Oracle Errata System Oracle Linux 5.3 2007-12-20T00:00:00 ELSA-2007-0057: Moderate: bind security update (MODERATE) Oracle Linux 5 [30:9.3.3-8] - added fix for #224445 - CVE-2007-0493 BIND might crash after attempting to read free()-ed memory - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service - Resolves: rhbz#224445 - Resolves: rhbz#225229 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-0493 CVE-2007-0494 ELSA-2007-0066: Low: wireshark security update (LOW) Oracle Linux 5 [0.99.5-EL4.1.0.1] - Add patch oracle-ocfs2-network.patch [0.99.5-1] - multiple security issues fixed (#225689) - CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets - CVE-2007-0459 - The HTTP dissector could crash. - CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash. - CVE-2007-0456 - On some systems, the LLT dissector could crash. LOW Copyright 2007 Oracle, Inc. CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 ELSA-2007-0095: Critical: krb5 security update (CRITICAL) Oracle Linux 5 [1.3.4-46] - fix bug ID in changelog [1.3.4-45] - add preliminary patch to fix buffer overflow in krb5kdc and kadmind (#231528, CVE-2007-0957) - add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216) [1.3.4-44] - temporarily disable bug fixes for #143289, #179062, #180671, #202191, #223669 for security update - add preliminary patch to correct unauthorized access via krb5-aware telnet daemon (#229782, CVE-2007-0956) [1.3.4-43] - re-enable fixes for #143289, #223669 and rebuild [1.3.4-42] - temporarily back out fixes for #143289, #223669 and rebuild [1.3.4-41] - update rcp non-fatal error patch to fix hangs on write errors, too (Jose Plans, #223669) [1.3.4-40] - report a non-fatal error to the remote rcp when the client fails to open a file for writing (#223669) [1.3.4-39] - refrain from killing any lingering members of our child's process group when logging that the child process has exited (Jose Plans, #143289) [1.3.4-38] - correct syntax error in krb5-config.sh [1.3.4-37] - update to revised upstream patches for CVE-2006-3083 and CVE-2006-3084 (MITKRB5-SA-2006-001) to avoid unnecessary error messages from ksu (#209512) [1.3.4-36] - add missing shebang headers to krsh and krlogin wrapper scripts (#209238) [1.3.4-35] - backport changes to make krb5-devel multilib-safe (#202191, prereq for [1.3.4-34] - reapply changes for #198633, #179062, #180671 [1.3.4-33] - temporarily revert changes for #198633 [ 1.3.4-32] - rebuild [1.3.4-31] - temporarily revert changes for #179062 - temporarily revert changes for #180671 - apply patch to fix unchecked calls to setuid() (CVE-2006-3083) and seteuid() (CVE-2006-3084) (#197818) [1.3.4-30] - incorporate fixes for hangs in the rsh client and server (#198633) [1.3.4-29] - if we fail to determine the name of a master KDC in krb5_get_init_creds_keytab(), return the error we got from the non-master rather than the can't-determine-the-name error, which isn't so useful, matching the current release's behavior (#180671) [1.3.4-28] - reenable the fix for #179062 CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-0956 CVE-2007-0957 CVE-2007-1216 ELSA-2007-0107: Important: gnupg security update (IMPORTANT) Oracle Linux 5 [1.4.5-13] - incorporate patch from Werner to work around clients which can't tell that multiple plain messages have been processed (#230457) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-1263 ELSA-2007-0114: Important: xen security update (IMPORTANT) Oracle Linux 5 [3.0.3-25.0.3.el5] - fix ethernet bonding in balanced-rr mode, respin (rhbz#215887) [3.0.3-25.0.2.el5] - fix ethernet bonding in balanced-rr mode (rhbz#215887) [3.0.3-25.0.1.el5] - disable qemu monitor mode, for security reasons (rhbz#230295) - fix IA64 shadow page table mode (rhbz#230459, rhbz#230331) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-0998 ELSA-2007-0123: Moderate: cups security update (MODERATE) Oracle Linux 5 [1.1.22-0.rc1.9.18] - REVERTED these changes: - Applied patch from STR #1301 (bug #195354). - Patch pdftops to understand 'includeifexists', and use that in the pdftops.conf file (bug #188583). - Clear