-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: texinfo security update Advisory ID: RHSA-2006:0727-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0727.html Issue date: 2006-11-08 Updated on: 2006-11-08 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3011 CVE-2006-4810 - ---------------------------------------------------------------------
1. Summary:
New Texinfo packages that fix various security vulnerabilities are now available.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
Texinfo is a documentation system that can produce both online information and printed output from a single source file.
A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)
A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011)
Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
169583 - CVE-2005-3011 texindex insecure temporary file usage 170743 - CVE-2005-3011 texindex insecure temporary file usage 170744 - CVE-2005-3011 texindex insecure temporary file usage 211484 - CVE-2006-4810 texindex buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: texinfo-4.0b-3.el2.1.src.rpm 4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm
i386: 878a207e614180cf8fd43920d51947d6 info-4.0b-3.el2.1.i386.rpm 58cc2bc691496d3aef522fc87449554b texinfo-4.0b-3.el2.1.i386.rpm
ia64: a259d8d26dbaa8cc96686f169dc05911 info-4.0b-3.el2.1.ia64.rpm 6fae56c8168b45be80ae719ebe0aca82 texinfo-4.0b-3.el2.1.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: texinfo-4.0b-3.el2.1.src.rpm 4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm
ia64: a259d8d26dbaa8cc96686f169dc05911 info-4.0b-3.el2.1.ia64.rpm 6fae56c8168b45be80ae719ebe0aca82 texinfo-4.0b-3.el2.1.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: texinfo-4.0b-3.el2.1.src.rpm 4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm
i386: 878a207e614180cf8fd43920d51947d6 info-4.0b-3.el2.1.i386.rpm 58cc2bc691496d3aef522fc87449554b texinfo-4.0b-3.el2.1.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: texinfo-4.0b-3.el2.1.src.rpm 4f77dc80717cf15b1f565cb8dfb12b8c texinfo-4.0b-3.el2.1.src.rpm
i386: 878a207e614180cf8fd43920d51947d6 info-4.0b-3.el2.1.i386.rpm 58cc2bc691496d3aef522fc87449554b texinfo-4.0b-3.el2.1.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm
i386: 1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm 04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm 1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm
ia64: 42ca02702693284272a52b61b0914d66 info-4.5-3.el3.1.ia64.rpm 3fabad46614f61118bc29cffbd83df54 texinfo-4.5-3.el3.1.ia64.rpm d8bb2bd2fd7be72a8822e93b1372b625 texinfo-debuginfo-4.5-3.el3.1.ia64.rpm
ppc: 5fe3e1eca608678fc0770f0de702cd8d info-4.5-3.el3.1.ppc.rpm 9275ad56b995b25f275af0a44c3d01bf texinfo-4.5-3.el3.1.ppc.rpm f54a3f00a87b3ce1d4d0af73f0601bf7 texinfo-debuginfo-4.5-3.el3.1.ppc.rpm
s390: 215d4ea1202a2309c7c676e3c1e46299 info-4.5-3.el3.1.s390.rpm 7085ead3927535c315c336c3314b9d2f texinfo-4.5-3.el3.1.s390.rpm 2d670e1ec1d3ab67628aa982d125bed4 texinfo-debuginfo-4.5-3.el3.1.s390.rpm
s390x: fd6332f0b59ad9bd8f99cf40a8ff1ad9 info-4.5-3.el3.1.s390x.rpm a7d61c3643d31ac0db2f6b15d0ea996b texinfo-4.5-3.el3.1.s390x.rpm 566c653544cdb5e1a5eb82f6b67edb9c texinfo-debuginfo-4.5-3.el3.1.s390x.rpm
x86_64: 544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm 8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm 5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: texinfo-4.5-3.el3.1.src.rpm cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm
i386: 1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm 04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm 1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm
x86_64: 544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm 8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm 5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm
i386: 1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm 04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm 1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm
ia64: 42ca02702693284272a52b61b0914d66 info-4.5-3.el3.1.ia64.rpm 3fabad46614f61118bc29cffbd83df54 texinfo-4.5-3.el3.1.ia64.rpm d8bb2bd2fd7be72a8822e93b1372b625 texinfo-debuginfo-4.5-3.el3.1.ia64.rpm
x86_64: 544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm 8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm 5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm cae389223d777d79c862b4672c75a9e1 texinfo-4.5-3.el3.1.src.rpm
i386: 1fc65ec7fb762b72f4f31030e10a8bba info-4.5-3.el3.1.i386.rpm 04bd5020018f6727b77fd8c2a9fb2588 texinfo-4.5-3.el3.1.i386.rpm 1ee197caad9a5c8fa930215a7c5ca9e6 texinfo-debuginfo-4.5-3.el3.1.i386.rpm
ia64: 42ca02702693284272a52b61b0914d66 info-4.5-3.el3.1.ia64.rpm 3fabad46614f61118bc29cffbd83df54 texinfo-4.5-3.el3.1.ia64.rpm d8bb2bd2fd7be72a8822e93b1372b625 texinfo-debuginfo-4.5-3.el3.1.ia64.rpm
x86_64: 544245c16b5f0d94a65c9c9ccb4c94cc info-4.5-3.el3.1.x86_64.rpm 8921c67695089cf7d6fb4bc7fe61c24a texinfo-4.5-3.el3.1.x86_64.rpm 5e7e98da194c722cee0ab2e1f05989b8 texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm
i386: 7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm 5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm 11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm
ia64: 99deee5e7579a4d49a0c7cb82a13e54b info-4.7-5.el4.2.ia64.rpm 119c541a6cfe685fc2762e4718c772de texinfo-4.7-5.el4.2.ia64.rpm 17d075dc8887246a394f9bb699791d81 texinfo-debuginfo-4.7-5.el4.2.ia64.rpm
ppc: 706a14c171a272ce82f3201364ec17a2 info-4.7-5.el4.2.ppc.rpm 1d1b035106a9889fa3bfa96f79a88248 texinfo-4.7-5.el4.2.ppc.rpm 52cc1d3e4c5fa6f2d745654706363d22 texinfo-debuginfo-4.7-5.el4.2.ppc.rpm
s390: 1f1c0056ceed97e903f70f9583bce14a info-4.7-5.el4.2.s390.rpm d4170f862521f47487a88eae5f1c6946 texinfo-4.7-5.el4.2.s390.rpm 6eb45ee9e2bcf48289334e33c3b54846 texinfo-debuginfo-4.7-5.el4.2.s390.rpm
s390x: f5ccba218def5a9c496ff4ff6a8177d2 info-4.7-5.el4.2.s390x.rpm bd3f9d50bb9855b8adeefe44ca7c0793 texinfo-4.7-5.el4.2.s390x.rpm d64aa22173ce1036c50a23748f835251 texinfo-debuginfo-4.7-5.el4.2.s390x.rpm
x86_64: 8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm 33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: texinfo-4.7-5.el4.2.src.rpm c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm
i386: 7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm 5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm 11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm
x86_64: 8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm 33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm
i386: 7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm 5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm 11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm
ia64: 99deee5e7579a4d49a0c7cb82a13e54b info-4.7-5.el4.2.ia64.rpm 119c541a6cfe685fc2762e4718c772de texinfo-4.7-5.el4.2.ia64.rpm 17d075dc8887246a394f9bb699791d81 texinfo-debuginfo-4.7-5.el4.2.ia64.rpm
x86_64: 8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm 33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm c5fabea21ca9dbc20658e542dabf2922 texinfo-4.7-5.el4.2.src.rpm
i386: 7e86f2eef9fb548f6be88025bee5a9b6 info-4.7-5.el4.2.i386.rpm 5f509002c109ce1a2b9876b60e7b1eee texinfo-4.7-5.el4.2.i386.rpm 11151582bace0b111ec2061041da9a01 texinfo-debuginfo-4.7-5.el4.2.i386.rpm
ia64: 99deee5e7579a4d49a0c7cb82a13e54b info-4.7-5.el4.2.ia64.rpm 119c541a6cfe685fc2762e4718c772de texinfo-4.7-5.el4.2.ia64.rpm 17d075dc8887246a394f9bb699791d81 texinfo-debuginfo-4.7-5.el4.2.ia64.rpm
x86_64: 8211780e84883ff3c9f5428a54cadfcd info-4.7-5.el4.2.x86_64.rpm 33ec657749738e6737a569d75ffe79c3 texinfo-4.7-5.el4.2.x86_64.rpm d824601958b4d0b0961f5ea9c312bd9e texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810 http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFFUasrXlSAg2UNWIIRAuu8AJ4no9wzZGRpmkTPPhfLUWmg/2eK0gCfQwbG NFay9zOfrymBTUW99vUQs6w= =hBFC -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|