Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

Scientific Linux: Moderate Net-SNMP Security Update Details

Scientific Large Esm H446
Moderate: net-snmp security update
Date: Fri, 6 Jun 2008 08:54:22 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: FASTBUGS for SL 4.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

The following FASTBUGS have been uploaded to

 i386:
ftp-0.17-23.el4_6.1.i386.rpm
ftp-debuginfo-0.17-23.el4_6.1.i386.rpm
nss_ldap-226-24.el4_6.i386.rpm
nss_ldap-debuginfo-226-24.el4_6.i386.rpm
sos-1.7-6.1.el4_6.2.noarch.rpm
 x86_64:
ftp-0.17-23.el4_6.1.x86_64.rpm
ftp-debuginfo-0.17-23.el4_6.1.x86_64.rpm
nss_ldap-226-24.el4_6.x86_64.rpm
nss_ldap-debuginfo-226-24.el4_6.x86_64.rpm
sos-1.7-6.1.el4_6.2.noarch.rpm

-Connie Sieh
-Troy Dawson
Date: Fri, 6 Jun 2008 12:21:10 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Re: Security ERRATA for evolution on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
In-Reply-To: <48484ADB.3010301@fnal.gov>

My apologies.
This was the first security errata that went out for evolution since it's major
update from 2.8 to 2.12. I didn't check the dependancies close enough. Here
are the dependancies that go along with this security update.

 i386:
evolution-connector-2.12.3-4.el5_2.1.i386.rpm
evolution-data-server-1.12.3-6.el5.i386.rpm
evolution-data-server-devel-1.12.3-6.el5.i386.rpm
evolution-data-server-doc-1.12.3-6.el5.i386.rpm
evolution-webcal-2.7.1-6.i386.rpm
gtkhtml3-3.16.3-1.el5.i386.rpm
gtkhtml3-devel-3.16.3-1.el5.i386.rpm
nspr-4.7.0.99.2-1.el5.i386.rpm
nspr-devel-4.7.0.99.2-1.el5.i386.rpm
nss-3.11.99.5-2.el5.i386.rpm
nss-devel-3.11.99.5-2.el5.i386.rpm
nss-pkcs11-devel-3.11.99.5-2.el5.i386.rpm
nss-tools-3.11.99.5-2.el5.i386.rpm
prelink-0.3.9-2.1.i386.rpm

 x86_64:
evolution-connector-2.12.3-4.el5.x86_64.rpm
evolution-data-server-1.12.3-6.el5.i386.rpm
evolution-data-server-1.12.3-6.el5.x86_64.rpm
evolution-data-server-devel-1.12.3-6.el5.i386.rpm
evolution-data-server-devel-1.12.3-6.el5.x86_64.rpm
evolution-data-server-doc-1.12.3-6.el5.x86_64.rpm
evolution-webcal-2.7.1-6.x86_64.rpm
gtkhtml3-3.16.3-1.el5.i386.rpm
gtkhtml3-3.16.3-1.el5.x86_64.rpm
gtkhtml3-devel-3.16.3-1.el5.i386.rpm
gtkhtml3-devel-3.16.3-1.el5.x86_64.rpm
nspr-4.7.0.99.2-1.el5.i386.rpm
nspr-4.7.0.99.2-1.el5.x86_64.rpm
nspr-devel-4.7.0.99.2-1.el5.i386.rpm
nspr-devel-4.7.0.99.2-1.el5.x86_64.rpm
nss-3.11.99.5-2.el5.i386.rpm
nss-3.11.99.5-2.el5.x86_64.rpm
nss-devel-3.11.99.5-2.el5.i386.rpm
nss-devel-3.11.99.5-2.el5.x86_64.rpm
nss-pkcs11-devel-3.11.99.5-2.el5.i386.rpm
nss-pkcs11-devel-3.11.99.5-2.el5.x86_64.rpm
nss-tools-3.11.99.5-2.el5.x86_64.rpm
prelink-0.3.9-2.1.x86_64.rpm

