The OVAL Repository5.82015-09-03T09:53:35.590-04:00RHSA-2009:1095 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,
CVE-2009-1841)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0411 -- device-mapper-multipath security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5device-mapper-multipathUpdated device-mapper-multipath packages that fix a security issue are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The device-mapper multipath packages provide tools to manage multipath
devices by issuing instructions to the device-mapper multipath kernel
module, and by managing the creation and removal of partitions for
device-mapper devices.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0315 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerAn updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774,
CVE-2009-0775)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0457 -- libwmf security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5libwmfUpdated libwmf packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libwmf is a library for reading and converting Windows Metafile Format
(WMF) vector graphics. libwmf is used by applications such as GIMP and
ImageMagick.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1427 -- fetchmail security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5fetchmailAn updated fetchmail package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0010 -- squirrelmail security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5squirrelmailAn updated squirrelmail package that resolves various security issues is
now available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
SquirrelMail is an easy-to-configure, standards-based, webmail package
written in PHP. It includes built-in PHP support for the IMAP and SMTP
protocols, and pure HTML 4.0 page-rendering (with no JavaScript required)
for maximum browser-compatibility, strong MIME support, address books, and
folder manipulation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0344 -- libsoup security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4evolution28-libsouplibsoupUpdated libsoup and evolution28-libsoup packages that fix a security issue
are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libsoup is an HTTP client/library implementation for GNOME written in C. It
was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0261 -- vnc security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3vncUpdated vnc packages to correct a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1601 -- kdelibs security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5kdelibsUpdated kdelibs packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
The kdelibs packages provide libraries for the K Desktop Environment (KDE).
A buffer overflow flaw was found in the kdelibs string to floating point
conversion routines. A web page containing malicious JavaScript could crash
Konqueror or, potentially, execute arbitrary code with the privileges of the
user running Konqueror. (CVE-2009-0689)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1625 -- expat security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5expatUpdated expat packages that fix two security issues are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Expat is a C library written by James Clark for parsing XML documents.
Two buffer over-read flaws were found in the way Expat handled malformed
UTF-8 sequences when processing XML files. A specially-crafted XML file
could cause applications using Expat to crash while parsing the file.
(CVE-2009-3560, CVE-2009-3720)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1674 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1066 -- squirrelmail security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5squirrelmailAn updated squirrelmail package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
SquirrelMail is a standards-based webmail package written in PHP.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1430 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnsprxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. nspr provides the Netscape
Portable Runtime (NSPR).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1428 -- xmlsec1 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5xmlsec1Updated xmlsec1 packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The XML Security Library is a C library based on libxml2 and OpenSSL. It
implements the XML Signature Syntax and Processing and XML Encryption
Syntax and Processing standards. HMAC is used for message authentication
using cryptographic hash functions. The HMAC algorithm allows the hash
output to be truncated (as documented in RFC 2104).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0988 -- libxml2 security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3CentOS Linux 2libxml2Updated libxml2 packages that fix security issues are now available for
Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
libxml2 is a library for parsing and manipulating XML files. It includes
support for reading, modifying, and writing XML and HTML files.
An integer overflow flaw causing a heap-based buffer overflow was found in
the libxml2 XML parser. If an application linked against libxml2 processed
untrusted, malformed XML content, it could cause the application to crash
or, possibly, execute arbitrary code. (CVE-2008-4226)
A denial of service flaw was discovered in the libxml2 XML parser. If an
application linked against libxml2 processed untrusted, malformed XML
content, it could cause the application to enter an infinite loop.
(CVE-2008-4225)
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.
Users of libxml2 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1127 -- kdelibs security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5kdelibsUpdated kdelibs packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
The kdelibs packages provide libraries for the K Desktop Environment (KDE).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1107 -- apr-util security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5apr-utilUpdated apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
apr-util is a utility library used with the Apache Portable Runtime (APR).
It aims to provide a free library of C data structures and routines. This
library contains additional utility interfaces for APR; including support
for XML, LDAP, database interfaces, URI parsing, and more.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0967 -- httpd security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3httpdUpdated httpd packages that resolve several security issues and fix a bug
are now available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A flaw was found in the mod_proxy Apache module. An attacker in control of
a Web server to which requests were being proxied could have caused a
limited denial of service due to CPU consumption and stack exhaustion.
(CVE-2008-2364)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1646 -- libtool security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libtoolUpdated libtool packages that fix one security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1232 -- gnutls security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4gnutlsUpdated gnutls packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1549 -- wget security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5wgetAn updated wget package that fixes a security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP.
Daniel Stenberg reported that Wget is affected by the previously published
null prefix attack, caused by incorrect handling of NULL characters in
X.509 certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker could
use the certificate during a man-in-the-middle attack and potentially
confuse Wget into accepting it by mistake. (CVE-2009-3490)
Wget users should upgrade to this updated package, which contains a
backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1452 -- neon security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5neonUpdated neon packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
neon is an HTTP and WebDAV client library, with a C interface. It provides
a high-level interface to HTTP and WebDAV methods along with a low-level
interface for HTTP request handling. neon supports persistent connections,
proxy servers, basic, digest and Kerberos authentication, and has complete
SSL support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0436 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1648 -- ntp security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5ntpAn updated ntp package that fixes a security issue is now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1529 -- samba security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5sambaUpdated samba packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Samba is a suite of programs used by machines to share files, printers, and
other information.
