Date:         Mon, 4 Aug 2008 15:21:24 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Re: Security ERRATA for mysql on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          
In-Reply-To:  <488E379E.3080704@fnal.gov>

We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and is 
working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new 
name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

      SRPMS:
mysql-4.1.22-2.el4.sl.src.rpm
      i386:
mysql-4.1.22-2.el4.sl.i386.rpm
mysql-bench-4.1.22-2.el4.sl.i386.rpm
mysql-devel-4.1.22-2.el4.sl.i386.rpm
mysql-server-4.1.22-2.el4.sl.i386.rpm
      x86_64:
mysql-4.1.22-2.el4.sl.i386.rpm
mysql-4.1.22-2.el4.sl.x86_64.rpm
mysql-bench-4.1.22-2.el4.sl.x86_64.rpm
mysql-devel-4.1.22-2.el4.sl.i386.rpm
mysql-devel-4.1.22-2.el4.sl.x86_64.rpm
mysql-server-4.1.22-2.el4.sl.x86_64.rpm

Troy

Troy Dawson wrote:
> Synopsis:       Moderate: mysql security, bug fix, and enhancement update
> Issue date:     2008-07-24
> CVE Names:      CVE-2006-3469 CVE-2006-4031 CVE-2007-2691
>                  CVE-2008-2079
> 
> MySQL did not correctly check directories used as arguments for the DATA
> DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated
> attacker could elevate their access privileges to tables created by other
> database users. Note: this attack does not work on existing tables. An
> attacker can only elevate their access to another user's tables as the
> tables are created. As well, the names of these created tables need to be
> predicted correctly for this attack to succeed. (CVE-2008-2079)
> 
> MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.
> An authenticated user could use this flaw to rename arbitrary tables.
> (CVE-2007-2691)
> 
> MySQL allowed an authenticated user to access a table through a previously
> created MERGE table, even after the user's privileges were revoked from the
> original table, which might violate intended security policy. This is
> addressed by allowing the MERGE storage engine to be disabled, which can be
> done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)
> 
> A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to
> crash via crafted SQL queries. This only caused a temporary denial of
> service, as the MySQL daemon is automatically restarted after the crash.
> (CVE-2006-3469)
> 
> As well, these updated packages fix the following bugs:
> 
> * in the previous mysql packages, if a column name was referenced more
> than once in an "ORDER BY" section of a query, a segmentation fault
> occurred.
> 
> * when MySQL failed to start, the init script returned a successful (0)
> exit code. When using the Red Hat Cluster Suite, this may have caused
> cluster services to report a successful start, even when MySQL failed to
> start. In these updated packages, the init script returns the correct exit
> codes, which resolves this issue.
> 
> * it was possible to use the mysqld_safe command to specify invalid port
> numbers (higher than 65536), causing invalid ports to be created, and, in
> some cases, a "port number definition: unsigned short" error. In these
> updated packages, when an invalid port number is specified, the default
> port number is used.
> 
> * when setting "myisam_repair_threads > 1", any repair set the index
> cardinality to "1", regardless of the table size.
> 
> * the MySQL init script no longer runs "chmod -R" on the entire database
> directory tree during every startup.
> 
> * when running "mysqldump" with the MySQL 4.0 compatibility mode option,
> "--compatible=mysql40", mysqldump created dumps that omitted the
> "auto_increment" field.
> 
> As well, the MySQL init script now uses more reliable methods for
> determining parameters, such as the data directory location.
> 
> Note: these updated packages upgrade MySQL to version 4.1.22. For a full
> list of bug fixes and enhancements, refer to the MySQL release notes:
> http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html
> 
> SL 4.x
> 
>     SRPMS:
> mysql-4.1.22-2.el4.src.rpm
>     i386:
> mysql-4.1.22-2.el4.i386.rpm
> mysql-bench-4.1.22-2.el4.i386.rpm
> mysql-devel-4.1.22-2.el4.i386.rpm
> mysql-server-4.1.22-2.el4.i386.rpm
>     x86_64:
> mysql-4.1.22-2.el4.i386.rpm
> mysql-4.1.22-2.el4.x86_64.rpm
> mysql-bench-4.1.22-2.el4.x86_64.rpm
> mysql-devel-4.1.22-2.el4.i386.rpm
> mysql-devel-4.1.22-2.el4.x86_64.rpm
> mysql-server-4.1.22-2.el4.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 


