Date:         Tue, 14 Oct 2008 16:16:19 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Re: Security ERRATA for thunderbird on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          
In-Reply-To:  <48E3DDC3.3070601@fnal.gov>

We had a compiling problem on the SL4 x86_64 rpms.  The compiling problem has 
been fixed and is working now.  Both the x86_64 and i386 rpm's have been 
rebuilt with the new name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

        SRPMS:
thunderbird-1.5.0.12-16.el4.sl.src.rpm
        i386:
thunderbird-1.5.0.12-16.el4.sl.i386.rpm
        x86_64:
thunderbird-1.5.0.12-16.el4.sl.x86_64.rpm

Troy Dawson

Troy J Dawson wrote:
> Synopsis:       Moderate: thunderbird security update
> Issue date:     2008-10-01
> CVE Names:      CVE-2008-0016 CVE-2008-3835 CVE-2008-4058
>                    CVE-2008-4059 CVE-2008-4060 CVE-2008-4061
>                    CVE-2008-4062 CVE-2008-4065 CVE-2008-4066
>                    CVE-2008-4067 CVE-2008-4068 CVE-2008-4070
> 
> 
> Several flaws were found in the processing of malformed HTML mail content.
> An HTML mail message containing malicious content could cause Thunderbird
> to crash or, potentially, execute arbitrary code as the user running
> Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
> CVE-2008-4061, CVE-2008-4062)
> 
> Several flaws were found in the way malformed HTML mail content was
> displayed. An HTML mail message containing specially crafted content could
> potentially trick a Thunderbird user into surrendering sensitive
> information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)
> 
> A flaw was found in Thunderbird that caused certain characters to be
> stripped from JavaScript code. This flaw could allow malicious JavaScript
> to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)
> 
> Note: JavaScript support is disabled by default in Thunderbird; the above
> issue is not exploitable unless JavaScript is enabled.
> 
> A heap based buffer overflow flaw was found in the handling of cancelled
> newsgroup messages. If the user cancels a specially crafted newsgroup
> message it could cause Thunderbird to crash or, potentially, execute
> arbitrary code as the user running Thunderbird. (CVE-2008-4070)
> 
> Note2: On SL4 this updates fixes the bug that when a URL link is clicked,
> firefox wouldn't start.  Firefox now starts when a URL link is clicked.
> 
> SL 4.x
> 
>      SRPMS:
> thunderbird-1.5.0.12-16.el4.src.rpm
>      i386:
> thunderbird-1.5.0.12-16.el4.i386.rpm
>      x86_64:
> thunderbird-1.5.0.12-16.el4.x86_64.rpm
> 
> SL 5.x
> 
>      SRPMS:
> thunderbird-2.0.0.17-1.el5.src.rpm
>      i386:
> thunderbird-2.0.0.17-1.el5.i386.rpm
>      x86_64:
> thunderbird-2.0.0.17-1.el5.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  dawson@fnal.gov  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
Date:         Tue, 14 Oct 2008 16:16:21 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Re: Security ERRATA for cups on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          
In-Reply-To:  <48EFA6F5.4010005@fnal.gov>

We had a compiling problem on the SL4 x86_64 rpms.  The compiling problem has 
been fixed and is working now.  Both the x86_64 and i386 rpm's have been 
rebuilt with the new name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

        SRPMS:
cups-1.1.22-0.rc1.9.27.el4_7.1.sl.src.rpm
        i386:
cups-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
cups-devel-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
        x86_64:
cups-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm
cups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpm

Troy Dawson

Troy J Dawson wrote:
> Synopsis:       Important: cups security update
> Issue date:     2008-10-10
> CVE Names:      CVE-2008-3639 CVE-2008-3640 CVE-2008-3641
> 
> A buffer overflow flaw was discovered in the SGI image format decoding
> routines used by the CUPS image converting filter "imagetops". An attacker
> could create a malicious SGI image file that could, possibly, execute
> arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)
> 
> An integer overflow flaw leading to a heap buffer overflow was discovered
> in the Text-to-PostScript "texttops" filter. An attacker could create a
> malicious text file that could, possibly, execute arbitrary code as the
> "lp" user if the file was printed. (CVE-2008-3640)
> 
> An insufficient buffer bounds checking flaw was discovered in the
> HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a
> malicious HP-GL/2 file that could, possibly, execute arbitrary code as the
> "lp" user if the file was printed. (CVE-2008-3641)
> 
> SL 3.0.x
> 
>       SRPMS:
> cups-1.1.17-13.3.54.src.rpm
>       i386:
> cups-1.1.17-13.3.54.i386.rpm
> cups-devel-1.1.17-13.3.54.i386.rpm
> cups-libs-1.1.17-13.3.54.i386.rpm
>       x86_64:
> cups-1.1.17-13.3.54.x86_64.rpm
> cups-devel-1.1.17-13.3.54.x86_64.rpm
> cups-libs-1.1.17-13.3.54.i386.rpm
> cups-libs-1.1.17-13.3.54.x86_64.rpm
> 
> SL 4.x
> 
>       SRPMS:
> cups-1.1.22-0.rc1.9.27.el4_7.1.src.rpm
>       i386:
> cups-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
> cups-devel-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
>       x86_64:
> cups-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
> cups-devel-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm
> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm
> 
> SL 5.x
> 
>       SRPMS:
> cups-1.2.4-11.18.el5_2.2.src.rpm
>       i386:
> cups-1.2.4-11.18.el5_2.2.i386.rpm
> cups-devel-1.2.4-11.18.el5_2.2.i386.rpm
> cups-libs-1.2.4-11.18.el5_2.2.i386.rpm
> cups-lpd-1.2.4-11.18.el5_2.2.i386.rpm
>       x86_64:
> cups-1.2.4-11.18.el5_2.2.x86_64.rpm
> cups-devel-1.2.4-11.18.el5_2.2.i386.rpm
> cups-devel-1.2.4-11.18.el5_2.2.x86_64.rpm
> cups-libs-1.2.4-11.18.el5_2.2.i386.rpm
> cups-libs-1.2.4-11.18.el5_2.2.x86_64.rpm
> cups-lpd-1.2.4-11.18.el5_2.2.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  dawson@fnal.gov  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
Date:         Wed, 15 Oct 2008 14:01:54 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      FASTBUGS for SL 4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

The following FASTBUGS have been uploaded to


          i386:
bash-3.0-19.7.el4_7.1.x86_64.rpm
net-snmp-5.1.2-13.el4_7.1.i386.rpm
net-snmp-devel-5.1.2-13.el4_7.1.i386.rpm
net-snmp-libs-5.1.2-13.el4_7.1.i386.rpm
net-snmp-perl-5.1.2-13.el4_7.1.i386.rpm
net-snmp-utils-5.1.2-13.el4_7.1.i386.rpm
net-tools-1.60-40.el4.i386.rpm
nspr-4.7.1-1.el4.i386.rpm
nspr-4.7.1-1.el4.x86_64.rpm
nspr-devel-4.7.1-1.el4.x86_64.rpm
nss-3.12.1.1-1.el4.i386.rpm
nss-3.12.1.1-1.el4.x86_64.rpm
nss-devel-3.12.1.1-1.el4.x86_64.rpm
         x86_64:
bash-3.0-19.7.el4_7.1.x86_64.rpm
net-snmp-5.1.2-13.el4_7.1.x86_64.rpm
net-snmp-devel-5.1.2-13.el4_7.1.x86_64.rpm
net-snmp-libs-5.1.2-13.el4_7.1.i386.rpm
net-snmp-libs-5.1.2-13.el4_7.1.x86_64.rpm
net-snmp-perl-5.1.2-13.el4_7.1.x86_64.rpm
net-snmp-utils-5.1.2-13.el4_7.1.x86_64.rpm
net-tools-1.60-40.el4.x86_64.rpm
nspr-4.7.1-1.el4.i386.rpm
nspr-4.7.1-1.el4.x86_64.rpm
nspr-devel-4.7.1-1.el4.x86_64.rpm
nss-3.12.1.1-1.el4.i386.rpm
nss-3.12.1.1-1.el4.x86_64.rpm
nss-devel-3.12.1.1-1.el4.x86_64.rpm


-Connie Sieh
-Troy Dawson
Date:         Wed, 15 Oct 2008 14:03:23 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      FASTBUGS for SL 5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

