
failure in that function could cause an application using the OpenSSL
library to crash or, possibly, execute arbitrary code. (CVE-2009-3245)

All openssl096b users should upgrade to these updated packages, which
contain a backported patch to resolve this issue. For the update to take
effect, all programs using the openssl096b library must be restarted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm

i386:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm

ia64:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-0.9.6b-16.50.ia64.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.ia64.rpm

ppc:
openssl096b-0.9.6b-16.50.ppc.rpm
openssl096b-debuginfo-0.9.6b-16.50.ppc.rpm

s390:
openssl096b-0.9.6b-16.50.s390.rpm
openssl096b-debuginfo-0.9.6b-16.50.s390.rpm

s390x:
openssl096b-0.9.6b-16.50.s390.rpm
openssl096b-debuginfo-0.9.6b-16.50.s390.rpm

x86_64:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-0.9.6b-16.50.x86_64.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm

i386:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm

x86_64:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-0.9.6b-16.50.x86_64.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm

i386:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm

ia64:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-0.9.6b-16.50.ia64.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.ia64.rpm

x86_64:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-0.9.6b-16.50.x86_64.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm

i386:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm

ia64:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-0.9.6b-16.50.ia64.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.ia64.rpm

x86_64:
openssl096b-0.9.6b-16.50.i386.rpm
openssl096b-0.9.6b-16.50.x86_64.rpm
openssl096b-debuginfo-0.9.6b-16.50.i386.rpm
openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm

i386:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm

ia64:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-0.9.6b-22.46.el4_8.1.ia64.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ia64.rpm

ppc:
openssl096b-0.9.6b-22.46.el4_8.1.ppc.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ppc.rpm

s390:
openssl096b-0.9.6b-22.46.el4_8.1.s390.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.s390.rpm

s390x:
openssl096b-0.9.6b-22.46.el4_8.1.s390.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.s390.rpm

x86_64:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm

i386:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm

x86_64:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm

i386:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm

ia64:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-0.9.6b-22.46.el4_8.1.ia64.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ia64.rpm

x86_64:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm

i386:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm

ia64:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-0.9.6b-22.46.el4_8.1.ia64.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ia64.rpm

x86_64:
openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm
openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3245.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-26039

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLq0RMXlSAg2UNWIIRAmfLAKCIBkAHs0W+Qtywt0TLXYvQYJyZuQCfYj2Q
CZhGx9kJjfLx7npxl9NXxS4=
=xhhj
-----END PGP SIGNATURE-----
"

RHSA-2010:0125-01 Moderate: systemtap security update

DSA 2022-1: New mediawiki packages fix several vulnerabilities  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-2022-1 security@debian.org
http://www.debian.org/security/ Nico Golde
March 23th, 2010 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mediawiki
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : none assigned yet

Several vulnerabilities have been discovered in mediawiki, a web-based wiki
engine. The following issues have been identified:

Insufficient input sanitization in the CSS validation code allows editors
to display external images in wiki pages. This can be a privacy concern
on public wikis as it allows attackers to gather IP addresses and other
information by linking these images to a web server under their control.

Insufficient permission checks have been found in thump.php which can lead
to disclosure of image files that are restricted to certain users
(e.g. with img_auth.php).


For the stable distribution (lenny), this problem has been fixed in
version 1.12.0-2lenny4.

For the testing distribution (squeeze), this problem has been fixed in
version 1:1.15.2-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.15.2-1.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4.dsc
Size/MD5 checksum: 1549 cdd8466f627db0d230059bea9dc3bffa
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0.orig.tar.gz
Size/MD5 checksum: 7188806 117a1360f440883a51f0ebca32906ea0
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4.diff.gz
Size/MD5 checksum: 61443 fe024a07a1555b8aa813183b98de41da

Architecture independent packages:

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4_all.deb
Size/MD5 checksum: 7231304 ec3604e69ac212e506df83c93e8fec14

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_alpha.deb
Size/MD5 checksum: 49794 92ea80eb2c975d2fa01e48385467eacd

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_amd64.deb
Size/MD5 checksum: 156990 4a889dd13d45f38b3594a2dd47e9b59e

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_arm.deb
Size/MD5 checksum: 49258 93033e2a83ec4436b07648a20f53ff60

