Red Hat alert RHSA-2007:0208-02 (w3c-libwww)

From:
    	     
 
bugzilla@redhat.com
To:
    	     
 
enterprise-watch-list@redhat.com
Subject:
    	     
 
[RHSA-2007:0208-02] Low: w3c-libwww security and bug fix update
Date:
    	     
 
Tue, 1 May 2007 13:49:54 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: w3c-libwww security and bug fix update
Advisory ID:       RHSA-2007:0208-02
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0208.html
Issue date:        2007-05-01
Updated on:        2007-05-01
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-3183 
- ---------------------------------------------------------------------

1. Summary:

Updated w3c-libwww packages that fix a security issue and a bug are now
available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

w3c-libwww is a general-purpose web library.

Several buffer overflow flaws in w3c-libwww were found. If a client
application that uses w3c-libwww connected to a malicious HTTP server, it
could trigger an out of bounds memory access, causing the client
application to crash (CVE-2005-3183).

This updated version of w3c-libwww also fixes an issue when computing MD5
sums on a 64 bit machine.

Users of w3c-libwww should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

163664 - /usr/lib64/libmd5.so is broken.
169495 - CVE-2005-3183 Multiple bugs in libwww - one exploitable - in Library/src/HTBound.c

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/w3c-l...
f5c93edc9bd1a7543d617a412a391ca2  w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

ia64:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582  w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm

ppc:
e20415ead6919058b5e0792e7f038201  w3c-libwww-5.4.0-10.1.RHEL4.2.ppc.rpm
54e29e788248fba9c1a1b1a21468de37  w3c-libwww-5.4.0-10.1.RHEL4.2.ppc64.rpm
6718eb3dc7804724e7d2c48f1f29b66b  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ppc.rpm
38faec06014cb339e95f4b7c4cf602d3  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ppc.rpm
6d1b95e5446ee605df8c7d1e01625209  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ppc64.rpm
b4babec6d53b2d34db31be94e0dbfb26  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ppc.rpm

s390:
ba843212e12261ad439c9703a33f3ed6  w3c-libwww-5.4.0-10.1.RHEL4.2.s390.rpm
5e6d19c48b5a5ffae7048ccab6d68d06  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.s390.rpm
134fd18a7741d12ad813f572793b2088  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390.rpm
2a2f963f31a9920b4577e4ce7ab39e3c  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.s390.rpm

s390x:
ba843212e12261ad439c9703a33f3ed6  w3c-libwww-5.4.0-10.1.RHEL4.2.s390.rpm
ebd676d4cbc19756aabf06ba6537262c  w3c-libwww-5.4.0-10.1.RHEL4.2.s390x.rpm
dc750df9eb1e58bb0887e4969e3d7a8d  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.s390x.rpm
134fd18a7741d12ad813f572793b2088  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390.rpm
1e03d6c927269840db1520a26cf2880c  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.s390x.rpm
68054495a7e29a855f85b83bac370e57  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.s390x.rpm

x86_64:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c  w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/...
f5c93edc9bd1a7543d617a412a391ca2  w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

x86_64:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c  w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/w3c-l...
f5c93edc9bd1a7543d617a412a391ca2  w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

ia64:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582  w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm

x86_64:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c  w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/w3c-l...
f5c93edc9bd1a7543d617a412a391ca2  w3c-libwww-5.4.0-10.1.RHEL4.2.src.rpm

i386:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
e992c6ad896a93590ae4ab02b861bf72  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.i386.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
86ec9f9c056f6cc6405b1fa7dfa62d47  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.i386.rpm

ia64:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
363e79315dbac0a85f48848cc6d7d582  w3c-libwww-5.4.0-10.1.RHEL4.2.ia64.rpm
55c54d4dbc71f571d9445d1ef787fed8  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.ia64.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
29a2d58abf333a413b046429d41fa30b  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.ia64.rpm
8f70d61a913814b945ee01cd9b1aef97  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.ia64.rpm

x86_64:
449772ace23168b1490fbd57ba093861  w3c-libwww-5.4.0-10.1.RHEL4.2.i386.rpm
313ef638f3107724fb43814ab7bca32c  w3c-libwww-5.4.0-10.1.RHEL4.2.x86_64.rpm
74e2e34acb1fdd4d0b2fda8b45db506c  w3c-libwww-apps-5.4.0-10.1.RHEL4.2.x86_64.rpm
0385c6b1be1a0cc1656d476394b83107  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.i386.rpm
af7ab7aa6348de6c1176fae0bdf5c62c  w3c-libwww-debuginfo-5.4.0-10.1.RHEL4.2.x86_64.rpm
eebdfad543cc4ee56a15a6f928c833f6  w3c-libwww-devel-5.4.0-10.1.RHEL4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGN32iXlSAg2UNWIIRAraNAJ0W3mm7s+/hronXSb988l+qTtJrsQCdFR05
DmK+mbsb8eNas5F9M7yj0Ks=
=ajAM
-----END PGP SIGNATURE-----



-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-...