The following FASTBUGS have been uploaded to



         i386:
cdda2wav-2.01-10.7.el5.x86_64.rpm
cdrecord-2.01-10.7.el5.x86_64.rpm
cdrecord-devel-2.01-10.7.el5.i386.rpm
cdrecord-devel-2.01-10.7.el5.x86_64.rpm
freeradius-1.1.3-1.4.el5.x86_64.rpm
freeradius-mysql-1.1.3-1.4.el5.x86_64.rpm
freeradius-postgresql-1.1.3-1.4.el5.x86_64.rpm
freeradius-unixODBC-1.1.3-1.4.el5.x86_64.rpm
inews-2.4.3-8.el5.x86_64.rpm
inn-2.4.3-8.el5.x86_64.rpm
inn-devel-2.4.3-8.el5.i386.rpm
inn-devel-2.4.3-8.el5.x86_64.rpm
libdhcp-1.20-5.el5_2.1.i386.rpm
libdhcp-devel-1.20-5.el5_2.1.i386.rpm
mkisofs-2.01-10.7.el5.x86_64.rpm
OpenIPMI-2.0.6-6.el5_2.2.i386.rpm
OpenIPMI-devel-2.0.6-6.el5_2.2.i386.rpm
OpenIPMI-libs-2.0.6-6.el5_2.2.i386.rpm
OpenIPMI-perl-2.0.6-6.el5_2.2.i386.rpm
OpenIPMI-python-2.0.6-6.el5_2.2.i386.rpm
OpenIPMI-tools-2.0.6-6.el5_2.2.i386.rpm
sabayon-2.12.4-6.el5.x86_64.rpm
sabayon-apply-2.12.4-6.el5.x86_64.rpm
xfig-3.2.4-21.3.el5.x86_64.rpm

        x86_64:
cdda2wav-2.01-10.7.el5.i386.rpm
cdrecord-2.01-10.7.el5.i386.rpm
cdrecord-devel-2.01-10.7.el5.i386.rpm
freeradius-1.1.3-1.4.el5.i386.rpm
freeradius-mysql-1.1.3-1.4.el5.i386.rpm
freeradius-postgresql-1.1.3-1.4.el5.i386.rpm
freeradius-unixODBC-1.1.3-1.4.el5.i386.rpm
inews-2.4.3-8.el5.i386.rpm
inn-2.4.3-8.el5.i386.rpm
inn-devel-2.4.3-8.el5.i386.rpm
libdhcp-1.20-5.el5_2.1.i386.rpm
libdhcp-1.20-5.el5_2.1.x86_64.rpm
libdhcp-devel-1.20-5.el5_2.1.i386.rpm
libdhcp-devel-1.20-5.el5_2.1.x86_64.rpm
mkisofs-2.01-10.7.el5.i386.rpm
OpenIPMI-2.0.6-6.el5_2.2.x86_64.rpm
OpenIPMI-devel-2.0.6-6.el5_2.2.i386.rpm
OpenIPMI-devel-2.0.6-6.el5_2.2.x86_64.rpm
OpenIPMI-libs-2.0.6-6.el5_2.2.i386.rpm
OpenIPMI-libs-2.0.6-6.el5_2.2.x86_64.rpm
OpenIPMI-perl-2.0.6-6.el5_2.2.x86_64.rpm
OpenIPMI-python-2.0.6-6.el5_2.2.x86_64.rpm
OpenIPMI-tools-2.0.6-6.el5_2.2.x86_64.rpm
sabayon-2.12.4-6.el5.i386.rpm
sabayon-apply-2.12.4-6.el5.i386.rpm
xfig-3.2.4-21.3.el5.i386.rpm


-Connie Sieh
-Troy Dawson
Date:         Wed, 22 Oct 2008 18:58:19 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for ed on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: ed security update
Issue date:	2008-10-21
CVE Names:	CVE-2008-3916

A heap-based buffer overflow was discovered in the way ed, the GNU line
editor, processed long file names. An attacker could create a file with 
a specially-crafted name that could possibly execute an arbitrary code 
when opened in the ed editor. (CVE-2008-3916)

SL 3.0.x

      SRPMS:
ed-0.2-33.30E.1.src.rpm
      i386:
ed-0.2-33.30E.1.i386.rpm
      x86_64:
ed-0.2-33.30E.1.x86_64.rpm

SL 4.x

      SRPMS:
ed-0.2-36.el4_7.1.src.rpm
      i386:
ed-0.2-36.el4_7.1.i386.rpm
      x86_64:
ed-0.2-36.el4_7.1.x86_64.rpm

SL 5.x

      SRPMS:
ed-0.2-39.el5_2.src.rpm
      i386:
ed-0.2-39.el5_2.i386.rpm
      x86_64:
ed-0.2-39.el5_2.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-0016 ed SL3.x, SL4.x, SL5.x i386/x86_64