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_armel.deb
Size/MD5 checksum: 49226 2814b384dc142da907fa80ac1af1d32a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_hppa.deb
Size/MD5 checksum: 49774 29bfc18a66159684703604a192bc654a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_i386.deb
Size/MD5 checksum: 138776 109b418d062e4b954b98386ac36240d7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_ia64.deb
Size/MD5 checksum: 49762 4eabbe35adb52e9b3c27ac3cebac3126

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_mipsel.deb
Size/MD5 checksum: 49772 243c3c339a86ea1bbca7fa58192fd364

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_powerpc.deb
Size/MD5 checksum: 162814 82c66b11b70c174cc3b08e36cb4430be

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_s390.deb
Size/MD5 checksum: 49246 7ffe72a079284372ae24c49e55b6170b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_sparc.deb
Size/MD5 checksum: 158134 d96cefd805d0ced4b6477c244ebf2e06


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkupIh8ACgkQHYflSXNkfP/utgCeMKGe5lOkkx4gJPPtl1RbvMoH
TNcAoJzn58S8XoSkxYSvB7P422MZE+mY
=nb7B
-----END PGP SIGNATURE-----
"

Girls Aloud use elastic bands to keep shoes onDSA 2021-1: New spamass-milter packages fix remote command execution

RHSA-2010:0167-01 Moderate: gnutls security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: gnutls security update
Advisory ID: RHSA-2010:0167-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0167.html
Issue date: 2010-03-25
CVE Names: CVE-2009-3555 CVE-2010-0731
=====================================================================

1. Summary:

Updated gnutls packages that fix two security issues are now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handled session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update addresses this flaw by implementing the
TLS Renegotiation Indication Extension, as defined in RFC 5746.
(CVE-2009-3555)

Refer to the following Knowledgebase article for additional details about
the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491

A flaw was found in the way GnuTLS extracted serial numbers from X.509
certificates. On 64-bit big endian platforms, this flaw could cause the
certificate revocation list (CRL) check to be bypassed; cause various
GnuTLS utilities to crash; or, possibly, execute arbitrary code.
(CVE-2010-0731)

Users of GnuTLS are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all applications linked to the GnuTLS library must be restarted, or
the system rebooted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
573028 - CVE-2010-0731 gnutls: gnutls_x509_crt_get_serial incorrect serial decoding from ASN1 (BE64) [GNUTLS-SA-2010-1]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm

i386:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-devel-1.0.20-4.el4_8.7.i386.rpm

ia64:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-1.0.20-4.el4_8.7.ia64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.ia64.rpm
gnutls-devel-1.0.20-4.el4_8.7.ia64.rpm

ppc:
gnutls-1.0.20-4.el4_8.7.ppc.rpm
gnutls-1.0.20-4.el4_8.7.ppc64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.ppc.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.ppc64.rpm
gnutls-devel-1.0.20-4.el4_8.7.ppc.rpm

s390:
gnutls-1.0.20-4.el4_8.7.s390.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.s390.rpm
gnutls-devel-1.0.20-4.el4_8.7.s390.rpm

s390x:
gnutls-1.0.20-4.el4_8.7.s390.rpm
gnutls-1.0.20-4.el4_8.7.s390x.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.s390.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.s390x.rpm
gnutls-devel-1.0.20-4.el4_8.7.s390x.rpm

x86_64:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm

i386:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-devel-1.0.20-4.el4_8.7.i386.rpm

x86_64:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm

i386:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-devel-1.0.20-4.el4_8.7.i386.rpm

ia64:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-1.0.20-4.el4_8.7.ia64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.ia64.rpm
gnutls-devel-1.0.20-4.el4_8.7.ia64.rpm

x86_64:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm

i386:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-devel-1.0.20-4.el4_8.7.i386.rpm

ia64:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-1.0.20-4.el4_8.7.ia64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.ia64.rpm
gnutls-devel-1.0.20-4.el4_8.7.ia64.rpm

x86_64:
gnutls-1.0.20-4.el4_8.7.i386.rpm
gnutls-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm
gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm
gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3555.html
https://www.redhat.com/security/data/cve/CVE-2010-0731.html
http://www.redhat.com/security/updates/classification/#moderate
http://kbase.redhat.com/faq/docs/DOC-20491

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLq0NjXlSAg2UNWIIRAoznAKC3psERipbgqF+zN1IK2ThTR0RJXwCfU+LG
MgrPGavNSwGjm58ZE/y6LxY=
=zZwH
-----END PGP SIGNATURE-----
"

