Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisoryRed Hat Enterprise Linuxsoftware fixRed Hat: RHSA-2012:0388-01 Critical: Thunderbird Security Issues
An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2012:0388-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0388.html Issue date: 2012-03-14 CVE Names: CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 ==================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0461, CVE-2012-0462, CVE-2012-0464) Two flaws were found in the way Thunderbird parsed certain Scalable Vector Graphics (SVG)image files. An HTML mail message containing a malicious SVG image file could cause an information leak, or cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0456, CVE-2012-0457) A flaw could allow malicious content to bypass intended restrictions, possibly leading to a cross-site scripting (XSS) attack if a user were tricked into dropping a "javascript:" link onto a frame. (CVE-2012-0455) It was found that the home page could be set to a "javascript:" link. If a user were tricked into setting such a home page by dragging a link to the home button, it could cause Firefox to repeatedly crash, eventually leading to arbitrary code execution with the privileges of the user running Firefox. A similar flaw was found and fixed in Thunderbird. (CVE-2012-0458) A flaw was found in the way Thunderbird parsed certain, remote content containing "cssText". Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0459) It was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. Malicious content could exploit this API flaw to cause user interface spoofing. (CVE-2012-0460) A flaw was found in the way Thunderbird handled content with multiple Content Security Policy (CSP) headers. This could lead to a cross-site scripting attack if used in conjunction with a website that has a header injection flaw. (CVE-2012-0451) Note: All issues except CVE-2012-0456 and CVE-2012-0457 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.3 ESR, which corrects these issues. After installing the update,Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 803109 - CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19) 803111 - CVE-2012-0460 Mozilla: window.fullScreen writeable by untrusted content (MFSA 2012-18) 803112 - CVE-2012-0459 Mozilla: Crash when accessing keyframe cssText after dynamic modification (MFSA 2012-17) 803113 - CVE-2012-0458 Mozilla: Escalation of privilege with Javascript: URL as home page (MFSA 2012-16) 803114 - CVE-2012-0451 Mozilla: XSS with multiple Content Security Policy headers (MFSA 2012-15) 803116 - CVE-2012-0456 CVE-2012-0457 Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14) 803119 - CVE-2012-0455 Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: thunderbird-10.0.3-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.3-1.el5_8.i386.rpm x86_64: thunderbird-10.0.3-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.3-1.el5_8.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: i386: thunderbird-10.0.3-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.3-1.el5_8.i386.rpm x86_64: thunderbird-10.0.3-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.3-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: thunderbird-10.0.3-1.el6_2.i686.rpm thunderbird-debuginfo-10.0.3-1.el6_2.i686.rpm x86_64: thunderbird-10.0.3-1.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.3-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: thunderbird-10.0.3-1.el6_2.i686.rpm thunderbird-debuginfo-10.0.3-1.el6_2.i686.rpm ppc64: thunderbird-10.0.3-1.el6_2.ppc64.rpm thunderbird-debuginfo-10.0.3-1.el6_2.ppc64.rpm s390x: thunderbird-10.0.3-1.el6_2.s390x.rpm thunderbird-debuginfo-10.0.3-1.el6_2.s390x.rpm x86_64: thunderbird-10.0.3-1.