the printer's state_message and state_reasons after successful job completion (bug #187457). - Include dest-cache-v2 patch (bug #175847). - Back-ported CUPS 1.2.x change to fix out of order IPP jobs (bug #171142). - Back-ported large file support (bug #211915). - Back-ported HTTP timing fix for STR #1020 (bug #194025). [1.1.22-0.rc1.9.16] - Restored use_dbus setting. [1.1.22-0.rc1.9.15] - Added timeouts to SSL negotiation (bug #232241). [1.1.22-0.rc1.9.14] - Back-ported HTTP timing fix for STR #1020 (bug #194025). [1.1.22-0.rc1.9.13] - Back-ported large file support (bug #211915). [1.1.22-0.rc1.9.12] - Back-ported CUPS 1.2.x change to fix out of order IPP jobs (bug #171142). - Include dest-cache-v2 patch (bug #175847). - Resolves: rhbz #171142 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-0720 ELSA-2007-0127: Important: xorg-x11-server security update (IMPORTANT) Oracle Linux 5 [1.1.1-48.13.0.1.el5.0.1] - add Enterprise Linux detection [1.1.1-48.13.0.1.el5] - cve-2007-1003.patch. xc misc overflows (#233001) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-1003 ELSA-2007-0131: Moderate: squid security update (MODERATE) Oracle Linux 5 [2.6.STABLE6-4] - Resolves: rhbz#233253 - CVE-2007-1560 Squid TRACE DoS MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1560 ELSA-2007-0132: Important: libXfont security update (IMPORTANT) Oracle Linux 5 [1.2.2-1.0.2.el5] - Rebuild because of forgotten changelog entry. [1.2.2-1.0.1.el5] - Fix for bug 234058, cve-2207-1351/1352 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-1351 CVE-2007-1352 ELSA-2007-0157: Moderate: xorg-x11-apps/libX11 security updates (MODERATE) Oracle Linux 5 libX11-1.0.3-8.0.1.el5 [1.0.3-8.0.1.el5] - Add int-overflow.patch (#231694) xorg-x11-apps-7.1-4.0.1.el5 [7.1-4.0.1.el5] - Add int-overflow.patch (bug 231694). MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1667 ELSA-2007-0323: Important: xen security update (IMPORTANT) Oracle Linux 5 [3.0.3-25.0.4.el5] - QEmu cirrus bitblit bounds check - CVE-2007-1320 (rhbz #296271) - QEmu NE2000 overflow check - CVE-2007-1321 (rhbz #296271) - Pygrub guest escape - CVE-2007-4993 (rhbz #302821) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-1320 CVE-2007-1321 CVE-2007-4993 ELSA-2007-0327: Important: tomcat security update (IMPORTANT) Oracle Linux 5 jakarta-commons-modeler-1.1-8jpp.1.0.2.el5 [1.1-8jpp.1.0.2.el5] - rebuild after the fix for bug 238139 made it into the build root - Resolves: bug 238694 [1.1-8jpp.1.0.1.el5] - Add patch to fix jira task: MODELER-15 to allow tomcat5 5.5.23 to build against j-c-modeler - Resolves: bug 238694 tomcat5-5.5.23-0jpp.1.0.3.el5 [5.5.23-0jpp.1.0.3.el5] - Rebuild since brp-repack-jars has been fixed to not mangle INDEX.LIST files - (bug 238139) - Resolves: bug 237089 [5.5.23-0jpp.1.0.2.el5] - Add catalina.out to the rpm and set explicit permissions; tomcat ownership - Resolves: bug 237089 [5.5.23-0jpp.1.0.1.el5] - Backport 0:5.5.23-0jpp.2.el5 to the Z-stream - Resolves: bug 237089 [5.5.23-0jpp.1] - Merge 0:5.5.17-8jpp.2 with sources/patches from 5.5.23 - Build against jakarta-commons-modeler 1.1 with MODELER-15 patch IMPORTANT Copyright 2007 Oracle, Inc. CVE-2006-7195 CVE-2007-0450 CVE-2007-1358 CVE-2005-2090 ELSA-2007-0336: Moderate: postgresql security update (MODERATE) Oracle Linux 5 [7.4.17-1.RHEL4.1] - Update to PostgreSQL 7.4.17 for CVE-2007-2138, data loss bugs Resolves: #237680 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-0555 CVE-2007-0556 CVE-2007-2138 CVE-2006-5540 CVE-2006-5541 CVE-2006-5542 ELSA-2007-0338: Moderate: freeradius security update (MODERATE) Oracle Linux 5 [1.0.1-3.RHEL4.5] - fixed CVE-2007-2028: EAP-TTLS denial of service Resolves: rhbz#236247 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2028 ELSA-2007-0342: Moderate: ipsec-tools security update (MODERATE) Oracle Linux 5 [0.6.5-8] - Upstream fix for Racoon DOS, informational delete must be encrypted - Resolves: rhbz#235388 - CVE-2007-1841 ipsec-tools racoon DoS [0.6.5-7] - Resolves: #218386 labeled ipsec does not work over loopback [0.6.5-6.6] - Related: #232508 add