Red Hat 9042 Published by

Red Hat has published the following security advisories for Red Hat Enterprise Linux:

- [RHSA-2010:0757-01] Moderate: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2
- [RHSA-2010:0758-01] Important: kernel-rt security and bug fix update
- [RHSA-2010:0756-01] Moderate: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2
- [RHSA-2010:0755-01] Important: cups security update
- [RHSA-2010:0750-01] Important: xpdf security update
- [RHSA-2010:0753-01] Important: kdegraphics security update
- [RHSA-2010:0754-01] Important: cups security update
- [RHSA-2010:0752-01] Important: gpdf security update
- [RHSA-2010:0751-01] Important: xpdf security update
- [RHSA-2010:0749-01] Important: poppler security update



[RHSA-2010:0757-01] Moderate: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2
Advisory ID: RHSA-2010:0757-01
Product: Red Hat Enterprise MRG for RHEL-4
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3083 CVE-2010-3701
=====================================================================

1. Summary:

Updated Red Hat Enterprise MRG Messaging packages that fix two security
issues and several bugs are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat MRG Messaging Base for RHEL-4 AS - i386, x86_64
Red Hat MRG Messaging Base for RHEL-4 ES - i386, x86_64
Red Hat MRG Messaging for RHEL-4 AS - i386, x86_64
Red Hat MRG Messaging for RHEL-4 ES - i386, x86_64

3. Description:

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT
infrastructure for enterprise computing. MRG Messaging implements the
Advanced Message Queuing Protocol (AMQP) standard, adding persistence
options, kernel optimizations, and operating system services.

A flaw was found in the way SSL connections to the MRG Messaging broker
were handled. A connection (from a user or client application) to the
broker's SSL port would prevent the broker from responding to any other
connections on that port, until the first connection's SSL handshake
completed or failed. A remote user could use this flaw to block connections
from legitimate clients. Note that this issue only affected connections to
the SSL port. The broker does not listen for SSL connections by default.
(CVE-2010-3083)

A flaw was found in the way the MRG Messaging broker handled the receipt of
large persistent messages. If a remote, authenticated user sent a very
large persistent message, the broker could exhaust stack memory, causing
the broker to crash. (CVE-2010-3701)

This update also includes a number of MRG Messaging bug fixes, including
updated qpidc and rhm packages:

* The Messaging broker failed when first a new durable exchange was
supplied by a plug-in, and then the broker was restarted. The startup
sequence has been reordered so that the plug-in modules are loaded before
the store is recovered. With this update, the new exchange is now
recognized and recovered successfully and the broker starts up. (BZ#550151)

* qpid-route could not delete an existing route due to a problem with the
management object for the bridge. With this update, qpid-route follows the
normal path. (BZ#560696)

* Previously, clients connecting over SSL needed to use some other username
to authenticate themselves to have permission granted via ACLs. This update
adds the option to use the client identity as authenticated by SSL.
(BZ#601222)

* New brokers did not see a durable exchange even though it existed in a
cluster. This update checks for any durable exchanges to be replicated when
a new broker is added to the cluster. Now, the exchange is visible on the
new broker. (BZ#601230)

* Cluster members occasionally failed when a new member was added to a
cluster with active consumers, because some of the consumer information was
not being replicated to new members joining a cluster. With this update,
the missing information is replicated to new members when joining a
cluster. (BZ#601236)

* Performance decreased when reading messages from a queue sequentially
without taking them off the queue. With this update, the algorithm for
traversing through messages has been changed, and the next message is found
more quickly, even for large queues. (BZ#611907)

* Wire level protocol violation or segmentation faults occurred when adding
tags due to possible modification of the message concurrent with its
encoding. This update clones messages before adding tags to prevent
concurrent modification as they are being delivered and encoded.
(BZ#619919)

All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the qpidd service must be restarted ("service qpidd restart") for
this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

632657 - CVE-2010-3083 MRG: SSL connections to MRG broker can be blocked
639054 - Build 1.2.2 release for RHEL-4 errata
640006 - CVE-2010-3701 MRG: remote authenticated DoS in broker

6. Package List:

Red Hat MRG Messaging for RHEL-4 AS:

Source:



i386:
qmf-0.5.752581-42.el4.i386.rpm
qmf-devel-0.5.752581-42.el4.i386.rpm
qpidc-0.5.752581-42.el4.i386.rpm
qpidc-debuginfo-0.5.752581-42.el4.i386.rpm
qpidc-devel-0.5.752581-42.el4.i386.rpm
qpidc-perftest-0.5.752581-42.el4.i386.rpm
qpidc-ssl-0.5.752581-42.el4.i386.rpm
qpidd-0.5.752581-42.el4.i386.rpm
qpidd-acl-0.5.752581-42.el4.i386.rpm
qpidd-devel-0.5.752581-42.el4.i386.rpm
qpidd-ssl-0.5.752581-42.el4.i386.rpm
qpidd-xml-0.5.752581-42.el4.i386.rpm
rhm-0.5.3206-36.el4.i386.rpm
rhm-debuginfo-0.5.3206-36.el4.i386.rpm

x86_64:
qmf-0.5.752581-42.el4.x86_64.rpm
qmf-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-0.5.752581-42.el4.x86_64.rpm
qpidc-debuginfo-0.5.752581-42.el4.x86_64.rpm
qpidc-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-perftest-0.5.752581-42.el4.x86_64.rpm
qpidc-ssl-0.5.752581-42.el4.x86_64.rpm
qpidd-0.5.752581-42.el4.x86_64.rpm
qpidd-acl-0.5.752581-42.el4.x86_64.rpm
qpidd-devel-0.5.752581-42.el4.x86_64.rpm
qpidd-ssl-0.5.752581-42.el4.x86_64.rpm
qpidd-xml-0.5.752581-42.el4.x86_64.rpm
rhm-0.5.3206-36.el4.x86_64.rpm
rhm-debuginfo-0.5.3206-36.el4.x86_64.rpm

Red Hat MRG Messaging Base for RHEL-4 AS:

Source:


i386:
qmf-0.5.752581-42.el4.i386.rpm
qmf-devel-0.5.752581-42.el4.i386.rpm
qpidc-0.5.752581-42.el4.i386.rpm
qpidc-debuginfo-0.5.752581-42.el4.i386.rpm
qpidc-devel-0.5.752581-42.el4.i386.rpm
qpidc-ssl-0.5.752581-42.el4.i386.rpm
qpidd-0.5.752581-42.el4.i386.rpm
qpidd-devel-0.5.752581-42.el4.i386.rpm
qpidd-ssl-0.5.752581-42.el4.i386.rpm

x86_64:
qmf-0.5.752581-42.el4.x86_64.rpm
qmf-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-0.5.752581-42.el4.x86_64.rpm
qpidc-debuginfo-0.5.752581-42.el4.x86_64.rpm
qpidc-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-ssl-0.5.752581-42.el4.x86_64.rpm
qpidd-0.5.752581-42.el4.x86_64.rpm
qpidd-devel-0.5.752581-42.el4.x86_64.rpm
qpidd-ssl-0.5.752581-42.el4.x86_64.rpm

Red Hat MRG Messaging for RHEL-4 ES:

Source:



i386:
qmf-0.5.752581-42.el4.i386.rpm
qmf-devel-0.5.752581-42.el4.i386.rpm
qpidc-0.5.752581-42.el4.i386.rpm
qpidc-debuginfo-0.5.752581-42.el4.i386.rpm
qpidc-devel-0.5.752581-42.el4.i386.rpm
qpidc-perftest-0.5.752581-42.el4.i386.rpm
qpidc-ssl-0.5.752581-42.el4.i386.rpm
qpidd-0.5.752581-42.el4.i386.rpm
qpidd-acl-0.5.752581-42.el4.i386.rpm
qpidd-devel-0.5.752581-42.el4.i386.rpm
qpidd-ssl-0.5.752581-42.el4.i386.rpm
qpidd-xml-0.5.752581-42.el4.i386.rpm
rhm-0.5.3206-36.el4.i386.rpm
rhm-debuginfo-0.5.3206-36.el4.i386.rpm

x86_64:
qmf-0.5.752581-42.el4.x86_64.rpm
qmf-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-0.5.752581-42.el4.x86_64.rpm
qpidc-debuginfo-0.5.752581-42.el4.x86_64.rpm
qpidc-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-perftest-0.5.752581-42.el4.x86_64.rpm
qpidc-ssl-0.5.752581-42.el4.x86_64.rpm
qpidd-0.5.752581-42.el4.x86_64.rpm
qpidd-acl-0.5.752581-42.el4.x86_64.rpm
qpidd-devel-0.5.752581-42.el4.x86_64.rpm
qpidd-ssl-0.5.752581-42.el4.x86_64.rpm
qpidd-xml-0.5.752581-42.el4.x86_64.rpm
rhm-0.5.3206-36.el4.x86_64.rpm
rhm-debuginfo-0.5.3206-36.el4.x86_64.rpm