-- 
__________________________________________________
Troy Dawson  dawson@fnal.gov  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
Date:         Mon, 4 Aug 2008 15:21:35 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Re: Security ERRATA for thunderbird on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          
In-Reply-To:  <4888ABAE.30201@fnal.gov>

We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and is 
working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new 
name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

      SRPMS:
thunderbird-1.5.0.12-14.el4.sl.src.rpm
      i386:
thunderbird-1.5.0.12-14.el4.sl.i386.rpm
      x86_64:
thunderbird-1.5.0.12-14.el4.sl.x86_64.rpm

Troy

Troy Dawson wrote:
> Synopsis:       Moderate: thunderbird security update
> Issue date:     2008-07-23
> CVE Names:      CVE-2008-2785 CVE-2008-2798 CVE-2008-2799
>                  CVE-2008-2800 CVE-2008-2801 CVE-2008-2802
>                  CVE-2008-2803 CVE-2008-2805 CVE-2008-2807
>                  CVE-2008-2808 CVE-2008-2809 CVE-2008-2810
>                  CVE-2008-2811
> 
> Multiple flaws were found in the processing of malformed JavaScript
> content. An HTML mail containing such malicious content could cause
> Thunderbird to crash or, potentially, execute arbitrary code as the user
> running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
> 
> Several flaws were found in the processing of malformed HTML content. An
> HTML mail containing malicious content could cause Thunderbird to crash or,
> potentially, execute arbitrary code as the user running Thunderbird.
> (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
> 
> Several flaws were found in the way malformed HTML content was displayed.
> An HTML mail containing specially-crafted content could, potentially, trick
> a Thunderbird user into surrendering sensitive information. (CVE-2008-2800)
> 
> Two local file disclosure flaws were found in Thunderbird. An HTML mail
> containing malicious content could cause Thunderbird to reveal the contents
> of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)
> 
> A flaw was found in the way a malformed .properties file was processed by
> Thunderbird. A malicious extension could read uninitialized memory,
> possibly leaking sensitive data to the extension. (CVE-2008-2807)
> 
> A flaw was found in the way Thunderbird escaped a listing of local file
> names. If a user could be tricked into listing a local directory containing
> malicious file names, arbitrary JavaScript could be run with the
> permissions of the user running Thunderbird. (CVE-2008-2808)
> 
> A flaw was found in the way Thunderbird displayed information about
> self-signed certificates. It was possible for a self-signed certificate to
> contain multiple alternate name entries, which were not all displayed to
> the user, allowing them to mistakenly extend trust to an unknown site.
> (CVE-2008-2809)
> 
> Note: JavaScript support is disabled by default in Thunderbird. The above
> issues are not exploitable unless JavaScript is enabled.
> 
> SL 4.x
> 
>      SRPMS:
> thunderbird-1.5.0.12-14.el4.src.rpm
>      i386:
> thunderbird-1.5.0.12-14.el4.i386.rpm
>      x86_64:
> thunderbird-1.5.0.12-14.el4.i386.rpm
> 
> SL 5.x
> 
>      SRPMS:
> thunderbird-2.0.0.16-1.el5.src.rpm
>      i386:
> thunderbird-2.0.0.16-1.el5.i386.rpm
>      x86_64:
> thunderbird-2.0.0.16-1.el5.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  dawson@fnal.gov  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
Date:         Mon, 4 Aug 2008 15:36:18 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Re: Security ERRATA for libxslt on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          
In-Reply-To:  <48937977.5050102@fnal.gov>

There was a typo in the last e-mail, sorry about that.