auditing to racoon [0.6.5-6.5] - Resolves: #235680 racoon socket descriptor exhaustion [0.6.5-6.4] - Resolves: #236121 increase buffer for context [0.6.5-6.3] - Resolves: #234491 kernel sends ACQUIRES that racoon is not catching - Resolves: #218386 labeled ipsec does not work over loopback [0.6.5-6.2.el5] - fix for setting the security context into a proposal (32<->64bit) - Resolves: rhbz#232508 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1841 ELSA-2007-0343: Moderate: gimp security update (MODERATE) Oracle Linux 5 [2.0.5-6.2.el4] - replace incorrect use of %{interfacever} macro with 2.0 [2.0.5-6.1.el4] - avoid buffer overflow in sunras plugin (#238420) - own used directories in gimp-devel MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2356 ELSA-2007-0344: Moderate: evolution-data-server security update (MODERATE) Oracle Linux 5 [1.8.0-15.0.3.el5] - Add patch for RH bug #235289 (APOP authentication vulnerability). [1.8.0-15.0.2.el5] - Remove Makefile.in changes that accidentally slipped into the patch. [1.8.0-15.0.1.el5] - Add patch for RH bug #229707 (timezone updates). MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1558 ELSA-2007-0345: Moderate: vixie-cron security update (MODERATE) Oracle Linux 5 [4.1-47.EL4] - removed patches for 192783, 178836 because of frozen errata - added only patch for CVE-2007-1856 crontab denial of service - Resolves: rhbz#235880 [4.1-46.EL4] - Resolves: #235880 CVE-2007-1856 crontab denial of service [4.1-45.EL4] - rhbz#192783 - rhbz#178836 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1856 ELSA-2007-0346: Moderate: vim security update (MODERATE) Oracle Linux 5 [7.0.109-3.3] - use gzip -9n to avoid multilib fileconflicts [7.0.109-3.2] - Let 'modeline' default to off for root - Resolves: bz#238259 [7.0.109-3.1] - fix modeline issues - Resolves: bz#238259 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2438 ELSA-2007-0347: Important: kernel security and bug fix update (IMPORTANT) Oracle Linux 5 [2.6.18-8.1.4.0.1.el5] -Fix bonding primary=ethX so it picks correct network (Bert Barbe) [IT 101532] [ORA 5136660] -Add entropy module option to e1000 (John Sobecki) [ORA 6045759] -Add entropy module option to bnx2 (John Sobecki) [ORA 6045759] [2.6.18.8.1.4.el5] - [ipv6] Fix routing regression. (David S. Miller ) [238046] - [mm] Gdb does not accurately output the backtrace. (Dave Anderson ) [235511] - [NMI] change watchdog timeout to 30 seconds (Larry Woodman ) [237655] - [dlm] fix mode munging (David Teigland ) [238731] - [net] kernel-headers: missing include of types.h (Neil Horman ) [238749] - [net] fib_semantics.c out of bounds check (Thomas Graf ) [238948] {CVE-2007-2172} - [net] disallow RH0 by default (Thomas Graf ) [238949] {CVE-2007-2242} - [net] Fix user OOPS'able bug in FIB netlink (David S. Miller ) [238960] {CVE-2007-1861} - [net] IPv6 fragments bypass in nf_conntrack netfilter code (Thomas Graf ) [238947] {CVE-2007-1497} - [net] ipv6_fl_socklist is inadvertently shared (David S. Miller ) [238944] {CVE-2007-1592} - [net] Various NULL pointer dereferences in netfilter code (Thomas Graf ) [238946] {CVE-2007-1496} [2.6.18-8.1.3.el5] - [s390] page_mkclean causes data corruption on s390 (Jan Glauber ) [236605] [2.6.18-8.1.2.el5] - [utrace] exploit and unkillable cpu fixes (Roland McGrath ) [228816] (CVE-2007-0771) - [net] IPV6 security holes in ipv6_sockglue.c - 2 (David S. Miller ) [232257] {CVE-2007-1000} - [net] IPV6 security holes in ipv6_sockglue.c (David S. Miller ) [232255] {CVE-2007-1388} - [audit] GFP_KERNEL allocations in non-blocking context fix (Alexander Viro ) [233157] [2.6.18-8.1.1.el5] - [cpufreq] Remove __initdata from tscsync (Prarit Bhargava ) [229887] - [security] Fix key serial number collision problem (David Howells ) [229883] {CVE-2007-0006} - [fs] Don't core dump read-only binarys (Don Howard ) [229885] {CVE-2007-0958} - [xen] Enable booting on machines with > 64G (Chris Lalancette) [230117] - Fix potential buffer overflow in cardman 4040 cmx driver (Don Howard) [229884] {CVE-2007-0005} IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-0005 