Moderate: ed security update

Summary

Date:         Tue, 14 Oct 2008 16:16:19 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Re: Security ERRATA for thunderbird on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          In-Reply-To:  <48E3DDC3.3070601@fnal.gov>We had a compiling problem on the SL4 x86_64 rpms.  The compiling problem has been fixed and is working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency.No code has been changed.  The rpm's were only recompiled.SL 4.x        SRPMS:thunderbird-1.5.0.12-16.el4.sl.src.rpm        i386:thunderbird-1.5.0.12-16.el4.sl.i386.rpm        x86_64:thunderbird-1.5.0.12-16.el4.sl.x86_64.rpmTroy DawsonTroy J Dawson wrote:> Synopsis:       Moderate: thunderbird security update> Issue date:     2008-10-01> CVE Names:      CVE-2008-0016 CVE-2008-3835 CVE-2008-4058>                    CVE-2008-4059 CVE-2008-4060 CVE-2008-4061>                    CVE-2008-4062 CVE-2008-4065 CVE-2008-4066>                    CVE-2008-4067 CVE-2008-4068 CVE-2008-4070> > > Several flaws were found in the processing of malformed HTML mail content.> An HTML mail message containing malicious content could cause Thunderbird> to crash or, potentially, execute arbitrary code as the user running> Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,> CVE-2008-4061, CVE-2008-4062)> > Several flaws were found in the way malformed HTML mail content was> displayed. An HTML mail message containing specially crafted content could> potentially trick a Thunderbird user into surrendering sensitive> information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)> > A flaw was found in Thunderbird that caused certain characters to be> stripped from JavaScript code. This flaw could allow malicious JavaScript> to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)> > Note: JavaScript support is disabled by default in Thunderbird; the above> issue is not exploitable unless JavaScript is enabled.> > A heap based buffer overflow flaw was found in the handling of cancelled> newsgroup messages. If the user cancels a specially crafted newsgroup> message it could cause Thunderbird to crash or, potentially, execute> arbitrary code as the user running Thunderbird. (CVE-2008-4070)> > Note2: On SL4 this updates fixes the bug that when a URL link is clicked,> firefox wouldn't start.  Firefox now starts when a URL link is clicked.> > SL 4.x> >      SRPMS:> thunderbird-1.5.0.12-16.el4.src.rpm>      i386:> thunderbird-1.5.0.12-16.el4.i386.rpm>      x86_64:> thunderbird-1.5.0.12-16.el4.x86_64.rpm> > SL 5.x> >      SRPMS:> thunderbird-2.0.0.17-1.el5.src.rpm>      i386:> thunderbird-2.0.0.17-1.el5.i386.rpm>      x86_64:> thunderbird-2.0.0.17-1.el5.x86_64.rpm> > -Connie Sieh> -Troy Dawson> > > -- __________________________________________________Troy Dawson  dawson@fnal.gov  (630)840-6468Fermilab  ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date:         Tue, 14 Oct 2008 16:16:21 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Re: Security ERRATA for cups on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          In-Reply-To:  <48EFA6F5.4010005@fnal.gov>We had a compiling problem on the SL4 x86_64 rpms.  The compiling problem has been fixed and is working now.  Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency.No code has been changed.  