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.3-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: thunderbird-10.0.3-1.el6_2.i686.rpm thunderbird-debuginfo-10.0.3-1.el6_2.i686.rpm x86_64: thunderbird-10.0.3-1.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.3-1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-0451 https://access.redhat.com/security/cve/CVE-2012-0455 https://access.redhat.com/security/cve/CVE-2012-0456 https://access.redhat.com/security/cve/CVE-2012-0457 https://access.redhat.com/security/cve/CVE-2012-0458 https://access.redhat.com/security/cve/CVE-2012-0459 https://access.redhat.com/security/cve/CVE-2012-0460 https://access.redhat.com/security/cve/CVE-2012-0461 https://access.redhat.com/security/cve/CVE-2012-0462 https://access.redhat.com/security/cve/CVE-2012-0464 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. . Vulnerabilities affecting Thunderbird have been addressed with a recent Red Hat patch for Enterprise Linux versions 5 and 6.. Red Hat Enterprise Linux, Thunderbird Patch, Security Update, Critical Advisory. . Severity: Critical. LinuxSecurity.com Team
Mar 14, 2012
•Critical
Red Hat
98
security advisoryRed Hatmoderate impactRed Hat Enterprise Linux HPLIP SNMP Threat: RHSA-2011:0154-01 Moderate
Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: hplip security update Advisory ID: RHSA-2011:0154-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0154.html Issue date: 2011-01-17 CVE Names: CVE-2010-4267 ==================================================================== 1. Summary: Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them.(CVE-2010-4267) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. Users of hplip should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 662740 - CVE-2010-4267 hplip: remote stack overflow vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: hpijs-1.6.7-6.el5_6.1.i386.rpm hplip-1.6.7-6.el5_6.1.i386.rpm hplip-debuginfo-1.6.7-6.el5_6.1.i386.rpm libsane-hpaio-1.6.7-6.el5_6.1.i386.rpm x86_64: hpijs-1.6.7-6.el5_6.1.x86_64.rpm hplip-1.6.7-6.el5_6.1.x86_64.rpm hplip-debuginfo-1.6.7-6.el5_6.1.x86_64.rpm libsane-hpaio-1.6.7-6.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: hpijs-1.6.7-6.el5_6.1.i386.rpm hplip-1.6.7-6.el5_6.1.i386.rpm hplip-debuginfo-1.6.7-6.el5_6.1.i386.rpm libsane-hpaio-1.6.7-6.el5_6.1.i386.rpm ia64: hpijs-1.6.7-6.el5_6.1.ia64.rpm hplip-1.6.7-6.el5_6.1.ia64.rpm hplip-debuginfo-1.6.7-6.el5_6.1.ia64.rpm libsane-hpaio-1.6.7-6.el5_6.1.ia64.rpm ppc: hpijs-1.6.7-6.el5_6.1.ppc.rpm hplip-1.6.7-6.el5_6.1.ppc.rpm hplip-debuginfo-1.6.7-6.el5_6.1.ppc.rpm libsane-hpaio-1.6.7-6.el5_6.1.ppc.rpm x86_64: hpijs-1.6.7-6.el5_6.1.x86_64.rpm hplip-1.6.7-6.el5_6.1.x86_64.rpm hplip-debuginfo-1.6.7-6.el5_6.1.x86_64.rpm libsane-hpaio-1.6.7-6.el5_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v.6): Source: i386: hpijs-3.9.8-33.el6_0.1.i686.rpm hplip-3.9.8-33.el6_0.1.i686.rpm hplip-common-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-gui-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm libsane-hpaio-3.9.8-33.el6_0.1.i686.rpm x86_64: hpijs-3.9.8-33.el6_0.1.x86_64.rpm hplip-3.9.8-33.el6_0.1.x86_64.rpm hplip-common-3.9.8-33.el6_0.1.x86_64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.x86_64.rpm hplip-gui-3.9.8-33.el6_0.1.x86_64.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.x86_64.rpm libsane-hpaio-3.9.8-33.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: hpijs-3.9.8-33.el6_0.1.i686.rpm hplip-3.9.8-33.el6_0.1.i686.rpm hplip-common-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-gui-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm libsane-hpaio-3.9.8-33.el6_0.1.i686.rpm ppc64: hpijs-3.9.8-33.el6_0.1.ppc64.rpm hplip-3.9.8-33.el6_0.1.ppc64.rpm hplip-common-3.9.8-33.el6_0.1.ppc64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.ppc.rpm hplip-debuginfo-3.9.8-33.el6_0.1.ppc64.rpm hplip-gui-3.9.8-33.el6_0.1.ppc64.rpm hplip-libs-3.9.8-33.el6_0.1.ppc.rpm hplip-libs-3.9.8-33.el6_0.1.ppc64.rpm libsane-hpaio-3.9.8-33.el6_0.1.ppc64.rpm x86_64: hpijs-3.9.8-33.el6_0.1.x86_64.rpm hplip-3.9.8-33.el6_0.1.x86_64.rpm hplip-common-3.9.8-33.el6_0.1.x86_64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.x86_64.rpm hplip-gui-3.9.8-33.el6_0.1.x86_64.