We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and is
working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new
name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

       SRPMS:
libxslt-1.1.11-1.el4_7.2.sl.src.rpm
       i386:
libxslt-1.1.11-1.el4_7.2.sl.i386.rpm
libxslt-devel-1.1.11-1.el4_7.2.sl.i386.rpm
libxslt-python-1.1.11-1.el4_7.2.sl.i386.rpm
       x86_64:
libxslt-1.1.11-1.el4_7.2.sl.i386.rpm
libxslt-1.1.11-1.el4_7.2.sl.x86_64.rpm
libxslt-devel-1.1.11-1.el4_7.2.sl.x86_64.rpm
libxslt-python-1.1.11-1.el4_7.2.sl.x86_64.rpm

Troy

Troy Dawson wrote:
> Synopsis:       Moderate: libxslt security update
> Issue date:     2008-07-31
> CVE Names:      CVE-2008-2935
>
> A heap buffer overflow flaw was discovered in the RC4 libxslt library
> extension. An attacker could create a malicious XSL file that would cause a
> crash, or, possibly, execute arbitrary code with the privileges of the
> application using the libxslt library to perform XSL transformations on
> untrusted XSL style sheets. (CVE-2008-2935)
>
> SL 4.x
>
>      SRPMS:
> libxslt-1.1.11-1.el4_7.2.src.rpm
>      i386:
> libxslt-1.1.11-1.el4_7.2.i386.rpm
> libxslt-devel-1.1.11-1.el4_7.2.i386.rpm
> libxslt-python-1.1.11-1.el4_7.2.i386.rpm
>      x86_64:
> libxslt-1.1.11-1.el4_7.2.i386.rpm
> libxslt-1.1.11-1.el4_7.2.x86_64.rpm
> libxslt-devel-1.1.11-1.el4_7.2.x86_64.rpm
> libxslt-python-1.1.11-1.el4_7.2.x86_64.rpm
>
> SL 5.x
>
>      SRPMS:
> libxslt-1.1.17-2.el5_2.2.src.rpm
>      i386:
> libxslt-1.1.17-2.el5_2.2.i386.rpm
> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm
> libxslt-python-1.1.17-2.el5_2.2.i386.rpm
>      x86_64:
> libxslt-1.1.17-2.el5_2.2.i386.rpm
> libxslt-1.1.17-2.el5_2.2.x86_64.rpm
> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm
> libxslt-devel-1.1.17-2.el5_2.2.x86_64.rpm
> libxslt-python-1.1.17-2.el5_2.2.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
>


--
__________________________________________________
Troy Dawson  dawson@fnal.gov  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
Date:         Tue, 5 Aug 2008 15:09:07 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for kernel on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: kernel security and bug fix update
Issue date:	2008-08-04
CVE Names:	CVE-2008-2136 CVE-2008-1294 CVE-2008-2812

These updated packages fix the following security issues:

* a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a local
unprivileged user to cause a denial of service. (CVE-2008-2136, Important)

* a flaw was found in the Linux kernel setrlimit system call, when setting
RLIMIT_CPU to a certain value. This could allow a local unprivileged user
to bypass the CPU time limit. (CVE-2008-1294, Moderate)

* multiple NULL pointer dereferences were found in various Linux kernel
network drivers. These drivers were missing checks for terminal validity,
which could allow privilege escalation. (CVE-2008-2812, Moderate)

These updated packages fix the following bugs:

* the GNU libc stub resolver is a minimal resolver that works with Domain
Name System (DNS) servers to satisfy requests from applications for names.
The GNU libc stub resolver did not specify a source UDP port, and therefore
used predictable port numbers. This could have made DNS spoofing attacks
easier.

The Linux kernel has been updated to implement random UDP source ports
where none are specified by an application. This allows applications, such
as those using the GNU libc stub resolver, to use random UDP source ports,
helping to make DNS spoofing attacks harder.

* when using certain hardware, a bug in UART_BUG_TXEN may have caused
incorrect hardware detection, causing data flow to "/dev/ttyS1" to hang.

* a 50-75% drop in NFS server rewrite performance, compared to Red Hat
Enterprise Linux 4.6, has been resolved.

* due a bug in the fast userspace mutex code, while one thread fetched a
pointer, another thread may have removed it, causing the first thread to
fetch the wrong pointer, possibly causing a system crash.

* on certain Hitachi hardware, removing the "uhci_hcd" module caused a
kernel oops, and the following error:

BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr()

Even after the "uhci_hcd" module was reloaded, there was no access to USB
devices. As well, on systems that have legacy interrupts,
"acpi_unregister_gsi" incorrectly called "iosapci_unregister_intr()",
causing warning messages to be logged.

* when a page was mapped with mmap(), and "PROT_WRITE" was the only
"prot" argument, the first read of that page caused a segmentation fault.
If the page was read after it was written to, no fault occurred. This was
incompatible with the Red Hat Enterprise Linux 4 behavior.