CVE-2007-0006 CVE-2007-0771 CVE-2007-0958 CVE-2007-1000 CVE-2007-1388 CVE-2007-1496 CVE-2007-1497 CVE-2007-1592 CVE-2007-1861 CVE-2007-2172 CVE-2007-2242 ELSA-2007-0348: Important: php security update (IMPORTANT) Oracle Linux 5 [5.1.6-12.el5] - add security fix for CVE-2007-1864, SOAP redirect handling issue, FTP CRLF injection issue (#235016) [5.1.6-11.el5] - add security fix for CVE-2007-1718 (#235016) [5.1.6-9.el5] - add security fix for CVE-2007-1583 (#235016) - add security fixes for CVE-2007-0455, CVE-2007-1001 (#235036) [5.1.6-7.el5] - add security fix for CVE-2007-1285 (#231597) [5.1.6-6.el5] - add security fixes for: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#229013) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-1864 CVE-2007-2509 CVE-2007-2510 ELSA-2007-0354: Critical: samba security update (CRITICAL) Oracle Linux 5 [3.0.10-1.4E.12.2] - Security fixes for CVE-2007-2446 CVE-2007-2447 CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-2446 CVE-2007-2447 ELSA-2007-0356: Moderate: libpng security update (MODERATE) Oracle Linux 5 libpng-1.2.7-3.el4: [1.2.7-3.el4] - Add patch to fix CVE-2006-5793 Resolves: #215405 [1.2.7-2.el4] - Add patch to fix CVE-2007-2445 Resolves: #239543 libpng10-1.0.16-3: [1.0.16-3] - Add patch to fix CVE-2006-5793 Resolves: #215405 [1.0.16-2] - Add patch to fix CVE-2007-2445 Resolves: #239543 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2445 CVE-2006-5793 ELSA-2007-0358: Moderate: squirrelmail security update (MODERATE) Oracle Linux 5 [1.4.8-4.0.1.el4.0.1] - remove banners [1.4.8-4.0.1] - resolves: #239650: CVE-2007-1262 squirrelmail cross-site scripting flaw MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1262 CVE-2007-2589 ELSA-2007-0368: tcpdump security and bug fix update (MODERATE) Oracle Linux 5 [14:3.9.4-11.el5.0.1] - Modified libpcap-0.9.4/fad-getad.c to include linux/types.h if it includes linux/if_packet.h [14:3.9.4-11.el5] - fix buffer overflow in BGP dissector (#250294, CVE-2007-3798) [14:3.9.4-10.el5] - with -C option, drop root privileges before opening first savefile (#241677) [14:3.9.4-9.el5] - fix buffer overflow in 802.11 printer (#232347, CVE-2007-1218) - fix return codes in arpwatch init script (#237779) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1218 CVE-2007-3798 ELSA-2007-0376: Important: kernel security and bug fix update (IMPORTANT) Oracle Linux 5 [2.6.18-8.1.6.0.1.el5] -Fix bonding primary=ethX so it picks correct network (Bert Barbe) [IT 101532] [ORA 5136660] -Add entropy module option to e1000 (John Sobecki) [ORA 6045759] -Add entropy module option to bnx2 (John Sobecki) [ORA 6045759] [2.6.18.8-1.6.el5] - [bluetooth] close information leaks in setsockopt (Marcel Holtmann ) [241862]{CVE-2007-1353} - [net] fix memory leak in PPPoE (Neil Horman ) [241863] {CVE-2007-2525} - [random] fix seeding of dev/random (Aristeu Rozanski ) [241888] [2.6.18-8.1.5.el5] - [fs] prevent oops in compat_sys_mount (Jeff Layton ) [240456] {CVE-2006-7203} - [e1000] fix watchdog timeout panics (Andy Gospodarek ) [238048] - [ext3] return ENOENT from ext3_link when racing with unlink (Eric Sandeen ) [239787] IMPORTANT Copyright 2007 Oracle, Inc. CVE-2006-7203 CVE-2007-1353 CVE-2007-2453 CVE-2007-2525 ELSA-2007-0385: Moderate: fetchmail security update (MODERATE) Oracle Linux 5 [- 6.2.5-6.0.1.el4] - Fix APOP vulnerability (CVE-2007-1558) Resolves: #241197 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1558 ELSA-2007-0386: Moderate: mutt security update (MODERATE) Oracle Linux 5 [5:1.4.1-12.0.3.el4] - fix overflow in gecos field handling (#240176, CVE-2007-2683) [5:1.4.1-12.0.2.el4] - buildrequire aspell [5:1.4.1-12.0.1.el4] - validate msgid in APOP authentication (#241201, CVE-2007-1558) - fix insecure temp file creation on NFS (#211085, CVE-2006-5297) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1558 CVE-2007-2683 CVE-2006-5297 ELSA-2007-0389: Moderate: quagga security update (MODERATE) Oracle Linux 5 [0.98.3-2.4.0.1] - rebuild and nvr fix - resolves: #240481: CVE-2007-1995 Quagga bgpd DoS [0.98.3-2.0.1] - resolves: #240481: CVE-2007-1995 