Susan Boyle thief to face courtRHSA-2010:0165-01 Moderate: nss security update

RHSA-2010:0161-01 Important: kernel-rt security and bug fix update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2010:0161-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0161.html
Issue date: 2010-03-23
CVE Names: CVE-2009-4141 CVE-2010-0003 CVE-2010-0007
CVE-2010-0291 CVE-2010-0410 CVE-2010-0415
CVE-2010-0437 CVE-2010-0622
=====================================================================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise MRG 1.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a deficiency was found in the fasync_helper() implementation. This could
allow a local, unprivileged user to leverage a use-after-free of locked,
asynchronous file descriptors to cause a denial of service or privilege
escalation. (CVE-2009-4141, Important)

* multiple flaws were found in the mmap and mremap implementations. A
local, unprivileged user could use these flaws to cause a local denial of
service or escalate their privileges. (CVE-2010-0291, Important)

* a missing boundary check was found in the do_move_pages() function in the
memory migration functionality. A local user could use this flaw to cause a
local denial of service or an information leak. (CVE-2010-0415, Important)

* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function. An attacker on the local network could trigger this flaw by
sending IPv6 traffic to a target system, leading to a system crash (kernel
OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6
packet. (CVE-2010-0437, Important)

* a NULL pointer dereference flaw was found in the Fast Userspace Mutexes
(futexes) implementation. The unlock code path did not check if the futex
value associated with pi_state->owner had been modified. A local user could
use this flaw to modify the futex value, possibly leading to a denial of
service or privilege escalation when the pi_state->owner pointer is
dereferenced. (CVE-2010-0622, Important)

* an information leak was found in the print_fatal_signal() implementation.
When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value
is 0), memory that is reachable by the kernel could be leaked to
user-space. This issue could also result in a system crash. Note that this
flaw only affected the i386 architecture. (CVE-2010-0003, Moderate)

* a flaw was found in the kernel connector implementation. A local,
unprivileged user could trigger this flaw by sending an arbitrary amount of
notification requests using specially-crafted netlink messages, resulting
in a denial of service. (CVE-2010-0410, Moderate)

* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)

This update also fixes the following bugs:

* references were missing for two LSI MegaRAID SAS controllers already
supported by the kernel, preventing systems using these controllers from
booting. (BZ#554664)

* a typo in the fix for CVE-2009-2691 resulted in gdb being unable to read
core files created by gcore. (BZ#554965)

* values for certain pointers used by the kernel, which should be
undereferencable, could potentially be abused when a kernel OOPS occurs.
Values that are harder to dereference are now used. (BZ#555227)

* this update redesigns the locking scheme of the TTY process group
(tty->pgrp) structure, due to race conditions introduced when tty->pgrp
started using struct pid instead of pid_t. (BZ#559101)

* the way the NFS kernel server used iget() and the way in which it kept
its cache of inode information, could have led to (mainly on busy file
servers) inconsistencies between the local file system and the file system
being served to clients. (BZ#561275)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547906 - CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state
554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1
554664 - MRG current has a very old megaraid_sas driver
554965 - gcore tool produces unusable corefile with MRG kernel
555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
556703 - CVE-2010-0291 kernel: untangle the do_mremap()
561275 - kernel: serious ugliness in iget() uses by nfsd [mrg-1]
561682 - CVE-2010-0410 kernel: OOM/crash in drivers/connector
562582 - CVE-2010-0415 kernel: sys_move_pages infoleak
563091 - CVE-2010-0622 kernel: futex: Handle user space corruption gracefully
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-149.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-149.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-149.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-149.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4141.html
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
https://www.redhat.com/security/data/cve/CVE-2010-0291.html
https://www.redhat.com/security/data/cve/CVE-2010-0410.html
https://www.redhat.com/security/data/cve/CVE-2010-0415.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
https://www.redhat.com/security/data/cve/CVE-2010-0622.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLqOTAXlSAg2UNWIIRAqEnAJ9PcReXgHmM9+pdfygigHVGsggt8gCfdSbS
RjCs09nuCAhBEYXbEidE+/s=
=opcK
-----END PGP SIGNATURE-----
"

RHSA-2010:0149-01 Important: kernel security and bug fix updateSusan Boyle thief to face court