The rpm's were only recompiled.SL 4.x        SRPMS:cups-1.1.22-0.rc1.9.27.el4_7.1.sl.src.rpm        i386:cups-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpmcups-devel-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpmcups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpm        x86_64:cups-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpmcups-devel-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpmcups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.i386.rpmcups-libs-1.1.22-0.rc1.9.27.el4_7.1.sl.x86_64.rpmTroy DawsonTroy J Dawson wrote:> Synopsis:       Important: cups security update> Issue date:     2008-10-10> CVE Names:      CVE-2008-3639 CVE-2008-3640 CVE-2008-3641> > A buffer overflow flaw was discovered in the SGI image format decoding> routines used by the CUPS image converting filter "imagetops". An attacker> could create a malicious SGI image file that could, possibly, execute> arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639)> > An integer overflow flaw leading to a heap buffer overflow was discovered> in the Text-to-PostScript "texttops" filter. An attacker could create a> malicious text file that could, possibly, execute arbitrary code as the> "lp" user if the file was printed. (CVE-2008-3640)> > An insufficient buffer bounds checking flaw was discovered in the> HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a> malicious HP-GL/2 file that could, possibly, execute arbitrary code as the> "lp" user if the file was printed. (CVE-2008-3641)> > SL 3.0.x> >       SRPMS:> cups-1.1.17-13.3.54.src.rpm>       i386:> cups-1.1.17-13.3.54.i386.rpm> cups-devel-1.1.17-13.3.54.i386.rpm> cups-libs-1.1.17-13.3.54.i386.rpm>       x86_64:> cups-1.1.17-13.3.54.x86_64.rpm> cups-devel-1.1.17-13.3.54.x86_64.rpm> cups-libs-1.1.17-13.3.54.i386.rpm> cups-libs-1.1.17-13.3.54.x86_64.rpm> > SL 4.x> >       SRPMS:> cups-1.1.22-0.rc1.9.27.el4_7.1.src.rpm>       i386:> cups-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm> cups-devel-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm>       x86_64:> cups-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm> cups-devel-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.i386.rpm> cups-libs-1.1.22-0.rc1.9.27.el4_7.1.x86_64.rpm> > SL 5.x> >       SRPMS:> cups-1.2.4-11.18.el5_2.2.src.rpm>       i386:> cups-1.2.4-11.18.el5_2.2.i386.rpm> cups-devel-1.2.4-11.18.el5_2.2.i386.rpm> cups-libs-1.2.4-11.18.el5_2.2.i386.rpm> cups-lpd-1.2.4-11.18.el5_2.2.i386.rpm>       x86_64:> cups-1.2.4-11.18.el5_2.2.x86_64.rpm> cups-devel-1.2.4-11.18.el5_2.2.i386.rpm> cups-devel-1.2.4-11.18.el5_2.2.x86_64.rpm> cups-libs-1.2.4-11.18.el5_2.2.i386.rpm> cups-libs-1.2.4-11.18.el5_2.2.x86_64.rpm> cups-lpd-1.2.4-11.18.el5_2.2.x86_64.rpm> > -Connie Sieh> -Troy Dawson> > > -- __________________________________________________Troy Dawson  dawson@fnal.gov  (630)840-6468Fermilab  ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date:         Wed, 15 Oct 2008 14:01:54 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      FASTBUGS for SL 4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          The following FASTBUGS have been uploaded to          i386:bash-3.0-19.7.el4_7.1.x86_64.rpmnet-snmp-5.1.2-13.el4_7.1.i386.rpmnet-snmp-devel-5.1.2-13.el4_7.1.i386.rpmnet-snmp-libs-5.1.2-13.el4_7.1.i386.rpmnet-snmp-perl-5.1.2-13.el4_7.1.i386.rpmnet-snmp-utils-5.1.2-13.el4_7.1.i386.rpmnet-tools-1.60-40.el4.i386.rpmnspr-4.7.1-1.el4.i386.rpmnspr-4.7.1-1.el4.x86_64.rpmnspr-devel-4.7.1-1.el4.x86_64.rpmnss-3.12.1.1-1.el4.i386.rpmnss-3.12.1.1-1.el4.x86_64.rpmnss-devel-3.12.1.1-1.el4.x86_64.rpm         