Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Fri, 6 Jun 2008 08:54:22 -0500 Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: FASTBUGS for SL 4.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "The following FASTBUGS have been uploaded to i386: ftp-0.17-23.el4_6.1.i386.rpm ftp-debuginfo-0.17-23.el4_6.1.i386.rpm nss_ldap-226-24.el4_6.i386.rpm nss_ldap-debuginfo-226-24.el4_6.i386.rpm sos-1.7-6.1.el4_6.2.noarch.rpm x86_64: ftp-0.17-23.el4_6.1.x86_64.rpm ftp-debuginfo-0.17-23.el4_6.1.x86_64.rpm nss_ldap-226-24.el4_6.x86_64.rpm nss_ldap-debuginfo-226-24.el4_6.x86_64.rpm sos-1.7-6.1.el4_6.2.noarch.rpm -Connie Sieh -Troy Dawson Date: Fri, 6 Jun 2008 12:21:10 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Re: Security ERRATA for evolution on SL5.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "In-Reply-To: <48484ADB.3010301@fnal.gov> My apologies. This was the first security errata that went out for evolution since it's major update from 2.8 to 2.12. I didn't check the dependancies close enough. Here are the dependancies that go along with this security update. i386: evolution-connector-2.12.3-4.el5_2.1.i386.rpm evolution-data-server-1.12.3-6.el5.i386.rpm evolution-data-server-devel-1.12.3-6.el5.i386.rpm evolution-data-server-doc-1.12.3-6.el5.i386.rpm evolution-webcal-2.7.1-6.i386.rpm gtkhtml3-3.16.3-1.el5.i386.rpm gtkhtml3-devel-3.16.3-1.el5.i386.rpm nspr-4.7.0.99.2-1.el5.i386.rpm nspr-devel-4.7.0.99.2-1.el5.i386.rpm nss-3.11.99.5-2.el5.i386.rpm nss-devel-3.11.99.5-2.el5.i386.rpm nss-pkcs11-devel-3.11.99.5-2.el5.i386.rpm nss-tools-3.11.99.5-2.el5.i386.rpm prelink-0.3.9-2.1.i386.rpm x86_64: evolution-connector-2.12.3-4.el5.x86_64.rpm evolution-data-server-1.12.3-6.el5.i386.rpm evolution-data-server-1.12.3-6.el5.x86_64.rpm evolution-data-server-devel-1.12.3-6.el5.i386.rpm evolution-data-server-devel-1.12.3-6.el5.x86_64.rpm evolution-data-server-doc-1.12.3-6.el5.x86_64.rpm evolution-webcal-2.7.1-6.x86_64.rpm gtkhtml3-3.16.3-1.el5.i386.rpm gtkhtml3-3.16.3-1.el5.x86_64.rpm gtkhtml3-devel-3.16.3-1.el5.i386.rpm gtkhtml3-devel-3.16.3-1.el5.x86_64.rpm nspr-4.7.0.99.2-1.el5.i386.rpm nspr-4.7.0.99.2-1.el5.x86_64.rpm nspr-devel-4.7.0.99.2-1.el5.i386.rpm nspr-devel-4.7.0.99.2-1.el5.x86_64.rpm nss-3.11.99.5-2.el5.i386.rpm nss-3.11.99.5-2.el5.x86_64.rpm nss-devel-3.11.99.5-2.el5.i386.rpm nss-devel-3.11.99.5-2.el5.x86_64.rpm nss-pkcs11-devel-3.11.99.5-2.el5.i386.rpm nss-pkcs11-devel-3.11.99.5-2.el5.x86_64.rpm nss-tools-3.11.99.5-2.el5.x86_64.rpm prelink-0.3.9-2.1.x86_64.rpm Troy Dawson Troy Dawson wrote: > Synopsis: Important: evolution security update > Issue date: 2008-06-04 > CVE Names: CVE-2008-1108 CVE-2008-1109 > > A flaw was found in the way Evolution parsed iCalendar timezone attachment > data. If the Itip Formatter plug-in was disabled and a user opened a mail > with a carefully crafted iCalendar attachment, arbitrary code could be > executed as the user running Evolution. (CVE-2008-1108) > > Note: the Itip Formatter plug-in, which allows calendar information > (attachments with a MIME type of "text/calendar") to