* due to a NULL pointer dereference in powernowk8_init(), a panic may
have occurred.

* certain error conditions handled by the bonding sysfs interface could
have left rtnl_lock() unbalanced, either by locking and returning without
unlocking, or by unlocking when it did not lock, possibly causing a
"kernel: RTNL: assertion failed at net/core/fib_rules.c" error.

* the kernel currently expects a maximum of six Machine Check Exception
(MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which may
have caused the MCE to be incorrectly reported.

* a race condition in UNIX domain sockets may have caused recv() to return
zero. For clusters, this may have caused unexpected failovers.

* msgrcv() frequently returned an incorrect "ERESTARTNOHAND (514)" error
number.

* on certain Intel Itanium-based systems, when kdump was configured to halt
the system after a dump operation, after the "System halted." output, the
kernel continued to output endless "soft lockup" messages.

SL 5.x

    SRPMS:
kernel-2.6.18-92.1.10.el5.src.rpm
    i386:
kernel-2.6.18-92.1.10.el5.i686.rpm
kernel-debug-2.6.18-92.1.10.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.10.el5.i686.rpm
kernel-devel-2.6.18-92.1.10.el5.i686.rpm
kernel-doc-2.6.18-92.1.10.el5.noarch.rpm
kernel-headers-2.6.18-92.1.10.el5.i386.rpm
kernel-PAE-2.6.18-92.1.10.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.10.el5.i686.rpm
kernel-xen-2.6.18-92.1.10.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.10.el5.i686.rpm
   Dependancies:
kernel-module-fuse-2.6.18-92.1.10.el5-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-92.1.10.el5PAE-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-92.1.10.el5xen-2.6.3-1.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.10.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.10.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.10.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.10.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.10.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.10.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.10.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.10.el5-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.10.el5PAE-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.10.el5xen-1.53-1.SL.i686.rpm
kernel-module-openafs-2.6.18-92.1.10.el5-1.4.7-68.SL5.i686.rpm
kernel-module-openafs-2.6.18-92.1.10.el5PAE-1.4.7-68.SL5.i686.rpm
kernel-module-openafs-2.6.18-92.1.10.el5xen-1.4.7-68.SL5.i686.rpm
kernel-module-xfs-2.6.18-92.1.10.el5-0.4-1.sl5.i686.rpm
kernel-module-xfs-2.6.18-92.1.10.el5PAE-0.4-1.sl5.i686.rpm
kernel-module-xfs-2.6.18-92.1.10.el5xen-0.4-1.sl5.i686.rpm

    x86_64:
kernel-2.6.18-92.1.10.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.10.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.10.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.10.el5.x86_64.rpm
kernel-doc-2.6.18-92.1.10.el5.noarch.rpm
kernel-headers-2.6.18-92.1.10.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.10.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.10.el5.x86_64.rpm
   Dependancies:
kernel-module-fuse-2.6.18-92.1.10.el5-2.6.3-1.sl5.x86_64.rpm
kernel-module-fuse-2.6.18-92.1.10.el5xen-2.6.3-1.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-92.1.10.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-92.1.10.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-92.1.10.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-92.1.10.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-92.1.10.el5-1.53-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-92.1.10.el5xen-1.53-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-92.1.10.el5-1.4.7-68.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-92.1.10.el5xen-1.4.7-68.SL5.x86_64.rpm
kernel-module-xfs-2.6.18-92.1.10.el5-0.4-1.sl5.x86_64.rpm
kernel-module-xfs-2.6.18-92.1.10.el5xen-0.4-1.sl5.x86_64.rpm


