-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: vixie-cron security update Advisory ID: RHSA-2007:0345-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0345.html Issue date: 2007-05-17 Updated on: 2007-05-17 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1856 - ---------------------------------------------------------------------
1. Summary:
Updated vixie-cron packages that fix a denial of service issue are now available.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times.
Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856)
All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
223662 - crond failed "Days of week" after a few hours on 1st/Jan 235880 - CVE-2007-1856 crontab denial of service
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: vixie-cron-4.1-19.EL3.src.rpm 7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm
i386: ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm 98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
ia64: dbd7433ff15f0aaf005cd1bbed789112 vixie-cron-4.1-19.EL3.ia64.rpm 1e75f2bf0383e74c5d491a023e4f4cff vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm
ppc: 097b5ff35bfae9dc80600b1c5c625b28 vixie-cron-4.1-19.EL3.ppc.rpm 6642327a5b747246059681feb75c48c2 vixie-cron-debuginfo-4.1-19.EL3.ppc.rpm
s390: 825a473c9476f6c4c0998c9b37c87584 vixie-cron-4.1-19.EL3.s390.rpm d6c108ff0f700e2637b8256e04027998 vixie-cron-debuginfo-4.1-19.EL3.s390.rpm
s390x: a69ee247f2c81ef9baa7636c8f695ab5 vixie-cron-4.1-19.EL3.s390x.rpm eae9c4a5d305cb0077125a51200f6bf8 vixie-cron-debuginfo-4.1-19.EL3.s390x.rpm
x86_64: c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: vixie-cron-4.1-19.EL3.src.rpm 7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm
i386: ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm 98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
x86_64: c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: vixie-cron-4.1-19.EL3.src.rpm 7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm
i386: ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm 98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
ia64: dbd7433ff15f0aaf005cd1bbed789112 vixie-cron-4.1-19.EL3.ia64.rpm 1e75f2bf0383e74c5d491a023e4f4cff vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm
x86_64: c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: vixie-cron-4.1-19.EL3.src.rpm 7c765917fa13d34ca705284d0a51d16e vixie-cron-4.1-19.EL3.src.rpm
i386: ea525e4a8c8dc818b9e113c02a7e4c48 vixie-cron-4.1-19.EL3.i386.rpm 98df28b802964b3a687c6925708f08fd vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
ia64: dbd7433ff15f0aaf005cd1bbed789112 vixie-cron-4.1-19.EL3.ia64.rpm 1e75f2bf0383e74c5d491a023e4f4cff vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm
x86_64: c2440f24a81ded632ef8ce71c5f379a6 vixie-cron-4.1-19.EL3.x86_64.rpm ff066a6188e453697086fc6bbd310294 vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: vixie-cron-4.1-47.EL4.src.rpm c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm
i386: e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
ia64: 2a8acdc3387f80b88b05d3caf37494b4 vixie-cron-4.1-47.EL4.ia64.rpm d02b38ef9530988cf05c1bf4d14b084b vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm
ppc: 68741ea68b37363dc302345cc3bf2209 vixie-cron-4.1-47.EL4.ppc.rpm 4fd9d72458e7571e12336d829b72e97f vixie-cron-debuginfo-4.1-47.EL4.ppc.rpm
s390: 4bcc729825cd7622cc9cf2ce317f641f vixie-cron-4.1-47.EL4.s390.rpm 610471c0b6115c8162bc338173bbbe69 vixie-cron-debuginfo-4.1-47.EL4.s390.rpm
s390x: 903f1dbd19ee18070d02b659d8d8ba83 vixie-cron-4.1-47.EL4.s390x.rpm b3fb169573665923ed33b42ab92c569a vixie-cron-debuginfo-4.1-47.EL4.s390x.rpm
x86_64: 9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: vixie-cron-4.1-47.EL4.src.rpm c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm
i386: e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
x86_64: 9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: vixie-cron-4.1-47.EL4.src.rpm c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm
i386: e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
ia64: 2a8acdc3387f80b88b05d3caf37494b4 vixie-cron-4.1-47.EL4.ia64.rpm d02b38ef9530988cf05c1bf4d14b084b vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm
x86_64: 9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: vixie-cron-4.1-47.EL4.src.rpm c963050603bd83341aa5512719bcd6e1 vixie-cron-4.1-47.EL4.src.rpm
i386: e50b7208f6e67ef36a941a9d53dd4ecd vixie-cron-4.1-47.EL4.i386.rpm f4f41c03fe2c620a4c88865ee7ccf9ba vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
ia64: 2a8acdc3387f80b88b05d3caf37494b4 vixie-cron-4.1-47.EL4.ia64.rpm d02b38ef9530988cf05c1bf4d14b084b vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm
x86_64: 9cdec79f5fd5c4daaec883aa70bb6432 vixie-cron-4.1-47.EL4.x86_64.rpm a389869eadbd3752839300ec2ee543a7 vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: vixie-cron-4.1-70.el5.src.rpm 91b16cc530bd52916de05ebf3a291ec3 vixie-cron-4.1-70.el5.src.rpm
i386: bf66188eda08c4e4410854a118448fce vixie-cron-4.1-70.el5.i386.rpm ebbfcef54ccd476f05ce6e107b8c6ae6 vixie-cron-debuginfo-4.1-70.el5.i386.rpm
x86_64: 2d9c6bdffb703c8ecdfb5bbac74a193e vixie-cron-4.1-70.el5.x86_64.rpm 7090e5d8fbc61e8c148c3b5a8e849ee1 vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: vixie-cron-4.1-70.el5.src.rpm 91b16cc530bd52916de05ebf3a291ec3 vixie-cron-4.1-70.el5.src.rpm
i386: bf66188eda08c4e4410854a118448fce vixie-cron-4.1-70.el5.i386.rpm ebbfcef54ccd476f05ce6e107b8c6ae6 vixie-cron-debuginfo-4.1-70.el5.i386.rpm
ia64: 4bd5c5c644d7cae8a7a35ee8a8db1fe3 vixie-cron-4.1-70.el5.ia64.rpm 52f06612b2ced2ffef0f10dcc2ef1211 vixie-cron-debuginfo-4.1-70.el5.ia64.rpm
ppc: ccd2a860b388dcf0b8174ac301813692 vixie-cron-4.1-70.el5.ppc.rpm b972e59606b597f9e6d8040927158294 vixie-cron-debuginfo-4.1-70.el5.ppc.rpm
s390x: 308a141f06dcf269d3fcbf80d464cd9d vixie-cron-4.1-70.el5.s390x.rpm c704c4150bea7712738eb444ad65a036 vixie-cron-debuginfo-4.1-70.el5.s390x.rpm
x86_64: 2d9c6bdffb703c8ecdfb5bbac74a193e vixie-cron-4.1-70.el5.x86_64.rpm 7090e5d8fbc61e8c148c3b5a8e849ee1 vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1856 http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGTGYNXlSAg2UNWIIRAuu0AJ0WFAFqBQi0X2qlsfVf31uMV5CxVwCglzws bfK3V0WBKBeBbG4nQYlUzfc= =pvha -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|