Red Hat MRG Messaging Base for RHEL-4 ES:

Source:


i386:
qmf-0.5.752581-42.el4.i386.rpm
qmf-devel-0.5.752581-42.el4.i386.rpm
qpidc-0.5.752581-42.el4.i386.rpm
qpidc-debuginfo-0.5.752581-42.el4.i386.rpm
qpidc-devel-0.5.752581-42.el4.i386.rpm
qpidc-ssl-0.5.752581-42.el4.i386.rpm
qpidd-0.5.752581-42.el4.i386.rpm
qpidd-devel-0.5.752581-42.el4.i386.rpm
qpidd-ssl-0.5.752581-42.el4.i386.rpm

x86_64:
qmf-0.5.752581-42.el4.x86_64.rpm
qmf-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-0.5.752581-42.el4.x86_64.rpm
qpidc-debuginfo-0.5.752581-42.el4.x86_64.rpm
qpidc-devel-0.5.752581-42.el4.x86_64.rpm
qpidc-ssl-0.5.752581-42.el4.x86_64.rpm
qpidd-0.5.752581-42.el4.x86_64.rpm
qpidd-devel-0.5.752581-42.el4.x86_64.rpm
qpidd-ssl-0.5.752581-42.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3083
redhat.com | CVE-2010-3701
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0758-01] Important: kernel-rt security and bug fix update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2010:0758-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3067 CVE-2010-3081
=====================================================================

1. Summary:

Updated kernel-rt packages that fix two security issues and three bugs are
now available for Red Hat Enterprise MRG 1.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* The compat_alloc_user_space() function in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity checks. This function
could be abused in other areas of the Linux kernel if its length argument
can be controlled from user-space. On 64-bit systems, a local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2010-3081,
Important)

* A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)

Red Hat would like to thank Ben Hawkes for reporting CVE-2010-3081, and
Tavis Ormandy for reporting CVE-2010-3067.

This update also fixes the following bugs:

* The RHSA-2010:0631 kernel-rt update resolved an issue (CVE-2010-2240)
where, when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring. This update implements the official upstream fixes for that
issue. Note: This is not a security regression. The original fix was
complete. (BZ#624604)

* In certain circumstances, under heavy load, certain network interface
cards using the bnx2 driver, and configured to use MSI-X, could stop
processing interrupts and then network connectivity would cease.
(BZ#622952)

* This update upgrades the tg3 driver to version 3.110. (BZ#640334)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be rebooted for
this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

624604 - Backport official CVE-2010-2240 fixes
629441 - CVE-2010-3067 kernel: do_io_submit() infoleak
634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
640334 - update MRG 1.2 tg3 driver to latest upstream driver

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:


i386:
kernel-rt-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-169.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-169.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-169.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3067
redhat.com | CVE-2010-3081
redhat.com | Severity Ratings
access.redhat.com | Red Hat Knowledgebase: Does CVE-2010-3081 affect Red Hat Enterprise Linux?

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0756-01] Moderate: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2
Advisory ID: RHSA-2010:0756-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3083 CVE-2010-3701
=====================================================================

1. Summary:

Updated Red Hat Enterprise MRG Messaging packages that fix two security
issues and several bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat MRG Messaging Base for RHEL 5 Server - i386, x86_64
Red Hat MRG Messaging for RHEL 5 Server - i386, x86_64

3. Description:

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT
infrastructure for enterprise computing. MRG Messaging implements the
Advanced Message Queuing Protocol (AMQP) standard, adding persistence
options, kernel optimizations, and operating system services.