A denial of service flaw was found in the Samba smbd daemon. An
authenticated, remote user could send a specially-crafted response that
would cause an smbd child process to enter an infinite loop. An
authenticated, remote user could use this flaw to exhaust system resources
by opening multiple CIFS sessions. (CVE-2009-2906)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1140 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0581 -- bluez-libs and bluez-utils security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5bluez-libsbluez-utilsUpdated bluez-libs and bluez-utils packages that fix a security flaw are
now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The bluez-libs package contains libraries for use in Bluetooth
applications. The bluez-utils package contains Bluetooth daemons and utilities.
An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A
Bluetooth device with an already-established trust relationship, or a local
user registering a service record via a UNIX reg; socket or D-Bus interface,
could cause a crash, or possibly execute arbitrary code with privileges of
the hcid daemon. (CVE-2008-2374)
Users of bluez-libs and bluez-utils are advised to upgrade to these updated
packages, which contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0012 -- netpbm security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4netpbmUpdated netpbm packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The netpbm package contains a library of functions for editing and
converting between various graphics file formats, including .pbm (portable
bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable
pixmaps), and others.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0836 -- libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 2CentOS Linux 5libxml2Updated libxml2 packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The original fix used in this errata caused some applications using
the libxml2 library in an unexpected way to crash when used with updated
libxml2 packages. We have updated the packages for Red Hat Enterprise Linux
3, 4 and 5 to use a different fix that does not break affected
applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0978 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnssdevhelpxulrunneryelpAll firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1530 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4firefoxnsprxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. nspr provides the Netscape
Portable Runtime (NSPR).
A flaw was found in the way Firefox handles form history. A malicious web
page could steal saved form data by synthesizing input events, causing the
browser to auto-fill form fields (which could then be read by an attacker).
(CVE-2009-3370)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1218 -- pidgin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3pidginUpdated pidgin packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
Federico Muttis of Core Security Technologies discovered a flaw in Pidgin's
MSN protocol handler. If a user received a malicious MSN message, it was
possible to execute arbitrary code with the permissions of the user running
Pidgin. (CVE-2009-2694)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1219 -- libvorbis security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3libvorbisUpdated libvorbis packages that fix one security issue are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1036 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnsprnssxulrunnerNote: after the errata packages are installed, Firefox must be restarted
for the update to take effect.
All firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0057 -- squirrelmail security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5squirrelmailAn updated squirrelmail package that fixes a security issue is now
available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
SquirrelMail is an easy-to-configure, standards-based, webmail package
written in PHP. It includes built-in PHP support for the IMAP and SMTP
protocols, and pure HTML 4.0 page-rendering (with no JavaScript required)
for maximum browser-compatibility, strong MIME support, address books, and
folder manipulation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1023 -- pidgin security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated Pidgin packages that fix several security issues and bugs are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is a multi-protocol Internet Messaging client.
A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a
remote user was able to send, and the Pidgin user accepted, a
carefully-crafted file request, it could result in Pidgin crashing.
(CVE-2008-2955)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0002 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0946 -- ed security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 2CentOS Linux 5edAn updated ed package that fixes one security issue is now available for
Red Hat Enterprise Linux 2.1, 3, 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
ed is a line-oriented text editor, used to create, display, and modify
text files (both interactively and via shell scripts).
A heap-based buffer overflow was discovered in the way ed, the GNU line
editor, processed long file names. An attacker could create a file with a
specially-crafted name that could possibly execute an arbitrary code when
opened in the ed editor. (CVE-2008-3916)
Users of ed should upgrade to this updated package, which contains
a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0971 -- net-snmp security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3net-snmpUpdated net-snmp packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Simple Network Management Protocol (SNMP) is a protocol used for
network management.
A denial-of-service flaw was found in the way Net-SNMP processes SNMP
GETBULK requests. A remote attacker who issued a specially-crafted request
could cause the snmpd server to crash. (CVE-2008-4309)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0333 -- libpng security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 2libpnglibpng10Updated libpng and libpng10 packages that fix a couple of security issues
are now available for Red Hat Enterprise Linux 2.1, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was discovered in libpng that could result in libpng trying to
freerandom memory if certain, unlikely error conditions occurred. If a
carefully-crafted PNG file was loaded by an application linked against
libpng, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-0040)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0431 -- kdegraphics security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5kdegraphicsUpdated kdegraphics packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kdegraphics packages contain applications for the K Desktop
Environment, including KPDF, a viewer for Portable Document Format (PDF)
files.
Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause KPDF to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0147,
CVE-2009-1179)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0855 -- openssh security update (Critical)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5opensshUpdated openssh packages are now available for Red Hat Enterprise Linux 4,
Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended
Update Support.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1490 -- squirrelmail security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3squirrelmailAn updated squirrelmail package that fixes several security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1162 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0937 -- cups security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5cupsUpdated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0397 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
A memory corruption flaw was discovered in the way Firefox handles XML
files containing an XSLT transform. A remote attacker could use this flaw
to crash Firefox or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2009-1169)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0345 -- ghostscript security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3ghostscriptUpdated ghostscript packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ghostscript is a set of software that provides a PostScript(TM)
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files.