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.x86_64.rpm libsane-hpaio-3.9.8-33.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: hpijs-3.9.8-33.el6_0.1.i686.rpm hplip-3.9.8-33.el6_0.1.i686.rpm hplip-common-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-gui-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm libsane-hpaio-3.9.8-33.el6_0.1.i686.rpm x86_64: hpijs-3.9.8-33.el6_0.1.x86_64.rpm hplip-3.9.8-33.el6_0.1.x86_64.rpm hplip-common-3.9.8-33.el6_0.1.x86_64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.x86_64.rpm hplip-gui-3.9.8-33.el6_0.1.x86_64.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.x86_64.rpm libsane-hpaio-3.9.8-33.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2010-4267 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNNI25XlSAg2UNWIIRAuWgAJ0ar/frzY7ndVZFepD31dWFNc2KJACfcx/1 pHJgcUHCjgN67MrHKbTFxV4=cfv1 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 17, 2011
Red Hat
98
security advisoryred hatsoftware patchRed Hat: RHSA-2009-1571-01 Critical: Java 1.5.0-Sun Update
Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-sun security update Advisory ID: RHSA-2009:1571-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2009:1571.html Issue date: 2009-11-10 CVE Names: CVE-2009-2409 CVE-2009-3728 CVE-2009-3873 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3881 CVE-2009-3882 CVE-2009-3883 CVE-2009-3884 ==================================================================== 1. Summary: Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the "Advance notification of Security Updates for Java SE" page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728,CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884) Note: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. The next update will remove the java-1.5.0-sun packages. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Extras and Supplementary channels on the Red Hat Network. For users of applications that are capable of using the Java 6 runtime, the OpenJDK open source JDK is included in Red Hat Enterprise Linux 5 (since 5.3) and is supported by Red Hat. Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) 530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) 530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 530098 - CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) 530173 - CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) 530175 - CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) 530296 - CVE-2009-3880 OpenJDK UI logging information leakage(6664512) 530297 - CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) 530300 - CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) 6. Package List: Red Hat Enterprise Linux AS version 4Extras: i386: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4Extras: i386: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el4.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.i586.rpm x86_64: java-1.5.0-sun-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4.x86_64.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.5.0-sun-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el5.i586.rpm x86_64: java-1.5.0-sun-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-sun-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el5.i586.rpm x86_64: java-1.5.0-sun-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el5.x86_64.rpm java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el5.i586.rpm java-1.5.0-sun-src-1.5.0.22-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://www.cve.org/CVERecord?id=CVE-2009-2409 https://www.cve.org/CVERecord?id=CVE-2009-3728 https://www.cve.org/CVERecord?id=CVE-2009-3873 https://www.cve.org/CVERecord?id=CVE-2009-3876 https://www.cve.org/CVERecord?id=CVE-2009-3877 https://www.cve.org/CVERecord?id=CVE-2009-3879 https://www.cve.org/CVERecord?id=CVE-2009-3880 https://www.cve.org/CVERecord?id=CVE-2009-3881 https://www.cve.org/CVERecord?id=CVE-2009-3882 https://www.cve.org/CVERecord?id=CVE-2009-3883 https://www.cve.org/CVERecord?id=CVE-2009-3884 https://access.redhat.com/security/updates/classification#critical https://blogs.oracle.com/failaction/404.