A flaw was found in the way SSL connections to the MRG Messaging broker
were handled. A connection (from a user or client application) to the
broker's SSL port would prevent the broker from responding to any other
connections on that port, until the first connection's SSL handshake
completed or failed. A remote user could use this flaw to block connections
from legitimate clients. Note that this issue only affected connections to
the SSL port. The broker does not listen for SSL connections by default.
(CVE-2010-3083)

A flaw was found in the way the MRG Messaging broker handled the receipt of
large persistent messages. If a remote, authenticated user sent a very
large persistent message, the broker could exhaust stack memory, causing
the broker to crash. (CVE-2010-3701)

This update also includes a number of MRG Messaging bug fixes, including
updated qpidc and rhm packages:

* The Messaging broker failed when first a new durable exchange was
supplied by a plug-in, and then the broker was restarted. The startup
sequence has been reordered so that the plug-in modules are loaded before
the store is recovered. With this update, the new exchange is now
recognized and recovered successfully and the broker starts up. (BZ#550151)

* qpid-route could not delete an existing route due to a problem with the
management object for the bridge. With this update, qpid-route follows the
normal path. (BZ#560696)

* Previously, clients connecting over SSL needed to use some other username
to authenticate themselves to have permission granted via ACLs. This update
adds the option to use the client identity as authenticated by SSL.
(BZ#601222)

* New brokers did not see a durable exchange even though it existed in a
cluster. This update checks for any durable exchanges to be replicated when
a new broker is added to the cluster. Now, the exchange is visible on the
new broker. (BZ#601230)

* Cluster members occasionally failed when a new member was added to a
cluster with active consumers, because some of the consumer information was
not being replicated to new members joining a cluster. With this update,
the missing information is replicated to new members when joining a
cluster. (BZ#601236)

* Performance decreased when reading messages from a queue sequentially
without taking them off the queue. With this update, the algorithm for
traversing through messages has been changed, and the next message is found
more quickly, even for large queues. (BZ#611907)

* Wire level protocol violation or segmentation faults occurred when adding
tags due to possible modification of the message concurrent with its
encoding. This update clones messages before adding tags to prevent
concurrent modification as they are being delivered and encoded.
(BZ#619919)

All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the qpidd service must be restarted ("service qpidd restart") for
this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

550151 - If an XML exchange is declared durable, the broker crashes on recovery
560696 - qpid-route route del - fails
601222 - Feature Request: support for SASL EXTERNAL with TLS/SSL
601230 - clustered qpid: durable exchange state not replicated to broker joining cluster
601236 - Persistent cluster problems after reboot -f
611907 - Browse mode performance in a queue degrades as queue gets larger
619919 - Concurrent tagging of message with trace id while message is delivered from another queue causes segfault
632657 - CVE-2010-3083 MRG: SSL connections to MRG broker can be blocked
634014 - Large persistent messages cause seg fault
640006 - CVE-2010-3701 MRG: remote authenticated DoS in broker

6. Package List:

Red Hat MRG Messaging for RHEL 5 Server:

Source:



i386:
qmf-0.5.752581-42.el5.i386.rpm
qmf-devel-0.5.752581-42.el5.i386.rpm
qpidc-0.5.752581-42.el5.i386.rpm
qpidc-debuginfo-0.5.752581-42.el5.i386.rpm
qpidc-devel-0.5.752581-42.el5.i386.rpm
qpidc-perftest-0.5.752581-42.el5.i386.rpm
qpidc-rdma-0.5.752581-42.el5.i386.rpm
qpidc-ssl-0.5.752581-42.el5.i386.rpm
qpidd-0.5.752581-42.el5.i386.rpm
qpidd-acl-0.5.752581-42.el5.i386.rpm
qpidd-cluster-0.5.752581-42.el5.i386.rpm
qpidd-devel-0.5.752581-42.el5.i386.rpm
qpidd-rdma-0.5.752581-42.el5.i386.rpm
qpidd-ssl-0.5.752581-42.el5.i386.rpm
qpidd-xml-0.5.752581-42.el5.i386.rpm
rhm-0.5.3206-36.el5.i386.rpm
rhm-debuginfo-0.5.3206-36.el5.i386.rpm