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in Ghostscript's International Color Consortium Format library
(icclib). Using specially-crafted ICC profiles, an attacker could create a
malicious PostScript or PDF file with embedded images which could cause
Ghostscript to crash, or, potentially, execute arbitrary code when opened
by the victim. (CVE-2009-0583, CVE-2009-0584)
All users of ghostscript are advised to upgrade to these updated packages,
which contain a backported patch to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1561 -- libvorbis security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libvorbisUpdated libvorbis packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0258 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdAn updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774,
CVE-2009-0775)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1203 -- subversion security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5subversionUpdated subversion packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0584 -- pidgin security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5pidginUpdated Pidgin packages that fix a security issue and address a bug are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Pidgin is a multi-protocol Internet Messaging client.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0018 -- xterm security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5xtermAn updated xterm package to correct a security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The xterm program is a terminal emulator for the X Window System.
A flaw was found in the xterm handling of Device Control Request Status
String (DECRQSS) escape sequences. An attacker could create a malicious
text file (or log entry, if unfiltered) that could run arbitrary commands
if read by a victim inside an xterm window. (CVE-2008-2383)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1209 -- curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5curlUpdated curl packages that fix security issues are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols. cURL is designed to work
without user interaction or any kind of interactivity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0976 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018,
CVE-2008-5021)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1426 -- openoffice.org security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3openoffice.orgopenoffice.org2Updated openoffice.org packages that correct security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenOffice.org is an office productivity suite that includes desktop
applications, such as a word processor, spreadsheet, presentation manager,
formula editor, and a drawing program.
An integer underflow flaw and a boundary error flaw, both possibly leading
to a heap-based buffer overflow, were found in the way OpenOffice.org
parses certain records in Microsoft Word documents. An attacker could
create a specially-crafted Microsoft Word document, which once opened by an
unsuspecting user, could cause OpenOffice.org to crash or, potentially,
execute arbitrary code with the permissions of the user running
OpenOffice.org. (CVE-2009-0200, CVE-2009-0201)
All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. All
running instances of OpenOffice.org applications must be restarted for
this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1060 -- pidgin security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
A buffer overflow flaw was found in the way Pidgin initiates file transfers
when using the Extensible Messaging and Presence Protocol (XMPP). If a
Pidgin client initiates a file transfer, and the remote target sends a
malformed response, it could cause Pidgin to crash or, potentially, execute
arbitrary code with the permissions of the user running Pidgin. This flaw
only affects accounts using XMPP, such as Jabber and Google Talk.
(CVE-2009-1373)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1139 -- pidgin security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. The AOL
Open System for CommunicAtion in Realtime (OSCAR) protocol is used by the
AOL ICQ and AIM instant messaging systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0313 -- wireshark security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3wiresharkUpdated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network or opened a malformed dump file, it could
crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2008-4683, CVE-2009-0599)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1204 -- apr and apr-util security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5aprapr-utilUpdated apr and apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It aims to provide a free library
of C data structures and routines.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0939 -- openoffice.org security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5openoffice.orgopenoffice.org2Updated openoffice.org packages that correct security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1536 -- pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. The AOL
Open System for Communication in Realtime (OSCAR) protocol is used by the
AOL ICQ and AIM instant messaging systems.
An invalid pointer dereference bug was found in the way the Pidgin OSCAR
protocol implementation processed lists of contacts. A remote attacker
could send a specially-crafted contact list to a user running Pidgin,
causing Pidgin to crash. (CVE-2009-3615)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0256 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnssxulrunnerAll Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.6, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0849 -- ipsec-tools security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5ipsec-toolsAn updated ipsec-tools package that fixes two security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1463 -- newt security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5newtUpdated newt packages that fix one security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Newt is a programming library for color text mode, widget-based user
interfaces. Newt can be used to add stacked windows, entry widgets,
checkboxes, radio buttons, labels, plain text fields, scrollbars, and so
on, to text mode user interfaces.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0893 -- bzip2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5CentOS Linux 2bzip2Updated bzip2 packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Bzip2 is a freely available, high-quality data compressor. It provides both
stand-alone compression and decompression utilities, as well as a shared
library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to
crash when decompressing malformed archives. (CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain a
backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0583 -- openldap security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5openldapUpdated openldap packages that fix a security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenLDAP is an open source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols for
accessing directory services.
A denial of service flaw was found in the way the OpenLDAP slapd daemon
processed certain network messages. An unauthenticated remote attacker
could send a specially crafted request that would crash the slapd daemon.
(CVE-2008-2952)
Users of openldap should upgrade to these updated packages, which contain a
backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0884 -- libxml2 security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libxml2Updated libxml2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libxml2 packages provide a library that allows you to manipulate XML
files. It includes support to read, modify, and write XML and HTML files.
A heap-based buffer overflow flaw was found in the way libxml2 handled long
XML entity names. If an application linked against libxml2 processed
untrusted malformed XML content, it could cause the application to crash
or, possibly, execute arbitrary code. (CVE-2008-3529)
All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0649 -- libxslt security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5libxsltUpdated libxslt packages that fix a security issue are now available for
Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libxslt is a library for transforming XML files into other XML files using
the standard XSLT stylesheet transformation mechanism.