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK+cR8XlSAg2UNWIIRApoTAKCnQ6tIgxuyFJeLljjeJJaG6uk8lwCgm4ND cfg1o8sZX4Sd2SzEwX9PNo8=sSsD -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 10, 2009
•Critical
Red Hat
98
security advisorysecurity issuecriticalRed Hat Enterprise Linux 5: RHSA-2009-0376-01 Critical Acroread Flaws
Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2009:0376-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2009:0376.html Issue date: 2009-03-25 CVE Names: CVE-2009-0193 CVE-2009-0658 CVE-2009-0928 CVE-2009-1061 CVE-2009-1062 ==================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple input validation flaws were discovered in the JBIG2 compressed images decoder used by Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or,potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2009-0193, CVE-2009-0658, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 486928 - CVE-2009-0658, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062 acroread: multiple JBIG2-related security flaws 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Desktop version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: acroread-8.1.4-1.i386.rpm acroread-plugin-8.1.4-1.i386.rpm x86_64: acroread-8.1.4-1.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4Extras: i386: acroread-8.1.4-1.el4.i386.rpm acroread-plugin-8.1.4-1.el4.i386.rpm x86_64: acroread-8.1.4-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm x86_64: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm x86_64: acroread-8.1.4-1.el5.i386.rpm acroread-plugin-8.1.4-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0193 https://www.cve.org/CVERecord?id=CVE-2009-0658 https://www.cve.org/CVERecord?id=CVE-2009-0928 https://www.cve.org/CVERecord?id=CVE-2009-1061 https://www.cve.org/CVERecord?id=CVE-2009-1062 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJyjmxXlSAg2UNWIIRAq+7AJ0W8Iy83bA208wBejuwqZt6mT9rGQCdE6uz WYCphKpaDBLJ5c6oR455cNg=GpRw -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 25, 2009
•Critical
Red Hat
98
security advisorycommand executionRed Hat Enterprise LinuxRed Hat Enterprise Linux: RHSA-2005:535-04 Moderate: Sudo Pathname Threat
An updated sudo package is available that fixes a race condition in sudo's pathname validation. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: sudo security update Advisory ID: RHSA-2005:535-04 Advisory URL: https://access.redhat.com/errata/RHSA-2005:535.html Issue date: 2005-06-29 Updated on: 2005-06-29 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-1993 - ---------------------------------------------------------------------1. Summary: An updated sudo package is available that fixes a race condition in sudo's pathname validation. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. A race condition bug was found in the way sudo handles pathnames. It is possible that a local user with limited sudo access could create a race condition that would allow the execution of arbitrary commands as theroot user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1993 to this issue. Users of sudo should update to this updated package, which contains a backported patch and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 161116 - CAN-2005-1993 sudo trusted user arbitrary command execution 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: db4e9debc37d376a713ca85ca13ebe78 sudo-1.6.5p2-1.7x.2.src.rpm i386: a3bcf0e30524dfa8128f0d640f8acf0f sudo-1.6.5p2-1.7x.2.i386.rpm ia64: d8f61c937dec4c6b059b44537af9004c sudo-1.6.5p2-1.7x.