x86_64:
qmf-0.5.752581-42.el5.x86_64.rpm
qmf-devel-0.5.752581-42.el5.x86_64.rpm
qpidc-0.5.752581-42.el5.x86_64.rpm
qpidc-debuginfo-0.5.752581-42.el5.x86_64.rpm
qpidc-devel-0.5.752581-42.el5.x86_64.rpm
qpidc-perftest-0.5.752581-42.el5.x86_64.rpm
qpidc-rdma-0.5.752581-42.el5.x86_64.rpm
qpidc-ssl-0.5.752581-42.el5.x86_64.rpm
qpidd-0.5.752581-42.el5.x86_64.rpm
qpidd-acl-0.5.752581-42.el5.x86_64.rpm
qpidd-cluster-0.5.752581-42.el5.x86_64.rpm
qpidd-devel-0.5.752581-42.el5.x86_64.rpm
qpidd-rdma-0.5.752581-42.el5.x86_64.rpm
qpidd-ssl-0.5.752581-42.el5.x86_64.rpm
qpidd-xml-0.5.752581-42.el5.x86_64.rpm
rhm-0.5.3206-36.el5.x86_64.rpm
rhm-debuginfo-0.5.3206-36.el5.x86_64.rpm

Red Hat MRG Messaging Base for RHEL 5 Server:

Source:


i386:
qmf-0.5.752581-42.el5.i386.rpm
qmf-devel-0.5.752581-42.el5.i386.rpm
qpidc-0.5.752581-42.el5.i386.rpm
qpidc-debuginfo-0.5.752581-42.el5.i386.rpm
qpidc-devel-0.5.752581-42.el5.i386.rpm
qpidc-ssl-0.5.752581-42.el5.i386.rpm
qpidd-0.5.752581-42.el5.i386.rpm
qpidd-devel-0.5.752581-42.el5.i386.rpm
qpidd-ssl-0.5.752581-42.el5.i386.rpm

x86_64:
qmf-0.5.752581-42.el5.x86_64.rpm
qmf-devel-0.5.752581-42.el5.x86_64.rpm
qpidc-0.5.752581-42.el5.x86_64.rpm
qpidc-debuginfo-0.5.752581-42.el5.x86_64.rpm
qpidc-devel-0.5.752581-42.el5.x86_64.rpm
qpidc-ssl-0.5.752581-42.el5.x86_64.rpm
qpidd-0.5.752581-42.el5.x86_64.rpm
qpidd-devel-0.5.752581-42.el5.x86_64.rpm
qpidd-ssl-0.5.752581-42.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3083
redhat.com | CVE-2010-3701
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0755-01] Important: cups security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: cups security update
Advisory ID: RHSA-2010:0755-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2009-3609 CVE-2010-3702
=====================================================================

1. Summary:

Updated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX operating systems. The CUPS "pdftops" filter converts Portable
Document Format (PDF) files to PostScript.

Multiple flaws were discovered in the CUPS "pdftops" filter. An attacker
could create a malicious PDF file that, when printed, would cause "pdftops"
to crash or, potentially, execute arbitrary code as the "lp" user.
(CVE-2010-3702, CVE-2009-3609)

Users of cups are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the cupsd daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

526893 - CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow
595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:


i386:
cups-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm

ia64:
cups-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm

ppc:
cups-1.1.22-0.rc1.9.32.el4_8.10.ppc.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.ppc.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.ppc64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.ppc.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.ppc.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.ppc64.rpm

s390:
cups-1.1.22-0.rc1.9.32.el4_8.10.s390.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.s390.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.s390.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.s390.rpm

s390x:
cups-1.1.22-0.rc1.9.32.el4_8.10.s390x.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.s390.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.s390x.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.s390x.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.s390.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.s390x.rpm

x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:


i386:
cups-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm

x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:


i386:
cups-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm

ia64:
cups-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm

x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:


i386:
cups-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm

ia64:
cups-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.ia64.rpm

x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-debuginfo-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2009-3609
redhat.com | CVE-2010-3702
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0750-01] Important: xpdf security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: xpdf security update
Advisory ID: RHSA-2010:0750-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3702
=====================================================================

1. Summary:

An updated xpdf package that fixes one security issue is now available for
Red Hat Enterprise Linux 3.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

Xpdf is an X Window System based viewer for Portable Document Format (PDF)
files.