-Connie Sieh
-Troy Dawson

SciLinux: CVE-2006-3469 kernel SL5.x i386/x86_64

Important: kernel security and bug fix update

Summary

Date:         Mon, 4 Aug 2008 15:21:24 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Re: Security ERRATA for mysql on SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          In-Reply-To:  <488E379E.3080704@fnal.gov>We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and is working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency.No code has been changed.  The rpm's were only recompiled.SL 4.x      SRPMS:mysql-4.1.22-2.el4.sl.src.rpm      i386:mysql-4.1.22-2.el4.sl.i386.rpmmysql-bench-4.1.22-2.el4.sl.i386.rpmmysql-devel-4.1.22-2.el4.sl.i386.rpmmysql-server-4.1.22-2.el4.sl.i386.rpm      x86_64:mysql-4.1.22-2.el4.sl.i386.rpmmysql-4.1.22-2.el4.sl.x86_64.rpmmysql-bench-4.1.22-2.el4.sl.x86_64.rpmmysql-devel-4.1.22-2.el4.sl.i386.rpmmysql-devel-4.1.22-2.el4.sl.x86_64.rpmmysql-server-4.1.22-2.el4.sl.x86_64.rpmTroyTroy Dawson wrote:> Synopsis:       Moderate: mysql security, bug fix, and enhancement update> Issue date:     2008-07-24> CVE Names:      CVE-2006-3469 CVE-2006-4031 CVE-2007-2691>                  CVE-2008-2079> > MySQL did not correctly check directories used as arguments for the DATA> DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated> attacker could elevate their access privileges to tables created by other> database users. Note: this attack does not work on existing tables. An> attacker can only elevate their access to another user's tables as the> tables are created. As well, the names of these created tables need to be> predicted correctly for this attack to succeed. (CVE-2008-2079)> > MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.> An authenticated user could use this flaw to rename arbitrary tables.> (CVE-2007-2691)> > MySQL allowed an authenticated user to access a table through a previously> created MERGE table, even after the user's privileges were revoked from the> original table, which might violate intended security policy. This is> addressed by allowing the MERGE storage engine to be disabled, which can be> done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)> > A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to> crash via crafted SQL queries. This only caused a temporary denial of> service, as the MySQL daemon is automatically restarted after the crash.> (CVE-2006-3469)> > As well, these updated packages fix the following bugs:> > * in the previous mysql packages, if a column name was referenced more> than once in an "ORDER BY" section of a query, a segmentation fault> occurred.> > * when MySQL failed to start, the init script returned a successful (0)> exit code. When using the Red Hat Cluster Suite, this may have caused> cluster services to report a successful start, even when MySQL failed to> start. In these updated packages, the init script returns the correct exit> codes, which resolves this issue.> > * it was possible to use the mysqld_safe command to specify invalid port> numbers (higher than 65536), causing invalid ports to be created, and, in> some cases, a "port number definition: unsigned short" error. In these> updated packages, when an invalid port number is specified, the default> port number is used.> > * when setting "myisam_repair_threads > 1", any repair set the index> cardinality to "1", regardless of the table size.> > * the MySQL init script no longer runs "chmod -R" on the entire database> directory tree during every startup.> > * when running "mysqldump" with the MySQL 4.0 compatibility mode option,> "--compatible=mysql40", mysqldump created dumps that omitted the> "auto_increment" field.> > As well, the MySQL init script now uses more reliable methods for> determining parameters, such as the data directory location.