A heap buffer overflow flaw was discovered in the RC4 libxslt library
extension. An attacker could create a malicious XSL file that would cause a
crash, or, possibly, execute arbitrary code with the privileges of the
application using the libxslt library to perform XSL transformations on
untrusted XSL style sheets. (CVE-2008-2935)
Red Hat would like to thank Chris Evans for reporting this vulnerability.
All libxslt users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1116 -- cyrus-imapd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5cyrus-imapdUpdated cyrus-imapd packages that fix a security issue are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and SIEVE support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0890 -- wireshark security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5wiresharkUpdated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0879 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxdevhelpnssxulrunneryelpAll firefox users should upgrade to this updated package, which contains
backported patches that correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0020 -- bind security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 2CentOS Linux 3bindUpdated Bind packages to correct a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.
A flaw was discovered in the way BIND checked the return value of the
OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone
could present a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks. (CVE-2009-0025)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0561 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an interpreted scripting language for quick and easy
object-oriented programming.
Multiple integer overflows leading to a heap overflow were discovered in
the array- and string-handling code used by Ruby. An attacker could use
these flaws to crash a Ruby application or, possibly, execute arbitrary
code with the privileges of the Ruby application using untrusted inputs in
array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,
CVE-2008-2725, CVE-2008-2726)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0341 -- curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 2curlUpdated curl packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols. cURL is designed to work
without user interaction or any kind of interactivity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0965 -- lynx security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 3CentOS Linux 2lynxAn updated lynx package that corrects two security issues is now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Lynx is a text-based Web browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1206 -- libxml and libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libxmllibxml2Updated libxml and libxml2 packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libxml is a library for parsing and manipulating XML files. A Document Type
Definition (DTD) defines the legal syntax (and also which elements can be
used) for certain types of files, such as XML files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0373 -- systemtap security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5systemtapUpdated systemtap packages that fix a security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
SystemTap is an instrumentation infrastructure for systems running version
2.6 of the Linux kernel. SystemTap scripts can collect system operations
data, greatly simplifying information gathering. Collected data can then
assist in performance measuring, functional testing, and performance and
function problem diagnosis.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0476 -- pango security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5pangoevolution28-pangoUpdated pango and evolution28-pango packages that fix an integer overflow
flaw are now available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Pango is a library used for the layout and rendering of internationalized
text.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1484 -- postgresql security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5postgresqlUpdated postgresql packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PostgreSQL is an advanced object-relational database management system
(DBMS).
It was discovered that the upstream patch for CVE-2007-6600 included in the
Red Hat Security Advisory RHSA-2008:0038 did not include protection against
misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An
authenticated user could use this flaw to install malicious code that would
later execute with superuser privileges. (CVE-2009-3230)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1471 -- elinks security update (Important)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5elinksAn updated elinks package that fixes two security issues is now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
ELinks is a text-based Web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.
An off-by-one buffer overflow flaw was discovered in the way ELinks handled
its internal cache of string representations for HTML special entities. A
remote attacker could use this flaw to create a specially-crafted HTML file
that would cause ELinks to crash or, possibly, execute arbitrary code when
rendered. (CVE-2008-7224)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0046 -- ntp security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5ntpUpdated ntp packages to correct a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.
A flaw was discovered in the way the ntpd daemon checked the return value
of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1100 -- wireshark security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5wiresharkUpdated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
A format string flaw was found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829)
Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.8, and resolve these issues. All running instances of
Wireshark must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1159 -- libtiff security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libtiffUpdated libtiff packages that fix several security issues are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0474 -- acpid security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5acpidAn updated acpid package that fixes one security issue is now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
acpid is a daemon that dispatches ACPI (Advanced Configuration and Power
Interface) events to user-space programs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0533 -- bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 2CentOS Linux 3bindselinux-policy-targetedselinux-policyUpdated bind packages that help mitigate DNS spoofing attacks are now
available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
We have updated the Enterprise Linux 5 packages in this advisory. The
default and sample caching-nameserver configuration files have been updated
so that they do not specify a fixed query-source port. Administrators
wishing to take advantage of randomized UDP source ports should check their
configuration file to ensure they have not specified fixed query-source ports.
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1453 -- pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. Info/Query
(IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific
request-response mechanism.
A NULL pointer dereference flaw was found in the way the Pidgin XMPP
protocol plug-in processes IQ error responses when trying to fetch a custom
smiley. A remote client could send a specially-crafted IQ error response
that would crash Pidgin. (CVE-2009-3085)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1459 -- cyrus-imapd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5cyrus-imapdUpdated cyrus-imapd packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and Sieve support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0354 -- evolution-data-server security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4evolution28-evolution-data-serverevolution-data-serverUpdated evolution-data-server and evolution28-evolution-data-server
packages that fix multiple security issues are now available for Red Hat
Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Evolution Data Server provides a unified back-end for applications which
interact with contacts, task, and calendar information. Evolution Data
Server was originally developed as a back-end for Evolution, but is now
used by multiple other applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0449 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
A flaw was found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1313)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0616 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix a security issue are now available
for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Multiple flaws were found in the processing of malformed JavaScript
content. An HTML mail containing such malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code as the user
running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0004 -- openssl security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5CentOS Linux 2opensslopenssl095aopenssl096openssl096bopenssl097aUpdated OpenSSL packages that correct a security issue are now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength,
general purpose, cryptography library.
