Red Hat Enterprise Linux WS (v. 3 for x86)

vixie-cron bug fix

Mon, 19 Nov 2007 00:00:00 -0500

RHBA-2007:1001

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times. Vixie
cron adds better security and more powerful configuration options to the
standard version of cron.

vixie-cron failed to acknowledge changes to symbolic links that pointed to
crontab files. In these updated packages symbolic links can be used for
cron jobs, even if the symbolic link is changed or deleted.

Users of vixie-cron are advised to upgrade to these updated packages, which
resolve this issue.
Bugzillas (bugzilla.redhat.com): 253391

Moderate: net-snmp security update

Thu, 15 Nov 2007 00:00:00 -0500

RHSA-2007:1045

Simple Network Management Protocol (SNMP) is a protocol used for network
management.

A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service. (CVE-2007-5846)

All users of net-snmp are advised to upgrade to these updated packages,
which contain a backported patch to resolve this issue.
CVEs (cve.mitre.org):CVE-2007-5846
Bugzillas (bugzilla.redhat.com): 363631

Moderate: util-linux security update

Thu, 15 Nov 2007 00:00:00 -0500

RHSA-2007:0969

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.

A flaw was discovered in the way that the mount and umount utilities
used the setuid and setgid functions, which could lead to privileges being
dropped improperly. A local user could use this flaw to run mount helper
applications such as, mount.nfs, with additional privileges (CVE-2007-5191).

Users are advised to update to these erratum packages which contain a
backported patch to correct this issue.
CVEs (cve.mitre.org):CVE-2007-5191
Bugzillas (bugzilla.redhat.com): 320041

Critical: samba security update

Thu, 15 Nov 2007 00:00:00 -0500

RHSA-2007:1013

Samba is a suite of programs used by machines to share files, printers, and
other information.

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash or execute
arbitrary code. (CVE-2007-5398)

A heap-based buffer overflow flaw was found in the way Samba authenticates
users. A remote unauthenticated user could trigger this flaw to cause the
Samba server to crash. Careful analysis of this flaw has determined that
arbitrary code execution is not possible, and under most circumstances will
not result in a crash of the Samba server. (CVE-2007-4572)

Red Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba
developers for responsibly disclosing these issues.

Users of Samba are advised to ugprade to these updated packages, which
contain backported patches to resolve these issues.
CVEs (cve.mitre.org):CVE-2007-4572 CVE-2007-5398
Bugzillas (bugzilla.redhat.com): 358831 294631

Important: xpdf security update

Wed, 07 Nov 2007 00:00:00 -0500

RHSA-2007:1030

Xpdf is an X Window System-based viewer for Portable Document Format (PDF)
files.

Alin Rad Pop discovered several flaws in the handling of PDF files. An
attacker could create a malicious PDF file that would cause Xpdf to crash,
or potentially execute arbitrary code when opened.
(CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)

A flaw was found in the t1lib library, used in the handling of Type 1
fonts. An attacker could create a malicious file that would cause Xpdf to
crash, or potentially execute arbitrary code when opened. (CVE-2007-4033)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.
CVEs (cve.mitre.org):CVE-2007-4033 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Bugzillas (bugzilla.redhat.com): 345111 345121 345101 352271

Important: tetex security update

Wed, 07 Nov 2007 00:00:00 -0500

RHSA-2007:1028

TeTeX is an implementation of TeX. TeX takes a text file and a set of
formatting commands as input, and creates a typesetter-independent DeVice
Independent (dvi) file as output.

Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker
could create a malicious PDF file that would cause TeTeX to crash, or
potentially execute arbitrary code when opened. (CVE-2007-5393)

Users are advised to upgrade to these updated packages, which contain
backported patches to resolve these issues.
CVEs (cve.mitre.org):CVE-2007-5393
Bugzillas (bugzilla.redhat.com): 345121

Important: cups security update

Wed, 07 Nov 2007 00:00:00 -0500

RHSA-2007:1023

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.

Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker
could create a malicious PDF file that would cause CUPS to crash or
potentially execute arbitrary code when printed. (CVE-2007-5393)

Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags.
A remote attacker who is able to connect to the IPP TCP port could send a
malicious request causing the CUPS daemon to crash. (CVE-2007-4351)

A flaw was found in the way CUPS handled SSL negotiation. A remote attacker
capable of connecting to the CUPS daemon could cause CUPS to crash.
(CVE-2007-4045)

All CUPS users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.
CVEs (cve.mitre.org):CVE-2007-4045 CVE-2007-4351 CVE-2007-5393
Bugzillas (bugzilla.redhat.com): 345121 250161 345091

Important: perl security update

Mon, 05 Nov 2007 00:00:00 -0500

RHSA-2007:0966

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)

Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing this issue.
CVEs (cve.mitre.org):CVE-2007-5116
Bugzillas (bugzilla.redhat.com): 323571

Moderate: libpng security update

Tue, 23 Oct 2007 00:00:00 -0500

RHSA-2007:0992

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

Several flaws were discovered in the way libpng handled various PNG image
chunks. An attacker could create a carefully crafted PNG image file in
such a way that it could cause an application linked with libpng to crash
when the file was manipulated. (CVE-2007-5269)

Users should update to these updated packages which contain a backported
patch to correct these issues.
CVEs (cve.mitre.org):CVE-2007-5269
Bugzillas (bugzilla.redhat.com): 324771