> > Note: these updated packages upgrade MySQL to version 4.1.22. For a full> list of bug fixes and enhancements, refer to the MySQL release notes:> http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html> > SL 4.x> >     SRPMS:> mysql-4.1.22-2.el4.src.rpm>     i386:> mysql-4.1.22-2.el4.i386.rpm> mysql-bench-4.1.22-2.el4.i386.rpm> mysql-devel-4.1.22-2.el4.i386.rpm> mysql-server-4.1.22-2.el4.i386.rpm>     x86_64:> mysql-4.1.22-2.el4.i386.rpm> mysql-4.1.22-2.el4.x86_64.rpm> mysql-bench-4.1.22-2.el4.x86_64.rpm> mysql-devel-4.1.22-2.el4.i386.rpm> mysql-devel-4.1.22-2.el4.x86_64.rpm> mysql-server-4.1.22-2.el4.x86_64.rpm> > -Connie Sieh> -Troy Dawson> > -- __________________________________________________Troy Dawson  dawson@fnal.gov  (630)840-6468Fermilab  ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date:         Mon, 4 Aug 2008 15:21:35 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Re: Security ERRATA for thunderbird on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          In-Reply-To:  <4888ABAE.30201@fnal.gov>We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and is working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency.No code has been changed.  The rpm's were only recompiled.SL 4.x      SRPMS:thunderbird-1.5.0.12-14.el4.sl.src.rpm      i386:thunderbird-1.5.0.12-14.el4.sl.i386.rpm      x86_64:thunderbird-1.5.0.12-14.el4.sl.x86_64.rpmTroyTroy Dawson wrote:> Synopsis:       Moderate: thunderbird security update> Issue date:     2008-07-23> CVE Names:      CVE-2008-2785 CVE-2008-2798 CVE-2008-2799>                  CVE-2008-2800 CVE-2008-2801 CVE-2008-2802>                  CVE-2008-2803 CVE-2008-2805 CVE-2008-2807>                  CVE-2008-2808 CVE-2008-2809 CVE-2008-2810>                  CVE-2008-2811> > Multiple flaws were found in the processing of malformed JavaScript> content. An HTML mail containing such malicious content could cause> Thunderbird to crash or, potentially, execute arbitrary code as the user> running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)> > Several flaws were found in the processing of malformed HTML content. An> HTML mail containing malicious content could cause Thunderbird to crash or,> potentially, execute arbitrary code as the user running Thunderbird.> (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)> > Several flaws were found in the way malformed HTML content was displayed.> An HTML mail containing specially-crafted content could, potentially, trick> a Thunderbird user into surrendering sensitive information. (CVE-2008-2800)> > Two local file disclosure flaws were found in Thunderbird. An HTML mail> containing malicious content could cause Thunderbird to reveal the contents> of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)> > A flaw was found in the way a malformed .properties file was processed by> Thunderbird. A malicious extension could read uninitialized memory,> possibly leaking sensitive data to the extension. (CVE-2008-2807)> > A flaw was found in the way Thunderbird escaped a listing of local file> names. If a user could be tricked into listing a local directory containing> malicious file names, arbitrary JavaScript could be run with the> permissions of the user running Thunderbird. (CVE-2008-2808)> > A flaw was found in the way Thunderbird displayed information about> self-signed certificates. It was possible for a self-signed certificate to> contain multiple alternate name entries, which were not all displayed to> the user, allowing them to mistakenly extend trust to an unknown site.> (CVE-2008-2809)> > Note: JavaScript support is disabled by default in Thunderbird. The above> issues are not exploitable unless JavaScript is enabled.> > SL 4.x> >      SRPMS:> thunderbird-1.5.0.12-14.el4.src.rpm>      i386:> thunderbird-1.5.0.12-14.el4.i386.rpm>      x86_64:> thunderbird-1.5.0.12-14.el4.i386.rpm> > SL 5.x> >      SRPMS:> thunderbird-2.0.0.16-1.el5.src.rpm>      i386:> thunderbird-2.0.0.16-1.el5.i386.rpm>      x86_64:> thunderbird-2.0.0.16-1.el5.x86_64.rpm> > -Connie Sieh> -Troy Dawson> > > -- __________________________________________________Troy Dawson  dawson@fnal.gov  (630)840-6468Fermilab  ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date:         Mon, 4 Aug 2008 15:36:18 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Re: Security ERRATA for libxslt on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          In-Reply-To:  <48937977.5050102@fnal.gov>There was a typo in the last e-mail, sorry about that.We had a compiling problem on the SL4 x86_64 rpms.  It has been fixed and isworking now.  