The Google security team discovered a flaw in the way OpenSSL checked the
verification of certificates. An attacker in control of a malicious server,
or able to effect a man in the middle attack, could present a malformed
SSL/TLS signature from a certificate chain to a vulnerable client and
bypass validation. (CVE-2008-5077)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0908 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
CVE-2008-4061, CVE-2008-4062)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0981 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897
did not properly address a denial of service flaw in the WEBrick (Ruby
HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a
remote attacker to send a specially-crafted HTTP request to a WEBrick
server that would cause the server to use excessive CPU time. This
update properly addresses this flaw. (CVE-2008-4310)
All Ruby users should upgrade to these updated packages, which contain a
correct patch that resolves this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0429 -- cups security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5cupsUpdated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0839 -- postfix security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5postfixUpdated postfix packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.
A flaw was found in the way Postfix dereferences symbolic links. If a local
user has write access to a mail spool directory with no root mailbox, it
may be possible for them to append arbitrary data to files that root has
write permission to. (CVE-2008-2936)
Red Hat would like to thank Sebastian Krahmer for responsibly disclosing
this issue.
All users of postfix should upgrade to these updated packages, which
contain a backported patch that resolves this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 3Red Hat Enterprise Linux 3The operating system installed on the system is Red Hat Enterprise Linux 3.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDRHSA-2008:0897 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an interpreted scripting language for quick and easy
object-oriented programming.
The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs
and a fixed source port when sending DNS requests. A remote attacker could
use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 5.xCentOS Linux 5The operating system installed on the system is CentOS Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 4Red Hat Enterprise Linux 4The operating system installed on the system is Red Hat Enterprise Linux 4.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 5Red Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDdevice-mapper-multipathkpartxlibwmf-devellibwmffetchmailevolution28-libsoup-devellibsoup-develevolution28-libsouplibsoupvnc-servervncexpat-develexpatxmlsec1-gnutls-develxmlsec1-nss-develxmlsec1-develxmlsec1-nssxmlsec1-openssl-develxmlsec1-opensslxmlsec1xmlsec1-gnutlskdelibskdelibs-apidocskdelibs-develhttpd-manualmod_sslhttpd-develhttpd-suexechttpdlibtool-ltdllibtool-libslibtool-ltdl-devellibtoolgnutls-develgnutls-utilsgnutlswgetneon-develneonsamba-swatsamba-clientsambasamba-commonbluez-libs-develbluez-utils-cupsbluez-utilsbluez-libsnetpbm-develnetpbm-progsnetpbmnsprnspr-develpidgin-docsenscriptednet-snmpnet-snmp-utilsnet-snmp-libsnet-snmp-develnet-snmp-perllibpng10-devellibpng10libpng-devellibpngkdegraphics-develkdegraphicsopenssh-askpass-gnomeopensshopenssh-serveropenssh-askpassopenssh-clientssquirrelmailhpijsghostscript-develghostscriptghostscript-gtklibvorbis-devellibvorbismod_dav_svnsubversion-javahlsubversion-rubysubversion-develsubversion-perlsubversionxtermapr-util-develapr-utilapr-util-docsaprapr-docsapr-developenoffice.org2-langpack-svopenoffice.org2-langpack-th_THopenoffice.org2-javafilteropenoffice.org2-langpack-cs_CZopenoffice.org2-langpack-gl_ESopenoffice.org2-langpack-pl_PLopenoffice.org2-langpack-ca_ESopenoffice.org2-langpack-fi_FIopenoffice.org2-coreopenoffice.org2-langpack-lt_LTopenoffice.org2-langpack-bg_BGopenoffice.org2-langpack-pt_PTopenoffice.org2-langpack-deopenoffice.org2-langpack-hr_HRopenoffice.org-langpack-zu_ZAopenoffice.org2-langpack-bnopenoffice.org-langpack-pt_PTopenoffice.org-langpack-pa_INopenoffice.org2-langpack-he_ILopenoffice.org-langpack-pl_PLopenoffice.org-langpack-pt_BRopenoffice.org-langpack-th_THopenoffice.org-langpack-ms_MYopenoffice.org2-langpack-eu_ESopenoffice.org2-xsltfilteropenoffice.org-langpack-ve_ZAopenoffice.org-langpack-mr_INopenoffice.org2-langpack-pa_INopenoffice.org2-langpack-gu_INopenoffice.org2-pyunoopenoffice.org-langpack-tn_ZAopenoffice.org2-langpack-nlopenoffice.org-langpack-or_INopenoffice.org2-langpack-tr_TRopenoffice.orgopenoffice.org-langpack-gl_ESopenoffice.org-langpack-xh_ZAopenoffice.org2-langpack-et_EEopenoffice.org2-langpack-da_DKopenoffice.org-langpack-lt_LTopenoffice.org-langpack-ko_KRopenoffice.org-langpack-ruopenoffice.org2-langpack-fropenoffice.org-langpack-nlopenoffice.org2-writeropenoffice.org-testtoolsopenoffice.org-langpack-ml_INopenoffice.org2-langpack-el_GRopenoffice.org2-langpack-ko_KRopenoffice.org2-impressopenoffice.org-graphicfilteropenoffice.org-langpack-svopenoffice.org-langpack-nso_ZAopenoffice.org-langpack-esopenoffice.org-langpack-ja_JPopenoffice.org2-langpack-itopenoffice.org-langpack-el_GRopenoffice.org2-langpack-aropenoffice.org-langpack-te_INopenoffice.org2-langpack-sl_SIopenoffice.org2-langpack-ga_IEopenoffice.org-langpack-nn_NOopenoffice.org-langpack-da_DKopenoffice.org2-langpack-sk_SKopenoffice.org-langpack-eu_ESopenoffice.org-langpack-fropenoffice.org-headlessopenoffice.org-langpack-zh_CNopenoffice.org2-langpack-hi_INopenoffice.org-javafilteropenoffice.org-langpack-et_EEopenoffice.org-langpack-deopenoffice.org2-drawopenoffice.org-drawopenoffice.org-langpack-nb_NOopenoffice.org2-langpack-cy_GBopenoffice.org-langpack-st_ZAopenoffice.org-langpack-sk_SKopenoffice.org-langpack-bg_BGopenoffice.org2-baseopenoffice.org2-langpack-nn_NOopenoffice.org-langpack-fi_FIopenoffice.org-langpack-ca_ESopenoffice.org2-langpack-zh_TWopenoffice.org-mathopenoffice.org2-langpack-esopenoffice.org-langpack-uropenoffice.org-langpack-kn_INopenoffice.org-sdkopenoffice.org-langpack-ta_INopenoffice.org2-langpack-ta_INopenoffice.org-kdeopenoffice.org2-langpack-sr_CSopenoffice.org2-langpack-zu_ZAopenoffice.org-libsopenoffice.org-langpack-nr_ZAopenoffice.org-langpack-ga_IEopenoffice.org-baseopenoffice.org-sdk-docopenoffice.org-langpack-ts_ZAopenoffice.org-langpack-zh_TWopenoffice.org2-graphicfilteropenoffice.org-langpack-itopenoffice.org2-langpack-ja_JPopenoffice.org-langpack-aropenoffice.org-calcopenoffice.org-writeropenoffice.org-langpack-gu_INopenoffice.org-langpack-hu_HUopenoffice.org-langpack-af_ZAopenoffice.org2-mathopenoffice.org2-langpack-ms_MYopenoffice.org-langpack-as_INopenoffice.org-langpack-hi_INopenoffice.org2-langpack-nb_NOopenoffice.org-impressopenoffice.org-emailmergeopenoffice.org2-emailmergeopenoffice.org2-langpack-zh_CNopenoffice.org2-langpack-ruopenoffice.org-langpack-tr_TRopenoffice.org-langpack-cs_CZopenoffice.org2-testtoolsopenoffice.org-langpack-