An uninitialized pointer use flaw was discovered in Xpdf. An attacker could
create a malicious PDF file that, when opened, would cause Xpdf to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

Users are advised to upgrade to this updated package, which contains a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:


i386:
xpdf-2.02-19.el3.i386.rpm
xpdf-debuginfo-2.02-19.el3.i386.rpm

ia64:
xpdf-2.02-19.el3.ia64.rpm
xpdf-debuginfo-2.02-19.el3.ia64.rpm

ppc:
xpdf-2.02-19.el3.ppc.rpm
xpdf-debuginfo-2.02-19.el3.ppc.rpm

s390:
xpdf-2.02-19.el3.s390.rpm
xpdf-debuginfo-2.02-19.el3.s390.rpm

s390x:
xpdf-2.02-19.el3.s390x.rpm
xpdf-debuginfo-2.02-19.el3.s390x.rpm

x86_64:
xpdf-2.02-19.el3.x86_64.rpm
xpdf-debuginfo-2.02-19.el3.x86_64.rpm

Red Hat Desktop version 3:

Source:


i386:
xpdf-2.02-19.el3.i386.rpm
xpdf-debuginfo-2.02-19.el3.i386.rpm

x86_64:
xpdf-2.02-19.el3.x86_64.rpm
xpdf-debuginfo-2.02-19.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:


i386:
xpdf-2.02-19.el3.i386.rpm
xpdf-debuginfo-2.02-19.el3.i386.rpm

ia64:
xpdf-2.02-19.el3.ia64.rpm
xpdf-debuginfo-2.02-19.el3.ia64.rpm

x86_64:
xpdf-2.02-19.el3.x86_64.rpm
xpdf-debuginfo-2.02-19.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:


i386:
xpdf-2.02-19.el3.i386.rpm
xpdf-debuginfo-2.02-19.el3.i386.rpm

ia64:
xpdf-2.02-19.el3.ia64.rpm
xpdf-debuginfo-2.02-19.el3.ia64.rpm

x86_64:
xpdf-2.02-19.el3.x86_64.rpm
xpdf-debuginfo-2.02-19.el3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3702
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0753-01] Important: kdegraphics security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: kdegraphics security update
Advisory ID: RHSA-2010:0753-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3702 CVE-2010-3704
=====================================================================

1. Summary:

Updated kdegraphics packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The kdegraphics packages contain applications for the K Desktop
Environment, including KPDF, a viewer for Portable Document Format (PDF)
files.

An uninitialized pointer use flaw was discovered in KPDF. An attacker could
create a malicious PDF file that, when opened, would cause KPDF to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way KPDF parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause KPDF to crash or, potentially, execute
arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:


i386:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm

ia64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.ia64.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm

ppc:
kdegraphics-3.3.1-18.el4_8.1.ppc.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.ppc.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.ppc.rpm

s390:
kdegraphics-3.3.1-18.el4_8.1.s390.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.s390.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.s390.rpm

s390x:
kdegraphics-3.3.1-18.el4_8.1.s390x.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.s390x.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.s390x.rpm

x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:


i386:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm

x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:


i386:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm

ia64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.ia64.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm

x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:


i386:
kdegraphics-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm

ia64:
kdegraphics-3.3.1-18.el4_8.1.ia64.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.ia64.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm

x86_64:
kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm
kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:


i386:
kdegraphics-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm

x86_64:
kdegraphics-3.5.4-17.el5_5.1.x86_64.rpm
kdegraphics-debuginfo-3.5.4-17.el5_5.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:


i386:
kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm

x86_64:
kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-debuginfo-3.5.4-17.el5_5.1.x86_64.rpm
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-devel-3.5.4-17.el5_5.1.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server):

Source:


i386:
kdegraphics-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm

x86_64:
kdegraphics-3.5.4-17.el5_5.1.x86_64.rpm
kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-debuginfo-3.5.4-17.el5_5.1.x86_64.rpm
kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm
kdegraphics-devel-3.5.4-17.el5_5.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3702
redhat.com | CVE-2010-3704
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0754-01] Important: cups security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: cups security update
Advisory ID: RHSA-2010:0754-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3702
=====================================================================

1. Summary:

Updated cups packages that fix one security issue are now available for Red
Hat Enterprise Linux 3.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX operating systems. The CUPS "pdftops" filter converts Portable
Document Format (PDF) files to PostScript.

