Red Hat 9038 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: w3c-libwww security and bug fix update
Advisory ID: RHSA-2007:0208-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0208.html
Issue date: 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3183
- ---------------------------------------------------------------------

1. Summary:

Updated w3c-libwww packages that fix a security issue and a bug are now
available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

w3c-libwww is a general-purpose web library.

Several buffer overflow flaws in w3c-libwww were found. If a client
application that uses w3c-libwww connected to a malicious HTTP server, it
could trigger an out of bounds memory access, causing the client
application to crash (CVE-2005-3183).

This updated version of w3c-libwww also fixes an issue when computing MD5
sums on a 64 bit machine.

Users of w3c-libwww should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

163664 - /usr/lib64/libmd5.so is broken.
169495 - CVE-2005-3183 Multiple bugs in libwww - one exploitable - in Library/src/HTBound.c

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

ia64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582 w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm

ppc:
e20415ead6919058b5e0792e7f038201 w3c-libwww-5.4.0-10.1.RHEL4.2.ppc.rpm
54e29e788248fba9c1a1b1a21468de37 w3c-libwww-5.4.0-10.1.RHEL4.2.ppc64.rpm
6718eb3dc7804724e7d2c48f1f29b66b w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ppc.rpm
38faec06014cb339e95f4b7c4cf602d3 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ppc.rpm
6d1b95e5446ee605df8c7d1e01625209 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ppc64.rpm
b4babec6d53b2d34db31be94e0dbfb26 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ppc.rpm

s390:
ba843212e12261ad439c9703a33f3ed6 w3c-libwww-5.4.0-10.1.RHEL4.2.s390.rpm
5e6d19c48b5a5ffae7048ccab6d68d06 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.s390.rpm
134fd18a7741d12ad813f572793b2088 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390.rpm
2a2f963f31a9920b4577e4ce7ab39e3c w3c-libwww-devel-5.4.0-10.1.RHEL4.2.s390.rpm

s390x:
ba843212e12261ad439c9703a33f3ed6 w3c-libwww-5.4.0-10.1.RHEL4.2.s390.rpm
ebd676d4cbc19756aabf06ba6537262c w3c-libwww-5.4.0-10.1.RHEL4.2.s390x.rpm
dc750df9eb1e58bb0887e4969e3d7a8d w3c-libwww-apps-5.4.0-10.1.RHEL4.2.s390x.rpm
134fd18a7741d12ad813f572793b2088 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390.rpm
1e03d6c927269840db1520a26cf2880c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390x.rpm
68054495a7e29a855f85b83bac370e57 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.s390x.rpm

x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

ia64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582 w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm

x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm
f5c93edc9bd1a7543d617a412a391ca2 w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

ia64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582 w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8 w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm

x86_64:
449772ace23168b1490fbd57ba093861 w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107 w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6 w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGN32iXlSAg2UNWIIRAraNAJ0W3mm7s+/hronXSb988l+qTtJrsQCdFR05
DmK+mbsb8eNas5F9M7yj0Ks=
=ajAM
-----END PGP SIGNATURE-----