x86_64:bash-3.0-19.7.el4_7.1.x86_64.rpmnet-snmp-5.1.2-13.el4_7.1.x86_64.rpmnet-snmp-devel-5.1.2-13.el4_7.1.x86_64.rpmnet-snmp-libs-5.1.2-13.el4_7.1.i386.rpmnet-snmp-libs-5.1.2-13.el4_7.1.x86_64.rpmnet-snmp-perl-5.1.2-13.el4_7.1.x86_64.rpmnet-snmp-utils-5.1.2-13.el4_7.1.x86_64.rpmnet-tools-1.60-40.el4.x86_64.rpmnspr-4.7.1-1.el4.i386.rpmnspr-4.7.1-1.el4.x86_64.rpmnspr-devel-4.7.1-1.el4.x86_64.rpmnss-3.12.1.1-1.el4.i386.rpmnss-3.12.1.1-1.el4.x86_64.rpmnss-devel-3.12.1.1-1.el4.x86_64.rpm-Connie Sieh-Troy DawsonDate:         Wed, 15 Oct 2008 14:03:23 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      FASTBUGS for SL 5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          The following FASTBUGS have been uploaded to         i386:cdda2wav-2.01-10.7.el5.x86_64.rpmcdrecord-2.01-10.7.el5.x86_64.rpmcdrecord-devel-2.01-10.7.el5.i386.rpmcdrecord-devel-2.01-10.7.el5.x86_64.rpmfreeradius-1.1.3-1.4.el5.x86_64.rpmfreeradius-mysql-1.1.3-1.4.el5.x86_64.rpmfreeradius-postgresql-1.1.3-1.4.el5.x86_64.rpmfreeradius-unixODBC-1.1.3-1.4.el5.x86_64.rpminews-2.4.3-8.el5.x86_64.rpminn-2.4.3-8.el5.x86_64.rpminn-devel-2.4.3-8.el5.i386.rpminn-devel-2.4.3-8.el5.x86_64.rpmlibdhcp-1.20-5.el5_2.1.i386.rpmlibdhcp-devel-1.20-5.el5_2.1.i386.rpmmkisofs-2.01-10.7.el5.x86_64.rpmOpenIPMI-2.0.6-6.el5_2.2.i386.rpmOpenIPMI-devel-2.0.6-6.el5_2.2.i386.rpmOpenIPMI-libs-2.0.6-6.el5_2.2.i386.rpmOpenIPMI-perl-2.0.6-6.el5_2.2.i386.rpmOpenIPMI-python-2.0.6-6.el5_2.2.i386.rpmOpenIPMI-tools-2.0.6-6.el5_2.2.i386.rpmsabayon-2.12.4-6.el5.x86_64.rpmsabayon-apply-2.12.4-6.el5.x86_64.rpmxfig-3.2.4-21.3.el5.x86_64.rpm        x86_64:cdda2wav-2.01-10.7.el5.i386.rpmcdrecord-2.01-10.7.el5.i386.rpmcdrecord-devel-2.01-10.7.el5.i386.rpmfreeradius-1.1.3-1.4.el5.i386.rpmfreeradius-mysql-1.1.3-1.4.el5.i386.rpmfreeradius-postgresql-1.1.3-1.4.el5.i386.rpmfreeradius-unixODBC-1.1.3-1.4.el5.i386.rpminews-2.4.3-8.el5.i386.rpminn-2.4.3-8.el5.i386.rpminn-devel-2.4.3-8.el5.i386.rpmlibdhcp-1.20-5.el5_2.1.i386.rpmlibdhcp-1.20-5.el5_2.1.x86_64.rpmlibdhcp-devel-1.20-5.el5_2.1.i386.rpmlibdhcp-devel-1.20-5.el5_2.1.x86_64.rpmmkisofs-2.01-10.7.el5.i386.rpmOpenIPMI-2.0.6-6.el5_2.2.x86_64.rpmOpenIPMI-devel-2.0.6-6.el5_2.2.i386.rpmOpenIPMI-devel-2.0.6-6.el5_2.2.x86_64.rpmOpenIPMI-libs-2.0.6-6.el5_2.2.i386.rpmOpenIPMI-libs-2.0.6-6.el5_2.2.x86_64.rpmOpenIPMI-perl-2.0.6-6.el5_2.2.x86_64.rpmOpenIPMI-python-2.0.6-6.el5_2.2.x86_64.rpmOpenIPMI-tools-2.0.6-6.el5_2.2.x86_64.rpmsabayon-2.12.4-6.el5.i386.rpmsabayon-apply-2.12.4-6.el5.i386.rpmxfig-3.2.4-21.3.el5.i386.rpm-Connie Sieh-Troy DawsonDate:         Wed, 22 Oct 2008 18:58:19 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for ed on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: ed security updateIssue date:	2008-10-21CVE Names:	CVE-2008-3916A heap-based buffer overflow was discovered in the way ed, the GNU lineeditor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor. (CVE-2008-3916)SL 3.0.x      SRPMS:ed-0.2-33.30E.1.src.rpm      i386:ed-0.2-33.30E.1.i386.rpm      x86_64:ed-0.2-33.30E.1.x86_64.rpmSL 4.x      SRPMS:ed-0.2-36.el4_7.1.src.rpm      i386:ed-0.2-36.el4_7.1.i386.rpm      x86_64:ed-0.2-36.el4_7.1.x86_64.rpmSL 5.x      SRPMS:ed-0.2-39.el5_2.src.rpm      i386:ed-0.2-39.el5_2.i386.rpm      x86_64:ed-0.2-39.el5_2.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News