Quagga bgpd DoS MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1995 ELSA-2007-0391: Moderate: file security update (MODERATE) Oracle Linux 5 [4.10-3.0.2] - resolves: #241026: CVE-2007-2799 file integer overflow - added dependency on zlib-devel MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2799 ELSA-2007-0395: Low: mod_perl security update (LOW) Oracle Linux 5 [1.99_16-4.5] - avoid backup files in install root (#241643) [1.99_16-4.3] - fix XS generation of method_is_limited (#242430) [1.99_16-4.2] - rebuild [1.99_16-4.1] - add security fix for CVE-2007-1349 (#241643) LOW Copyright 2007 Oracle, Inc. CVE-2007-1349 ELSA-2007-0400: Critical: firefox security update (CRITICAL) Oracle Linux 5 [1.5.0.12-0.1.el4.1.0] - Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js for errata rebuild [1.5.0.12-0.1.el4] - Update to 1.5.0.12 CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-1362 CVE-2007-1562 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871 ELSA-2007-0403: Moderate: freetype security update (MODERATE) Oracle Linux 5 [2.1.9-6.el4] - Add freetype-2.1.9-ttf-overflow.patch - Resolves: #240574 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2754 ELSA-2007-0492: Moderate: spamassassin security update (MODERATE) Oracle Linux 5 [3.1.9-1] - 3.1.9 CVE-2007-2873 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2873 ELSA-2007-0494: Important: kdebase security update (IMPORTANT) Oracle Linux 5 [- 6:3.3.1-5.19.rhel4.0.1] - turn off ' [- 6:3.3.1-5.19.rhel4] - Resolves: bz#243620, KDE flash player workaround, CVE-2007-2022 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-2022 ELSA-2007-0497: Moderate: iscsi-initiator-utils security update (MODERATE) Oracle Linux 5 [6.2.0.742-0.6] - BZ 243726 fix two security flaws in open-iscsi (iscsid and logging) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3099 CVE-2007-3100 ELSA-2007-0510: Important: evolution-data-server security update (IMPORTANT) Oracle Linux 5 [1.8.0-15.0.4.el5] - Add patch for RH bug #244293 (Camel IMAP security flaw). IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3257 ELSA-2007-0513: Moderate: gimp security update (MODERATE) Oracle Linux 5 [1.2.3-20.9.el3] - validate bytesperline header field when loading PCX files (#247570) [1.2.3-20.8.el3] - reduce GIMP_MAX_IMAGE_SIZE to 2^18 to detect bogus image widths/heights (#247570) [1.2.3-20.7.el3] - replace gimp_error() by gimp_message()/gimp_quit() in a few plugins so they don't crash but gracefully exit when encountering error conditions - fix endianness issues in the PSP plugin to avoid it doing (seemingly) endless loops when loading images - fix endianness issues in the PCX plugin which cause it to not detect corrupt images [1.2.3-20.6.el3] - add ChangeLog entry to psd-invalid-dimensions patch (#247570) - validate size values read from files before using them to allocate memory in various file plugins (#247570, patch by Mukund Sivaraman and Rapha??l Quinet, adapted) - detect invalid image data when reading files in several plugins (#247570, patch by Sven Neumann and Rapha??l Quinet, adapted) - validate size values read from files before using them to allocate memory in the PSD and sunras plugins (#247570, patch by Mukund Sivaraman and Sven Neumann, partly adapted) - add safeguard to avoid crashes while loading corrupt PSD images (#247570, patch by Rapha??l Quinet, adapted) - convert spec file to UTF-8 [1.2.3-20.5.el3] - use adapted upstream PSD fix by Sven Neumann (#244406) [1.2.3-20.4.el3] - refuse to open PSD files with insanely large dimensions (#244406) MODERATE Copyright 2007 Oracle, Inc. CVE-2006-4519 CVE-2007-2949 CVE-2007-3741 ELSA-2007-0520: Moderate: xorg-x11-xfs security update (MODERATE) Oracle Linux 5 [1.0.2-4] - Fix root priv elevation bug (242903). Just don't delete the directory and make sure when we create the directory, that we set the mode using mkdir -m. MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3103 ELSA-2007-0539: Moderate: aide security update (MODERATE) Oracle Linux 5 [0.13.1-2.0.4] - Added the correct new config file Related: rhbz#252331 [0.13.1-2.0.3] - Fixed