hr_HRopenoffice.org-pyunoopenoffice.org-langpack-sl_SIopenoffice.org-coreopenoffice.org-langpack-cy_GBopenoffice.org-xsltfilteropenoffice.org-langpack-sr_CSopenoffice.org2-langpack-hu_HUopenoffice.org-i18nopenoffice.org-langpack-ss_ZAopenoffice.org2-langpack-pt_BRopenoffice.org2-langpack-af_ZAopenoffice.org2-calcopenoffice.org-langpack-he_ILopenoffice.org-langpack-bnipsec-toolsnewtnewt-develbzip2-develbzip2bzip2-libsopenldap-developenldap-clientscompat-openldapopenldap-serversopenldapopenldap-servers-sqllibxslt-pythonlibxslt-devellibxsltdevhelp-develnssdevhelpyelpnss-develnss-toolsnss-pkcs11-develcurl-develcurllynxlibxml2-pythonlibxml-devellibxml2libxml2-devellibxmlsystemtap-clientsystemtap-serversystemtapsystemtap-runtimesystemtap-testsuiteevolution28-pango-develpango-develevolution28-pangopangopostgresql-jdbcpostgresql-pythonpostgresql-serverpostgresql-plpostgresql-libspostgresql-testpostgresql-contribpostgresql-docspostgresqlpostgresql-develpostgresql-tclelinksntpwireshark-gnomewiresharklibtiff-devellibtiffacpidselinux-policy-strictselinux-policy-targeted-sourcesbind-develcaching-nameserverselinux-policyselinux-policy-mlsbind-sdbbind-chrootselinux-policy-develbindbind-libbind-develselinux-policy-targetedbind-utilsbind-libspidgin-perlfinchfinch-devellibpurple-tcllibpurple-perlpidginlibpurplepidgin-devellibpurple-develcyrus-imapd-murdercyrus-imapd-perlcyrus-imapd-nntpcyrus-imapd-develcyrus-imapdcyrus-imapd-utilsperl-Cyrusevolution28-evolution-data-server-develevolution28-evolution-data-serverevolution-data-server-develevolution-data-server-docevolution-data-serverfirefoxxulrunnerxulrunner-develxulrunner-devel-unstableopenssl096bopensslopenssl-perlopenssl-developenssl097athunderbirdcups-lpdcups-develcupscups-libspostfix-pflogsummpostfixcentos-releaseredhat-releaseruby-irbruby-riruby-rdocruby-tcltkruby-develirbruby-libsruby-docsrubyruby-mode0:3.0.11-4.el40:1.9.0.11-3.el50:3.0.11-2.el5.centos0:3.0.11-2.el5_30:1.9.0.11-3.el5_30:0.4.5-31.el4_7.10:0.4.7-23.el5_3.20:3.0.7-1.el40:3.0.7-1.el5.centos0:3.0.7-1.el50:1.9.0.7-1.el50:0.2.8.3-5.80:0.2.8.4-10.20:6.2.0-3.el3.50:6.2.5-6.0.1.el4_8.10:6.3.6-1.1.el5_3.10:1.4.8-5.el5.centos.20:1.4.8-5.el5_2.20:1.4.8-5.el4_7.20:1.4.8-8.el30:2.2.98-2.el5_3.10:2.2.98-5.el4.10:2.2.1-4.el4.10:4.1.2-14.el5_3.10:4.0-0.beta4.1.80:4.0-12.el4_7.16:3.5.4-25.el5_4.16:3.5.4-25.el5.centos.16:3.3.1-17.el4_8.10:1.95.7-4.el4_8.20:1.95.5-6.20:1.95.8-8.3.el5_4.20:3.0.16-1.el5_40:1.9.0.16-2.el5_40:3.0.16-4.el40:3.0.16-1.el5.centos0:1.4.8-5.el5.centos.70:1.4.8-5.el5_3.70:1.4.8-13.el30:1.4.8-5.el4_8.50:3.0.14-1.el40:3.0.14-1.el5_40:3.0.14-1.el5.centos0:4.7.5-1.el4_80:1.9.0.14-1.el5_40:4.7.5-1.el5_40:1.2.6-3.10:1.2.9-8.1.10:2.6.16-12.60:2.5.10-140:2.6.26-2.1.2.76:3.5.4-22.el5.centos6:3.3.1-14.el46:3.5.4-22.el5_30:0.9.4-22.el4_8.10:1.2.7-7.el5_3.10:2.2.3-11.el5_2.40:2.2.3-11.el5.centos.40:2.0.52-41.ent.20:2.0.46-71.ent0:1.4.3-70:1.5.22-7.el5_40:1.5.6-5.el4_80:1.0.20-4.el4_8.30:1.4.1-3.el5_3.50:1.10.2-0.30E.10:1.10.2-1.el4_8.10:1.11.4-2.el5_4.10:0.24.7-4.el4_8.20:0.25.5-10.el5_4.10:3.0.9-1.el5.centos0:3.0.9-1.el50:3.0.9-1.el40:1.9.0.9-1.el50:4.2.0.a.20040617-8.el4_8.10:4.2.2p1-9.el5_4.10:4.2.2p1-9.el5.centos.2.10:3.0.33-3.15.el5_40:3.0.33-0.18.el4_80:1.8.1-7.el4_8.30:1.8.5-5.el5_3.70:2.10-30:2.10-2.40:3.7-2.20:3.7-1.10:10.25-2.1.el4_7.40:10.35-6.1.el5_3.10:2.6.26-2.1.2.30:2.6.16-12.30:2.5.10-110:2.6.26-2.1.2.40:2.16.0-22.el50:0.12-20.el50:3.0.4-1.el5.centos0:3.12.1.1-3.el50:3.12.1.1-3.el40:3.0.4-1.el50:3.12.1.1-3.el5.centos0:3.0.4-1.el40:1.9.0.4-1.el50:3.0.15-3.el5_40:4.7.6-1.el4_80:3.0.15-