The OVAL Repository5.32015-09-03T06:06:37.642-04:00RHSA-2008:0988 -- libxml2 security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3CentOS Linux 2libxml2Updated libxml2 packages that fix security issues are now available for
Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
libxml2 is a library for parsing and manipulating XML files. It includes
support for reading, modifying, and writing XML and HTML files.
An integer overflow flaw causing a heap-based buffer overflow was found in
the libxml2 XML parser. If an application linked against libxml2 processed
untrusted, malformed XML content, it could cause the application to crash
or, possibly, execute arbitrary code. (CVE-2008-4226)
A denial of service flaw was discovered in the libxml2 XML parser. If an
application linked against libxml2 processed untrusted, malformed XML
content, it could cause the application to enter an infinite loop.
(CVE-2008-4225)
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.
Users of libxml2 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0836 -- libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 2CentOS Linux 5libxml2Updated libxml2 packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The original fix used in this errata caused some applications using
the libxml2 library in an unexpected way to crash when used with updated
libxml2 packages. We have updated the packages for Red Hat Enterprise Linux
3, 4 and 5 to use a different fix that does not break affected
applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0946 -- ed security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 2CentOS Linux 5edAn updated ed package that fixes one security issue is now available for
Red Hat Enterprise Linux 2.1, 3, 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
ed is a line-oriented text editor, used to create, display, and modify
text files (both interactively and via shell scripts).
A heap-based buffer overflow was discovered in the way ed, the GNU line
editor, processed long file names. An attacker could create a file with a
specially-crafted name that could possibly execute an arbitrary code when
opened in the ed editor. (CVE-2008-3916)
Users of ed should upgrade to this updated package, which contains
a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0333 -- libpng security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 2libpnglibpng10Updated libpng and libpng10 packages that fix a couple of security issues
are now available for Red Hat Enterprise Linux 2.1, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was discovered in libpng that could result in libpng trying to
freerandom memory if certain, unlikely error conditions occurred. If a
carefully-crafted PNG file was loaded by an application linked against
libpng, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-0040)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0893 -- bzip2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5CentOS Linux 2bzip2Updated bzip2 packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Bzip2 is a freely available, high-quality data compressor. It provides both
stand-alone compression and decompression utilities, as well as a shared
library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to
crash when decompressing malformed archives. (CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain a
backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0020 -- bind security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 2CentOS Linux 3bindUpdated Bind packages to correct a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.
A flaw was discovered in the way BIND checked the return value of the
OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone
could present a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks. (CVE-2009-0025)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0341 -- curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 2curlUpdated curl packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols. cURL is designed to work
without user interaction or any kind of interactivity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0965 -- lynx security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 3CentOS Linux 2lynxAn updated lynx package that corrects two security issues is now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Lynx is a text-based Web browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0533 -- bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 2CentOS Linux 3bindselinux-policy-targetedselinux-policyUpdated bind packages that help mitigate DNS spoofing attacks are now
available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
We have updated the Enterprise Linux 5 packages in this advisory. The
default and sample caching-nameserver configuration files have been updated
so that they do not specify a fixed query-source port. Administrators
wishing to take advantage of randomized UDP source ports should check their
configuration file to ensure they have not specified fixed query-source ports.
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0004 -- openssl security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5CentOS Linux 2opensslopenssl095aopenssl096openssl096bopenssl097aUpdated OpenSSL packages that correct a security issue are now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength,
general purpose, cryptography library.
The Google security team discovered a flaw in the way OpenSSL checked the
verification of certificates. An attacker in control of a malicious server,
or able to effect a man in the middle attack, could present a malformed
SSL/TLS signature from a certificate chain to a vulnerable client and
bypass validation. (CVE-2008-5077)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 5.xCentOS Linux 5The operating system installed on the system is CentOS Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 4Red Hat Enterprise Linux 4The operating system installed on the system is Red Hat Enterprise Linux 4.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 3Red Hat Enterprise Linux 3The operating system installed on the system is Red Hat Enterprise Linux 3.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 5Red Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDlibxml2-devellibxml2libxml2-pythonedlibpng10-devellibpng10libpng-devellibpngbzip2-develbzip2bzip2-libscurl-develcurllynxselinux-policy-strictselinux-policy-targeted-sourcesbind-develcaching-nameserverselinux-policyselinux-policy-mlsbind-sdbbind-chrootselinux-policy-develbindbind-libbind-develselinux-policy-targetedbind-utilsbind-libscentos-releaseredhat-releaseopenssl096bopensslopenssl-perlopenssl-developenssl097a0:2.6.16-12.60:2.5.10-140:2.6.26-2.1.2.70:2.6.26-2.1.2.30:2.6.16-12.30:2.5.10-110:2.6.26-2.1.2.40:0.2-33.30E.10:0.2-36.el4_7.10:0.2-39.el5_22:1.0.16-3.el4_7.32:1.2.7-3.el4_7.22:1.2.10-7.1.el5_3.20:1.0.2-14.el4_70:1.0.3-4.el5_20:1.0.2-12.EL330:9.3.4-6.0.3.P1.el5_230:9.2.4-30.el4_7.130:9.2.4-23.el30:7.15.5-2.1.el5_3.40:7.12.1-11.1.el4_7.10:7.10.6-9.rhel30:2.8.5-28.1.el5_2.10:2.8.5-11.30:2.8.5-18.2.el4_7.10:2.4.6-137.1.el50:2.4.6-137.1.el5_230:9.3.4-6.0.1.P1.el5_230:9.3.4-6.0.2.P1.el5_20:1.17.30-2.150.el430:9.2.4-28.0.1.el430:9.2.4-22.el3^5.*$unix^4\D.+$^3\D.+$^5\D.+$0:0.9.6b-22.46.el4_70:0.9.6b-16.490:0.9.8b-10.el5_2.10:0.9.7a-43.17.el4_7.20:0.9.7a-33.250:0.9.7a-9.el5_2.1