file permissions to please release criteria Related: rhbz#252331 [0.13.1-2.0.2] - Removed saved copies of patched scripts Related: rhbz#252331 [0.13.1-2] - Fixed a typo Related: rhbz#252331 [0.13.1-1] - Rebased to upstream 0.13.1 - This incorporates all previous Red Hat patches except the context buffer size change and dos line end removal Resolves: rhbz#252331 [0.12-10] - Increased buffer size to display entire selinux context Resolves: rhbz#240144 [0.12-9] - Fix config. file log location for LSPP Resolves: rhbz#236855 [0.12-8] - Fix bad pointer when SELinux call fails. Resolves: rhbz#225089 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3849 ELSA-2007-0540: openssh security and bug fix update (MODERATE) Oracle Linux 5 [4.3p2-24] - fixed audit log injection problem (CVE-2007-3102) (#248059) [4.3p2-23] - document where the nss certificate and token dbs are looked for [4.3p2-22] - experimental support for PKCS#11 tokens through libnss3 (#183423) [4.3p2-21] - fix an information leak in Kerberos password authentication (CVE-2006-5052) (#234638) - correctly setup context when empty level requested (#234951) [4.3p2-20] - and always request default level as returned by getseuserbyname (#231695) [4.3p2-19] - check requested level context against a context with the same role (#231695) [4.3p2-18] - reject connection if requested mls range is not obtained (#229278) [4.3p2-17] - allow selecting non-default roles and audit role changes (#227733) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3102 CVE-2006-5052 ELSA-2007-0542: mcstrans security and bug fix update (LOW) Oracle Linux 5 [0.2.6-1] - Don't allow categories > 1023 Resolves: #288941 [0.2.3-1] - Additional fix to handle ssh root/sysadm_r/s0:c1,c2 Resolves: #224637 [0.2.1-1] - Rewrite to handle MLS properly Resolves: #225355 [0.1.10-2] - Cleanup memory when complete [0.1.10-1] - Fix Memory Leak Resolves: #218173 [0.1.9-1] - Add -pie - Fix compiler warnings - Fix Memory Leak Resolves: #218173 [0.1.8-3] - Fix subsys locking in init script [0.1.8-1] - Only allow one version to run - rebuild [0.1.7-1] - Apply sgrubb patch to only call getpeercon on translations [0.1.6-1] - Exit gracefully when selinux is not enabled [0.1.5-1] - Fix sighup handling [0.1.4-1] - Add patch from sgrubb - Fix 64 bit size problems - Increase the open file limit - Make sure maximum size is not exceeded [0.1.3-1] - Move initscripts to /etc/rc.d/init.d [0.1.2-1] - Drop Privs [0.1.1-1] - Initial Version - This daemon reuses the code from libsetrans LOW Copyright 2007 Oracle, Inc. CVE-2007-4570 ELSA-2007-0555: pam security, bug fix, and enhancement update (MODERATE) Oracle Linux 5 [0.99.6.2-3.26] - removed realtime default limits (#240123) from the package as it caused regression on machines with nonexistent realtime group [0.99.6.2-3.25] - added and improved translations (#219124) - adjusted the default limits for realtime users (#240123) [0.99.6.2-3.23] - pam_unix: truncated MD5 passwords in shadow shouldn't match (#219258) - pam_limits: add limits.d support (#232700) - pam_limits, pam_time, pam_access: add auditing of failed logins (#232993) - pam_namespace: expand /home/ksharma even when appended with text (#237163) original patch by Ted X. Toth - add some default limits for users in realtime group (#240123) - CVE-2007-3102 - prevent audit log injection through user name (#243204) [0.99.6.2-3.22] - make unix_update helper executable only by root as it isn't useful for regular user anyway [0.99.6.2-3.21] - pam_namespace: better document behavior on failure (#237249) - pam_unix: split out passwd change to a new helper binary (#236316) [0.99.6.2-3.19] - pam_selinux: improve context change auditing (#234781) [0.99.6.2-3.18] - pam_console: always decrement use count (#233581) - pam_namespace: fix parsing config file with unknown users (#234513) [0.99.6.2-3.17] - pam_namespace: unmount poly dir for override users (#229689) - pam_namespace: use raw context for poly dir name (#227345) - pam_namespace: truncate long poly dir name (append hash) (#230120) [0.99.6.2-3.15] - correctly relabel tty in