3.el40:4.7.6-1.el5_40:1.9.0.15-3.el5_40:1.5.1-4.el30:2.5.9-1.el40:2.5.9-1.el51:1.1.2-3.el5_3.31:1.0-11.el31:1.1.0-3.el4_8.20:1.9.0.5-1.el5_20:3.0.5-1.el5.centos0:4.7.3-2.el50:3.0.5-1.el40:3.12.2.0-2.el50:3.12.2.0-1.el40:4.7.3-1.el40:1.9.0.5-1.el50:3.12.2.0-2.el5.centos0:3.0.5-1.el5_20:1.4.8-5.el5.centos.30:1.4.8-9.el30:1.4.8-5.el5_2.30:1.4.8-5.el4_7.30:1.6.4-4.1.1.el5_20:2.5.2-6.el50:2.5.2-6.el40:2.0.0.19-1.el5_20:1.5.0.12-18.el40:2.0.0.19-1.el5.centos0:0.2-33.30E.10:0.2-36.el4_7.10:0.2-39.el5_21:5.1.2-13.el4_7.21:5.0.9-2.30E.251:5.3.1-24.el5_2.22:1.0.16-3.el4_7.32:1.2.7-3.el4_7.22:1.2.10-7.1.el5_3.27:3.3.1-13.el47:3.5.4-12.el5_30:4.3p2-26.el5_2.10:3.9p1-11.el4_70:1.4.8-5.el5_4.100:1.4.8-5.el4_8.80:1.4.8-16.el30:3.0.12-1.el40:3.0.12-1.el5_30:1.9.0.12-1.el5_30:1.9.0.12-1.el50:3.0.12-1.el5.centos1:1.1.17-13.3.541:1.1.22-0.rc1.9.27.el4_7.11:1.2.4-11.18.el5_2.20:1.9.0.7-3.el50:3.0.7-3.el40:1.3-32.1.170:7.05-32.1.170:7.07-33.2.el4_7.50:8.15.2-9.4.el5_3.41:1.0-12.el31:1.1.0-3.el4_8.31:1.1.2-3.el5_4.40:2.0.0.21-1.el5.centos0:1.5.0.12-19.el40:2.0.0.21-1.el50:1.1.4-3.el4_8.20:1.4.2-4.el5_3.10:1.5.1-2.el40:1.5.1-2.el30:2.3.1-2.el5_20:179-11.EL30:215-5.el5_2.20:192-8.el4_7.20:7.15.5-2.1.el5_3.50:7.12.1-11.1.el4_8.10:7.10.6-10.rhel30:2.0.0.18-1.el50:2.0.0.18-1.el5.centos0:1.5.0.12-17.el41:1.1.2-44.2.0.EL31:1.1.5-10.6.0.7.EL4.11:2.0.4-5.7.0.6.0.11:2.3.0-6.11.el5_4.10:2.5.5-2.el40:2.5.5-3.el50:2.5.8-1.el50:2.5.8-1.el40:1.0.6-EL3.30:1.0.6-2.el5_30:1.0.6-2.el4_70:0.9.4-22.el4_8.20:1.2.7-7.el5_3.20:0.9.4-24.9.el4_8.20:1.2.7-11.el5_3.11:1.1.5-10.6.0.7.EL41:1.1.2-43.2.0.EL31:2.0.4-5.7.0.6.01:2.3.0-6.5.4.el5_20:2.6.3-2.el40:2.6.3-2.el50:3.0.6-1.el50:3.12.2.0-4.el50:3.0.6-1.el40:3.12.2.0-3.el40:1.9.0.6-1.el50:0.3.3-7.el4_70:0.6.5-9.el5_2.30:0.2.5-0.7.rhel3.50:0.51.5-2.el30:0.51.6-10.el4_8.10:0.52.2-12.el5_4.10:1.0.2-14.el4_70:1.0.2-12.EL30:2.1.30-8.el4_6.50:2.3.27_2.2.29-8.el5_2.40:2.2.13-8.el4_6.50:2.3.27-8.el5_2.40:2.5.10-130:2.6.26-2.1.2.60:2.6.16-12.50:1.1.17-2.el5_2.20:1.1.11-1.el4_7.20:2.3.7-2.el5_3.20:2.2.12-10.el4_8.10:1.0.3-3.el4_70:1.0.3-EL3.30:1.0.3-4.el5_20:3.0.2-3.el50:3.0.2-3.el5.centos0:0.12-19.el50:2.16.0-21.el50:3.0.2-3.el40:1.9.0.2-5.el50:3.12.1.1-1.el50:3.12.1.1-1.el5.centos.130:9.3.4-6.0.3.P1.el5_230:9.2.4-30.el4_7.130:9.2.4-23.el30:1.8.5-5.el5_2.30:1.8.1-7.el4_6.10:7.15.5-2.1.el5_3.40:7.12.1-11.1.el4_7.10:7.10.6-9.rhel30:2.8.5-28.1.el5_2.10:2.8.5-11.30:2.8.5-18.2.el4_7.10:2.6.16-12.71:1.8.17-9.30:2.6.26-2.1.2.80:2.5.10-150:1.8.17-9.30:0.6.2-2.el4_70:0.7.2-3.el5_30:1.14.9-5.el5.centos0:1.2.5-80:1.6.0-14.4_70:1.14.9-11.el4_70:1.14.9-5.el5_30:7.4.26-1.el4_8.10:8.1.18-2.el5_4.10:0.9.2-4.el4_8.10:0.11.1-6.el5_4.10:4.2.2p1-9.el5_3.10:4.2.2p1-9.el5.centos.10:4.2.0.a.20040617-8.el4_7.10:1.0.8-EL3.10:1.0.8-1.el4_8.10:1.0.8-1.el5_3.10:3.5.7-33.el30:3.8.2-7.el5_3.40:3.6.1-12.el4_8.40:1.0.3-2.el4_7.10:1.0.2-40:1.0.4-7.el5_3.10:2.4.6-137.1.el50:2.4.6-137.1.el5_230:9.3.4-6.0.1.P1.el5_230:9.3.4-6.0.2.P1.el5_20:1.17.30-2.150.el430:9.2.4-28.0.1.el430:9.2.4-22.el30:2.6.2-2.el40:2.6.2-2.el50:2.3.7-7.el5_4.30:2.2.12-10.el4_8.40:1.8.0-37.el4_7.20:1.12.3-10.el5_3.30:3.0.10-1.el5.centos0:3.0.10-1.el40:3.0.10-1.el50:1.9.0.10-1.el50:2.0.0.16-1.el50:1.5.0.12-14.el40:0.9.6b-22.46.el4_70:0.9.6b-16.490:0.9.8b-10.el5_2.10:0.9.7a-43.17.el4_7.20:0.9.7a-33.250:0.9.7a-9.el5_2.10:1.5.0.12-16.el40:2.0.0.17-1.el50:2.0.0.17-1.el5.centos0:1.8.1-7.el4_7.20:1.8.5-5.el5_2.61:1.1.22-0.rc1.9.27.el4_7.51:1.3.7-8.el5_3.4^3\D.+$2:2.0.16-14.1.RHEL32:2.2.10-1.2.1.el4_72:2.3.3-2.1.el5_2^5.*$unix^4\D.+$^5\D.+$0:1.8.5-5.el5_2.50:1.8.1-7.el4_7.1