Troy Dawson

Troy Dawson wrote:
> Synopsis: Important: evolution security update
> Issue date: 2008-06-04
> CVE Names: CVE-2008-1108 CVE-2008-1109
>
> A flaw was found in the way Evolution parsed iCalendar timezone attachment
> data. If the Itip Formatter plug-in was disabled and a user opened a mail
> with a carefully crafted iCalendar attachment, arbitrary code could be
> executed as the user running Evolution. (CVE-2008-1108)
>
> Note: the Itip Formatter plug-in, which allows calendar information
> (attachments with a MIME type of "text/calendar") to be displayed as part
> of the e-mail message, is enabled by default.
>
> A heap-based buffer overflow flaw was found in the way Evolution parsed
> iCalendar attachments with an overly long "DESCRIPTION" property string. If
> a user responded to a carefully crafted iCalendar attachment in a
> particular way, arbitrary code could be executed as the user running
> Evolution. (CVE-2008-1109).
> SL 5.x
>
> SRPMS:
> evolution-2.12.3-8.el5_2.2.src.rpm
> i386:
> evolution-2.12.3-8.el5_2.2.i386.rpm
> evolution-devel-2.12.3-8.el5_2.2.i386.rpm
> evolution-help-2.12.3-8.el5_2.2.i386.rpm
> x86_64:
> evolution-2.12.3-8.el5_2.2.i386.rpm
> evolution-2.12.3-8.el5_2.2.x86_64.rpm
> evolution-devel-2.12.3-8.el5_2.2.i386.rpm
> evolution-devel-2.12.3-8.el5_2.2.x86_64.rpm
> evolution-help-2.12.3-8.el5_2.2.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>

--
__________________________________________________
Troy Dawson This email address is being protected from spambots. You need JavaScript enabled to view it. (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
Date: Tue, 10 Jun 2008 14:16:38 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: net-snmp security update
Issue date:	2008-06-10
CVE Names:	CVE-2008-2292 CVE-2008-0960

A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash
Message Authentication Code (HMAC). An attacker could use this flaw to
spoof an authenticated SNMPv3 packet. (CVE-2008-0960)

A buffer overflow was found in the Perl bindings for Net-SNMP. This could
be exploited if an attacker could convince an application using the
Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292)

SL 3.0.x

 SRPMS:
net-snmp-5.0.9-2.30E.24.src.rpm
 i386:
net-snmp-5.0.9-2.30E.24.i386.rpm
net-snmp-devel-5.0.9-2.30E.24.i386.rpm
net-snmp-libs-5.0.9-2.30E.24.i386.rpm
net-snmp-perl-5.0.9-2.30E.24.i386.rpm
net-snmp-utils-5.0.9-2.30E.24.i386.rpm
 x86_64:
net-snmp-5.0.9-2.30E.24.x86_64.rpm
net-snmp-devel-5.0.9-2.30E.24.x86_64.rpm
net-snmp-libs-5.0.9-2.30E.24.i386.rpm
net-snmp-libs-5.0.9-2.30E.24.x86_64.rpm
net-snmp-perl-5.0.9-2.30E.24.x86_64.rpm
net-snmp-utils-5.0.9-2.30E.24.x86_64.rpm

SL 4.x

 SRPMS:
net-snmp-5.1.2-11.el4_6.11.3.src.rpm
 i386:
net-snmp-5.1.2-11.el4_6.11.3.i386.rpm
net-snmp-devel-5.1.2-11.el4_6.11.3.i386.rpm
net-snmp-libs-5.1.2-11.el4_6.11.3.i386.rpm
net-snmp-perl-5.1.2-11.el4_6.11.3.i386.rpm
net-snmp-utils-5.1.2-11.el4_6.11.3.i386.rpm
 x86_64:
net-snmp-5.1.2-11.el4_6.11.3.x86_64.rpm
net-snmp-devel-5.1.2-11.el4_6.11.3.x86_64.rpm
net-snmp-libs-5.1.2-11.el4_6.11.3.i386.rpm
net-snmp-libs-5.1.2-11.el4_6.11.3.x86_64.rpm
net-snmp-perl-5.1.2-11.el4_6.11.3.x86_64.rpm
net-snmp-utils-5.1.2-11.el4_6.11.3.x86_64.rpm

SL 5.x

 SRPMS:
net-snmp-5.3.1-24.el5_2.1.src.rpm
 i386:
net-snmp-5.3.1-24.el5_2.1.i386.rpm
net-snmp-devel-5.3.1-24.el5_2.1.i386.rpm
net-snmp-libs-5.3.1-24.el5_2.1.i386.rpm
net-snmp-perl-5.3.1-24.el5_2.1.i386.rpm
net-snmp-utils-5.3.1-24.el5_2.1.i386.rpm
 x86_64:
net-snmp-5.3.1-24.el5_2.1.x86_64.rpm
net-snmp-devel-5.3.1-24.el5_2.1.i386.rpm
net-snmp-devel-5.3.1-24.el5_2.1.x86_64.rpm
net-snmp-libs-5.3.1-24.el5_2.1.i386.rpm
net-snmp-libs-5.3.1-24.el5_2.1.x86_64.rpm
net-snmp-perl-5.3.1-24.el5_2.1.x86_64.rpm
net-snmp-utils-5.3.1-24.el5_2.1.x86_64.rpm

-Connie Sieh
-Troy Dawson