Both the x86_64 and i386 rpm's have been rebuilt with the newname to keep consistency.No code has been changed.  The rpm's were only recompiled.SL 4.x       SRPMS:libxslt-1.1.11-1.el4_7.2.sl.src.rpm       i386:libxslt-1.1.11-1.el4_7.2.sl.i386.rpmlibxslt-devel-1.1.11-1.el4_7.2.sl.i386.rpmlibxslt-python-1.1.11-1.el4_7.2.sl.i386.rpm       x86_64:libxslt-1.1.11-1.el4_7.2.sl.i386.rpmlibxslt-1.1.11-1.el4_7.2.sl.x86_64.rpmlibxslt-devel-1.1.11-1.el4_7.2.sl.x86_64.rpmlibxslt-python-1.1.11-1.el4_7.2.sl.x86_64.rpmTroyTroy Dawson wrote:> Synopsis:       Moderate: libxslt security update> Issue date:     2008-07-31> CVE Names:      CVE-2008-2935>> A heap buffer overflow flaw was discovered in the RC4 libxslt library> extension. An attacker could create a malicious XSL file that would cause a> crash, or, possibly, execute arbitrary code with the privileges of the> application using the libxslt library to perform XSL transformations on> untrusted XSL style sheets. (CVE-2008-2935)>> SL 4.x>>      SRPMS:> libxslt-1.1.11-1.el4_7.2.src.rpm>      i386:> libxslt-1.1.11-1.el4_7.2.i386.rpm> libxslt-devel-1.1.11-1.el4_7.2.i386.rpm> libxslt-python-1.1.11-1.el4_7.2.i386.rpm>      x86_64:> libxslt-1.1.11-1.el4_7.2.i386.rpm> libxslt-1.1.11-1.el4_7.2.x86_64.rpm> libxslt-devel-1.1.11-1.el4_7.2.x86_64.rpm> libxslt-python-1.1.11-1.el4_7.2.x86_64.rpm>> SL 5.x>>      SRPMS:> libxslt-1.1.17-2.el5_2.2.src.rpm>      i386:> libxslt-1.1.17-2.el5_2.2.i386.rpm> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm> libxslt-python-1.1.17-2.el5_2.2.i386.rpm>      x86_64:> libxslt-1.1.17-2.el5_2.2.i386.rpm> libxslt-1.1.17-2.el5_2.2.x86_64.rpm> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm> libxslt-devel-1.1.17-2.el5_2.2.x86_64.rpm> libxslt-python-1.1.17-2.el5_2.2.x86_64.rpm>> -Connie Sieh> -Troy Dawson>>>--__________________________________________________Troy Dawson  dawson@fnal.gov  (630)840-6468Fermilab  ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date:         Tue, 5 Aug 2008 15:09:07 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for kernel on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: kernel security and bug fix updateIssue date:	2008-08-04CVE Names:	CVE-2008-2136 CVE-2008-1294 CVE-2008-2812These updated packages fix the following security issues:* a possible kernel memory leak was found in the Linux kernel SimpleInternet Transition (SIT) INET6 implementation. This could allow a localunprivileged user to cause a denial of service. (CVE-2008-2136, Important)* a flaw was found in the Linux kernel setrlimit system call, when settingRLIMIT_CPU to a certain value. This could allow a local unprivileged userto bypass the CPU time limit. (CVE-2008-1294, Moderate)* multiple NULL pointer dereferences were found in various Linux kernelnetwork drivers. These drivers were missing checks for terminal validity,which could allow privilege escalation. (CVE-2008-2812, Moderate)These updated packages fix the following bugs:* the GNU libc stub resolver is a minimal resolver that works with DomainName System (DNS) servers to satisfy requests from applications for names.The GNU libc stub resolver did not specify a source UDP port, and thereforeused predictable port numbers. This could have made DNS spoofing attackseasier.The Linux kernel has been updated to implement random UDP source portswhere none are specified by an application. This allows applications, suchas those using the GNU libc stub resolver, to use random UDP source ports,helping to make DNS spoofing attacks harder.* when using certain hardware, a bug in UART_BUG_TXEN may have causedincorrect hardware detection, causing data flow to "/dev/ttyS1" to hang.* a 50-75% drop in NFS server rewrite performance, compared to Red HatEnterprise Linux 4.6, has been resolved.* due a bug in the fast userspace mutex code, while one thread fetched apointer, another thread may have removed it, causing the first thread tofetch the wrong pointer, possibly causing a system crash.* on certain Hitachi hardware, removing the "uhci_hcd" module caused akernel oops, and the following error:BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr()Even after the "uhci_hcd" module was reloaded, there was no access to USBdevices. As well, on systems that have legacy interrupts,"acpi_unregister_gsi" incorrectly called "iosapci_unregister_intr()",causing warning messages to be logged.