An uninitialized pointer use flaw was discovered in the CUPS "pdftops"
filter. An attacker could create a malicious PDF file that, when printed,
would cause "pdftops" to crash or, potentially, execute arbitrary code as
the "lp" user. (CVE-2010-3702)

Users of cups are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the cupsd daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:


i386:
cups-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-devel-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.i386.rpm

ia64:
cups-1.1.17-13.3.70.ia64.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.ia64.rpm
cups-devel-1.1.17-13.3.70.ia64.rpm
cups-libs-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.ia64.rpm

ppc:
cups-1.1.17-13.3.70.ppc.rpm
cups-debuginfo-1.1.17-13.3.70.ppc.rpm
cups-debuginfo-1.1.17-13.3.70.ppc64.rpm
cups-devel-1.1.17-13.3.70.ppc.rpm
cups-libs-1.1.17-13.3.70.ppc.rpm
cups-libs-1.1.17-13.3.70.ppc64.rpm

s390:
cups-1.1.17-13.3.70.s390.rpm
cups-debuginfo-1.1.17-13.3.70.s390.rpm
cups-devel-1.1.17-13.3.70.s390.rpm
cups-libs-1.1.17-13.3.70.s390.rpm

s390x:
cups-1.1.17-13.3.70.s390x.rpm
cups-debuginfo-1.1.17-13.3.70.s390.rpm
cups-debuginfo-1.1.17-13.3.70.s390x.rpm
cups-devel-1.1.17-13.3.70.s390x.rpm
cups-libs-1.1.17-13.3.70.s390.rpm
cups-libs-1.1.17-13.3.70.s390x.rpm

x86_64:
cups-1.1.17-13.3.70.x86_64.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.x86_64.rpm
cups-devel-1.1.17-13.3.70.x86_64.rpm
cups-libs-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.x86_64.rpm

Red Hat Desktop version 3:

Source:


i386:
cups-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-devel-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.i386.rpm

x86_64:
cups-1.1.17-13.3.70.x86_64.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.x86_64.rpm
cups-devel-1.1.17-13.3.70.x86_64.rpm
cups-libs-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:


i386:
cups-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-devel-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.i386.rpm

ia64:
cups-1.1.17-13.3.70.ia64.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.ia64.rpm
cups-devel-1.1.17-13.3.70.ia64.rpm
cups-libs-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.ia64.rpm

x86_64:
cups-1.1.17-13.3.70.x86_64.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.x86_64.rpm
cups-devel-1.1.17-13.3.70.x86_64.rpm
cups-libs-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:


i386:
cups-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-devel-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.i386.rpm

ia64:
cups-1.1.17-13.3.70.ia64.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.ia64.rpm
cups-devel-1.1.17-13.3.70.ia64.rpm
cups-libs-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.ia64.rpm

x86_64:
cups-1.1.17-13.3.70.x86_64.rpm
cups-debuginfo-1.1.17-13.3.70.i386.rpm
cups-debuginfo-1.1.17-13.3.70.x86_64.rpm
cups-devel-1.1.17-13.3.70.x86_64.rpm
cups-libs-1.1.17-13.3.70.i386.rpm
cups-libs-1.1.17-13.3.70.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3702
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0752-01] Important: gpdf security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: gpdf security update
Advisory ID: RHSA-2010:0752-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3702 CVE-2010-3704
=====================================================================

1. Summary:

An updated gpdf package that fixes two security issues is now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

GPdf is a viewer for Portable Document Format (PDF) files.

An uninitialized pointer use flaw was discovered in GPdf. An attacker could
create a malicious PDF file that, when opened, would cause GPdf to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way GPdf parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause GPdf to crash or, potentially, execute
arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to this updated package, which contains
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:


i386:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm

ia64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm

ppc:
gpdf-2.8.2-7.7.2.el4_8.7.ppc.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ppc.rpm

s390:
gpdf-2.8.2-7.7.2.el4_8.7.s390.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390.rpm

s390x:
gpdf-2.8.2-7.7.2.el4_8.7.s390x.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.s390x.rpm

x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:


i386:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm

x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:


i386:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm

ia64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm

x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:


i386:
gpdf-2.8.2-7.7.2.el4_8.7.i386.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.i386.rpm

ia64:
gpdf-2.8.2-7.7.2.el4_8.7.ia64.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.ia64.rpm

x86_64:
gpdf-2.8.2-7.7.2.el4_8.7.x86_64.rpm
gpdf-debuginfo-2.8.2-7.7.2.el4_8.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3702
redhat.com | CVE-2010-3704
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMre79XlSAg2UNWIIRArGmAJ0QrURm6TD2+aziUDDX3NExJPKSPACfY4NQ
AcyqjJqWLSIzdunOYKIkbaI=
=3R27
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
redhat.com | Red Hat, Inc.


[RHSA-2010:0751-01] Important: xpdf security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: xpdf security update
Advisory ID: RHSA-2010:0751-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3702 CVE-2010-3704
=====================================================================

1. Summary:

An updated xpdf package that fixes two security issues is now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Xpdf is an X Window System based viewer for Portable Document Format (PDF)
files.

An uninitialized pointer use flaw was discovered in Xpdf. An attacker could
create a malicious PDF file that, when opened, would cause Xpdf to crash
or, potentially, execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way Xpdf parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause Xpdf to crash or, potentially, execute
arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to this updated package, which contains
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference
638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:


i386:
xpdf-3.00-24.el4_8.1.i386.rpm
xpdf-debuginfo-3.00-24.el4_8.1.i386.rpm

ia64:
xpdf-3.00-24.el4_8.1.ia64.rpm
xpdf-debuginfo-3.00-24.el4_8.1.ia64.rpm

ppc:
xpdf-3.00-24.el4_8.1.ppc.rpm
xpdf-debuginfo-3.00-24.el4_8.1.ppc.rpm

s390:
xpdf-3.00-24.el4_8.1.s390.rpm
xpdf-debuginfo-3.00-24.el4_8.1.s390.rpm

s390x:
xpdf-3.00-24.el4_8.1.s390x.rpm
xpdf-debuginfo-3.00-24.el4_8.1.s390x.rpm

x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm
xpdf-debuginfo-3.00-24.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:


i386:
xpdf-3.00-24.el4_8.1.i386.rpm
xpdf-debuginfo-3.00-24.el4_8.1.i386.rpm

x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm
xpdf-debuginfo-3.00-24.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:


i386:
xpdf-3.00-24.el4_8.1.i386.rpm
xpdf-debuginfo-3.00-24.el4_8.1.i386.rpm

ia64:
xpdf-3.00-24.el4_8.1.ia64.rpm
xpdf-debuginfo-3.00-24.el4_8.1.ia64.rpm

x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm
xpdf-debuginfo-3.00-24.el4_8.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:


i386:
xpdf-3.00-24.el4_8.1.i386.rpm
xpdf-debuginfo-3.00-24.el4_8.1.i386.rpm

ia64:
xpdf-3.00-24.el4_8.1.ia64.rpm
xpdf-debuginfo-3.00-24.el4_8.1.ia64.rpm

x86_64:
xpdf-3.00-24.el4_8.1.x86_64.rpm
xpdf-debuginfo-3.00-24.el4_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
redhat.com | GPG Keys

7. References:

redhat.com | CVE-2010-3702
redhat.com | CVE-2010-3704
redhat.com | Severity Ratings

8. Contact:

The Red Hat security contact is . More contact
details at redhat.com | Contact Security Response Team

Copyright 2010 Red Hat, Inc.
[RHSA-2010:0749-01] Important: poppler security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: poppler security update
Advisory ID: RHSA-2010:0749-01
Product: Red Hat Enterprise Linux
Advisory URL: rhn.redhat.com | Red Hat Support
Issue date: 2010-10-07
CVE Names: CVE-2010-3702 CVE-2010-3704
=====================================================================

1. Summary:

Updated poppler packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.

An uninitialized pointer use flaw was discovered in poppler. An attacker
could create a malicious PDF file that, when opened, would cause
applications that use poppler (such as Evince) to crash or, potentially,
execute arbitrary code. (CVE-2010-3702)

An array index error was found in the way poppler parsed PostScript Type 1
fonts embedded in PDF documents. An attacker could create a malicious PDF
file that, when opened, would cause applications that use poppler (such as
Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259