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: db4e9debc37d376a713ca85ca13ebe78 sudo-1.6.5p2-1.7x.2.src.rpm ia64: d8f61c937dec4c6b059b44537af9004c sudo-1.6.5p2-1.7x.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: db4e9debc37d376a713ca85ca13ebe78 sudo-1.6.5p2-1.7x.2.src.rpm i386: a3bcf0e30524dfa8128f0d640f8acf0f sudo-1.6.5p2-1.7x.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: db4e9debc37d376a713ca85ca13ebe78 sudo-1.6.5p2-1.7x.2.src.rpm i386: a3bcf0e30524dfa8128f0d640f8acf0f sudo-1.6.5p2-1.7x.2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: 670bef4d82a287e9535f7fccd4efdfd1 sudo-1.6.7p5-1.1.src.rpm i386: 23df531eed9ce711914e2f4d238d9322 sudo-1.6.7p5-1.1.i386.rpm ia64: 78171d924237063a1b77dc9a95977cb9 sudo-1.6.7p5-1.1.ia64.rpm ppc: f4e53a727bbd3fb4980985b6966370de sudo-1.6.7p5-1.1.ppc.rpm s390: 14a006ca6c3894523754879c622f0a94 sudo-1.6.7p5-1.1.s390.rpm s390x: a72c3ed1380f5d891cf86e6a3f0cdc70 sudo-1.6.7p5-1.1.s390x.rpm x86_64: a79750a35344a477b9bcf27ec01805b3 sudo-1.6.7p5-1.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: 670bef4d82a287e9535f7fccd4efdfd1 sudo-1.6.7p5-1.1.src.rpm i386: 23df531eed9ce711914e2f4d238d9322 sudo-1.6.7p5-1.1.i386.rpm x86_64: a79750a35344a477b9bcf27ec01805b3 sudo-1.6.7p5-1.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 670bef4d82a287e9535f7fccd4efdfd1 sudo-1.6.7p5-1.1.src.rpm i386: 23df531eed9ce711914e2f4d238d9322 sudo-1.6.7p5-1.1.i386.rpm ia64: 78171d924237063a1b77dc9a95977cb9 sudo-1.6.7p5-1.1.ia64.rpm x86_64: a79750a35344a477b9bcf27ec01805b3 sudo-1.6.7p5-1.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 670bef4d82a287e9535f7fccd4efdfd1 sudo-1.6.7p5-1.1.src.rpm i386: 23df531eed9ce711914e2f4d238d9322 sudo-1.6.7p5-1.1.i386.rpm ia64: 78171d924237063a1b77dc9a95977cb9 sudo-1.6.7p5-1.1.ia64.rpm x86_64: a79750a35344a477b9bcf27ec01805b3 sudo-1.6.7p5-1.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: 5e6b35806f71086e25c90c948e9de9eb sudo-1.6.7p5-30.1.1.src.rpm i386: 9d5d60175e6466e4932fe03b8024f46a sudo-1.6.7p5-30.1.1.i386.rpm ia64: 9662c228a8a6614234c9e322fa1b61a3 sudo-1.6.7p5-30.1.1.ia64.rpm ppc: a82f8e8cc9305999a9b1f72c7be8bf00 sudo-1.6.7p5-30.1.1.ppc.rpm s390: ea83b07cfad766d5c72721df2c73187c sudo-1.6.7p5-30.1.1.s390.rpm s390x: d84b151a5cc2047bbf4aacb79eeffdd9 sudo-1.6.7p5-30.1.1.s390x.rpm x86_64: 7f50e0aa42511cb9ac58146c1d365ef1 sudo-1.6.7p5-30.1.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 5e6b35806f71086e25c90c948e9de9eb sudo-1.6.7p5-30.1.1.src.rpm i386: 9d5d60175e6466e4932fe03b8024f46a sudo-1.6.7p5-30.1.1.i386.rpm x86_64: 7f50e0aa42511cb9ac58146c1d365ef1 sudo-1.6.7p5-30.1.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 5e6b35806f71086e25c90c948e9de9eb sudo-1.6.7p5-30.1.1.src.rpm i386: 9d5d60175e6466e4932fe03b8024f46a sudo-1.6.7p5-30.1.1.i386.rpm ia64: 9662c228a8a6614234c9e322fa1b61a3 sudo-1.6.7p5-30.1.1.ia64.rpm x86_64: 7f50e0aa42511cb9ac58146c1d365ef1 sudo-1.6.7p5-30.1.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 5e6b35806f71086e25c90c948e9de9eb sudo-1.6.7p5-30.1.1.src.rpm i386: 9d5d60175e6466e4932fe03b8024f46a sudo-1.6.7p5-30.1.1.i386.rpm ia64: 9662c228a8a6614234c9e322fa1b61a3 sudo-1.6.7p5-30.1.1.ia64.rpm x86_64: 7f50e0aa42511cb9ac58146c1d365ef1 sudo-1.6.7p5-30.1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-1993 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . The latest advisory from Red Hat outlines a moderate security patch for sudo that resolves a race condition related to path validation.. Red Hat,Sudo Update,Security Advisory,Package Update,Threat Management. . LinuxSecurity.com Team
Jun 29, 2005
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!