* when a page was mapped with mmap(), and "PROT_WRITE" was the only"prot" argument, the first read of that page caused a segmentation fault.If the page was read after it was written to, no fault occurred. This wasincompatible with the Red Hat Enterprise Linux 4 behavior.* due to a NULL pointer dereference in powernowk8_init(), a panic mayhave occurred.* certain error conditions handled by the bonding sysfs interface couldhave left rtnl_lock() unbalanced, either by locking and returning withoutunlocking, or by unlocking when it did not lock, possibly causing a"kernel: RTNL: assertion failed at net/core/fib_rules.c" error.* the kernel currently expects a maximum of six Machine Check Exception(MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which mayhave caused the MCE to be incorrectly reported.* a race condition in UNIX domain sockets may have caused recv() to returnzero. For clusters, this may have caused unexpected failovers.* msgrcv() frequently returned an incorrect "ERESTARTNOHAND (514)" errornumber.* on certain Intel Itanium-based systems, when kdump was configured to haltthe system after a dump operation, after the "System halted." output, thekernel continued to output endless "soft lockup" messages.SL 5.x    SRPMS:kernel-2.6.18-92.1.10.el5.src.rpm    i386:kernel-2.6.18-92.1.10.el5.i686.rpmkernel-debug-2.6.18-92.1.10.el5.i686.rpmkernel-debug-devel-2.6.18-92.1.10.el5.i686.rpmkernel-devel-2.6.18-92.1.10.el5.i686.rpmkernel-doc-2.6.18-92.1.10.el5.noarch.rpmkernel-headers-2.6.18-92.1.10.el5.i386.rpmkernel-PAE-2.6.18-92.1.10.el5.i686.rpmkernel-PAE-devel-2.6.18-92.1.10.el5.i686.rpmkernel-xen-2.6.18-92.1.10.el5.i686.rpmkernel-xen-devel-2.6.18-92.1.10.el5.i686.rpm   Dependancies:kernel-module-fuse-2.6.18-92.1.10.el5-2.6.3-1.sl5.i686.rpmkernel-module-fuse-2.6.18-92.1.10.el5PAE-2.6.3-1.sl5.i686.rpmkernel-module-fuse-2.6.18-92.1.10.el5xen-2.6.3-1.sl5.i686.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5-1.2.0-2.sl5.i686.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5PAE-1.2.0-2.sl5.i686.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5xen-1.2.0-2.sl5.i686.rpmkernel-module-madwifi-2.6.18-92.1.10.el5-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-2.6.18-92.1.10.el5PAE-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5PAE-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.i686.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5-1.53-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5PAE-1.53-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5xen-1.53-1.SL.i686.rpmkernel-module-openafs-2.6.18-92.1.10.el5-1.4.7-68.SL5.i686.rpmkernel-module-openafs-2.6.18-92.1.10.el5PAE-1.4.7-68.SL5.i686.rpmkernel-module-openafs-2.6.18-92.1.10.el5xen-1.4.7-68.SL5.i686.rpmkernel-module-xfs-2.6.18-92.1.10.el5-0.4-1.sl5.i686.rpmkernel-module-xfs-2.6.18-92.1.10.el5PAE-0.4-1.sl5.i686.rpmkernel-module-xfs-2.6.18-92.1.10.el5xen-0.4-1.sl5.i686.rpm    x86_64:kernel-2.6.18-92.1.10.el5.x86_64.rpmkernel-debug-2.6.18-92.1.10.el5.x86_64.rpmkernel-debug-devel-2.6.18-92.1.10.el5.x86_64.rpmkernel-devel-2.6.18-92.1.10.el5.x86_64.rpmkernel-doc-2.6.18-92.1.10.el5.noarch.rpmkernel-headers-2.6.18-92.1.10.el5.x86_64.rpmkernel-xen-2.6.18-92.1.10.el5.x86_64.rpmkernel-xen-devel-2.6.18-92.1.10.el5.x86_64.rpm   Dependancies:kernel-module-fuse-2.6.18-92.1.10.el5-2.6.3-1.sl5.x86_64.rpmkernel-module-fuse-2.6.18-92.1.10.el5xen-2.6.3-1.sl5.x86_64.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5-1.2.0-2.sl5.x86_64.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5xen-1.2.0-2.sl5.x86_64.rpmkernel-module-madwifi-2.6.18-92.1.10.el5-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.x86_64.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5-1.53-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5xen-1.53-1.SL.x86_64.rpmkernel-module-openafs-2.6.18-92.1.10.el5-1.4.7-68.SL5.x86_64.rpmkernel-module-openafs-2.6.18-92.1.10.el5xen-1.4.7-68.SL5.x86_64.rpmkernel-module-xfs-2.6.18-92.1.10.el5-0.4-1.sl5.x86_64.rpmkernel-module-xfs-2.6.18-92.1.10.el5xen-0.4-1.sl5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News