be displayed as part > of the e-mail message, is enabled by default. > > A heap-based buffer overflow flaw was found in the way Evolution parsed > iCalendar attachments with an overly long "DESCRIPTION" property string. If > a user responded to a carefully crafted iCalendar attachment in a > particular way, arbitrary code could be executed as the user running > Evolution. (CVE-2008-1109). > SL 5.x > > SRPMS: > evolution-2.12.3-8.el5_2.2.src.rpm > i386: > evolution-2.12.3-8.el5_2.2.i386.rpm > evolution-devel-2.12.3-8.el5_2.2.i386.rpm > evolution-help-2.12.3-8.el5_2.2.i386.rpm > x86_64: > evolution-2.12.3-8.el5_2.2.i386.rpm > evolution-2.12.3-8.el5_2.2.x86_64.rpm > evolution-devel-2.12.3-8.el5_2.2.i386.rpm > evolution-devel-2.12.3-8.el5_2.2.x86_64.rpm > evolution-help-2.12.3-8.el5_2.2.x86_64.rpm > > -Connie Sieh > -Troy Dawson > > -- __________________________________________________ Troy Dawson This email address is being protected from spambots. You need JavaScript enabled to view it. (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________ Date: Tue, 10 Jun 2008 14:16:38 -0500 Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "Synopsis: Moderate: net-snmp security update Issue date: 2008-06-10 CVE Names: CVE-2008-2292 CVE-2008-0960 A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960) A buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker could convince an application using the Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292) SL 3.0.x SRPMS: net-snmp-5.0.9-2.30E.24.src.rpm i386: net-snmp-5.0.9-2.30E.24.i386.rpm net-snmp-devel-5.0.9-2.30E.24.i386.rpm net-snmp-libs-5.0.9-2.30E.24.i386.rpm net-snmp-perl-5.0.9-2.30E.24.i386.rpm net-snmp-utils-5.0.9-2.30E.24.i386.rpm x86_64: net-snmp-5.0.9-2.30E.24.x86_64.rpm net-snmp-devel-5.0.9-2.30E.24.x86_64.rpm net-snmp-libs-5.0.9-2.30E.24.i386.rpm net-snmp-libs-5.0.9-2.30E.24.x86_64.rpm net-snmp-perl-5.0.9-2.30E.24.x86_64.rpm net-snmp-utils-5.0.9-2.30E.24.x86_64.rpm SL 4.x SRPMS: net-snmp-5.1.2-11.el4_6.11.3.src.rpm i386: net-snmp-5.1.2-11.el4_6.11.3.i386.rpm net-snmp-devel-5.1.2-11.el4_6.11.3.i386.rpm net-snmp-libs-5.1.2-11.el4_6.11.3.i386.rpm net-snmp-perl-5.1.2-11.el4_6.11.3.i386.rpm net-snmp-utils-5.1.2-11.el4_6.11.3.i386.rpm x86_64: net-snmp-5.1.2-11.el4_6.11.3.x86_64.rpm net-snmp-devel-5.1.2-11.el4_6.11.3.x86_64.rpm net-snmp-libs-5.1.2-11.el4_6.11.3.i386.rpm net-snmp-libs-5.1.2-11.el4_6.11.3.x86_64.rpm net-snmp-perl-5.1.2-11.el4_6.11.3.x86_64.rpm net-snmp-utils-5.1.2-11.el4_6.11.3.x86_64.rpm SL 5.x SRPMS: net-snmp-5.3.1-24.el5_2.1.src.rpm i386: net-snmp-5.3.1-24.el5_2.1.i386.rpm net-snmp-devel-5.3.1-24.el5_2.1.i386.rpm net-snmp-libs-5.3.1-24.el5_2.1.i386.rpm net-snmp-perl-5.3.1-24.el5_2.1.i386.rpm net-snmp-utils-5.3.1-24.el5_2.1.i386.rpm x86_64: net-snmp-5.3.1-24.el5_2.1.x86_64.rpm net-snmp-devel-5.3.1-24.el5_2.1.i386.rpm net-snmp-devel-5.3.1-24.el5_2.1.x86_64.rpm net-snmp-libs-5.3.1-24.el5_2.1.i386.rpm net-snmp-libs-5.3.1-24.el5_2.1.x86_64.rpm net-snmp-perl-5.3.1-24.el5_2.1.x86_64.rpm net-snmp-utils-5.3.1-24.el5_2.1.x86_64.rpm -Connie Sieh -Troy Dawson