the default case (#229542) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-1716 CVE-2007-3102 ELSA-2007-0556: Moderate: httpd security update (MODERATE) Oracle Linux 5 [2.2.3-7.el5.0.1] - Marks removal + index page cleanup [2.2.3-7.el5] - add security fixes for CVE-2007-1863, CVE-2007-3304, and CVE-2006-5752 (#244665) MODERATE Copyright 2007 Oracle, Inc. CVE-2006-5752 CVE-2007-1863 CVE-2007-3304 ELSA-2007-0559: Important: cman security update (IMPORTANT) Oracle Linux 5 [2.0.64-1.0.1] - Fixes potential buffer overflow in cman - Resolves: rhbz#244891 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3374 ELSA-2007-0562: Important: krb5 security update (IMPORTANT) Oracle Linux 5 [1.3.4-49] - add patch to fix buffer overflow in kadmind (#239073, CVE-2007-2798) [1.3.4-48] - add patch to fix buffer overflow and double-free in rpc library (#239073, CVE-2007-2442/CVE-2007-2443) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 ELSA-2007-0569: Moderate: tomcat security update (MODERATE) Oracle Linux 5 [5.5.23-0jpp.1.0.4.el5] - Remove erroneous rebuild-gcj-db for javadoc subpackage - Add fixes for CVE-2007-2449 and CVE-2007-2450 - resolves: bug 244846, bug 244816 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2449 CVE-2007-2450 ELSA-2007-0595: Moderate: kernel security and bug fix update (MODERATE) Oracle Linux 5 [2.6.18-8.1.8.0.1.el5] -Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660] -Add entropy module option to e1000 (John Sobecki) [ORA 6045759] -Add entropy module option to bnx2 (John Sobecki) [ORA 6045759] [2.6.18-8.1.8.el5] - [ppc64] Fix FP corruption in signal return path (Konrad Rzeszutek ) [245580] [2.6.18-8.1.7.el5] - [ide] Serverworks data corruptor (Alan Cox ) [242994] MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3107 ELSA-2007-0631: coolkey security and bug fix update (LOW) Oracle Linux 5 [1.1.0-5] - 1777 is not octal and does not set the correct bits should be 01777 [1.1.0-4] - fix cache location to be more secure [1.1.0-3] - replace the install stuff [1.1.0-2] - Back out RHEL-4 version of spec from CVS, add pcsc-lite-lib requires. [1.1.0-1] - Pick up lates release. LOW Copyright 2007 Oracle, Inc. CVE-2007-4129 ELSA-2007-0640: conga security, bug fix, and enhancement update (MODERATE) Oracle Linux 5 [0.10.0-6.el5.0.1] - Replaced Redhat copyrighted and trademarked images in the conga-0.10.0 tarball. [0.10.0-6] - Fixed bz253783 - Fixed bz253914 (conga doesn't allow you to reuse nfs export and nfs client resources) - Fixed bz254038 (Impossible to set many valid quorum disk configurations via conga) - Fixed bz253994 (Cannot specify multicast address for a cluster) - Resolves: bz253783, bz253914, bz254038, bz253994 [0.10.0-5] - Fixed bz249291 (delete node task fails to do all items listed in the help document) - Fixed bz253341 (failure to start cluster service which had been modifed for correction) - Related: bz253341 - Resolves: bz249291 [0.10.0-4] - Fixed bz230451 (fence_xvm.key file is not automatically created. Should have a least a default) - Fixed bz249097 (allow a space as a valid password char) - Fixed bz250834 (ZeroDivisionError when attempting to click an empty lvm volume group) - Fixed bz250443 (storage name warning utility produces a storm of warnings which can lock your browser) - Resolves: bz249097, bz250443, bz250834 - Related: bz230451 [0.10.0-3] - Fixed bz245947 (luci/Conga cluster configuration tool not initializing cluster node members) - Fixed bz249641 (conga is unable to do storage operations if there is an lvm snapshot present) - Fixed bz249342 (unknown ricci error when adding new node to cluster) - Fixed bz249291 (delete node task fails to do all items listed in the help document) - Fixed bz249091 (RFE: tell user they are about to kill all their nodes) - Fixed bz249066 (AttributeError when attempting to configure a fence device) - Fixed bz249086 (Unable to add a new fence device to cluster) - Fixed bz249868 (Use of failover domain not correctly shown) - Resolves bz245947, bz249641, bz249342, bz249291, bz249091, - Resolves bz249066, bz249086, bz249868 - Related: bz249351 [0.10.0-2] - Fixed bz245202 (Conga needs to support Internet Explorer 6.0 and later) - Fixed bz248317 (luci sets incorrect permissions on /usr/lib64/luci and /var/lib/luci) - Resolves: bz245202 bz248317 [0.10.0-1] - Fixed bz238655 (conga does not set the 'nodename' attribute for manual fencing) - Fixed bz221899 (Node log displayed in partially random order) - Fixed bz225782 (Need more luci service information on startup - no info written to log about failed start cause) - Fixed bz227743 (Intermittent/recurring problem - when cluster is deleted, sometimes a node is not affected) - Fixed bz227682 (saslauthd[2274]: Deprecated pam_stack module called from service 'ricci') - Fixed bz238726 (Conga provides no way to remove a dead node from a cluster) - Fixed bz239389 (conga cluster: make 'enable shared storage' the default) - Fixed bz239596 - Fixed bz240034 (rpm verify fails on luci) - Fixed bz240361 (Conga storage UI front-end is too slow rendering storage) - Fixed bz241415 (Installation using Conga shows 'error' in message during reboot cycle.) - Fixed bz241418 (Conga tries to configurage cluster snaps, though they are not available.) - Fixed bz241706 (Eliminate confusion in add fence flow) - Fixed bz241727 (can't set user permissions in luci) - Fixed bz242668 (luci init script can return non-LSB-compliant return codes) - Fixed bz243701 (ricci init script can exit with non-LSB-compliant return codes) - Fixed bz244146 (Add port number to message when ricci is not started/firewalled on cluster nodes.) - Fixed bz244878 (Successful login results in an infinite redirection loop with MSIE) - Fixed bz239388 (conga storage: default VG creation should be clustered if a cluster node) - Fixed bz239327 (Online User Manual needs modification) - Fixed bz227852 (Lack of debugging information in logs - support issue) - Fixed bz245025 (Conga does not accept '&amp;' character in password field for Fence configuration) - Fixed bz225588 (luci web app does not enforce selection of fence port) - Fixed bz212022 (cannot create cluster using ip addresses) - Fixed bz223162 (Error trying to create a new fence device for a cluster node) - Upgraded to the latest Plone (2.5.3) - Added a 'reprobe storage' button that invalidates cached storage reports and forces a new probe. - Resolves: bz238655, bz221899, bz225782, bz227682, bz227743, bz239389, - Resolves: bz239596, bz240034, bz240361, bz241415, bz241418, bz241706, - Resolves: bz241727, bz242668, bz243701, bz244146, bz244878, bz238726, - Resolves: bz239388, bz239327, bz227852, bz245025, bz225588, bz212022 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-4136 ELSA-2007-0674: Moderate: perl-Net-DNS security update (MODERATE) Oracle Linux 5 [0.31-4.el3] - Resolves: rhbz#245616 - Backport patch to fix dn_expand looping issue - Backport patch to randomize ID field - Also allow disabling of online tests MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3377 CVE-2007-3409 ELSA-2007-0705: Important: kernel security update (IMPORTANT) Oracle Linux 5 [2.6.18-8.1.10.0.1.el5] - Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660] - Add entropy module option to e1000/bnx2 (John Sobecki) [ORA 6045759] [2.6.18-8.1.10.el5] - [mm] Prevent the stack growth into hugetlb reserved regions (Konrad Rzeszutek) [253313] {CVE-2007-3739} [2.6.18-8.1.9.el5] - [misc] cpuset information leak (Prarit Bhargava ) [245773] {CVE-2007-2875} - [net] ip_conntrack_sctp: fix remotely triggerable panic (Don Howard ) [245774] {CVE-2007-2876} - [misc] Overflow in CAPI subsystem (Anton Arapov ) [232260] {CVE-2007-1217} - [CIFS] fix signing sec= mount options (Jeff Layton ) [253315] {CVE-2007-3843} - [CIFS] respect umask when unix extensions are enabled (Jeff Layton ) [253314] {CVE-2007-3740} - [misc] i915_dma: fix batch buffer security bit for i965 chipsets (Aristeu Rozanski ) [252305] {CVE-2007-3851} - [fs] - Move msdos compat ioctl to msdos dir (Eric Sandeen ) [253317] - [fs] - fix VFAT compat ioctls on 64-bit systems (Eric Sandeen ) [253317] {CVE-2007-2878} IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-1217 CVE-2007-2875 CVE-2007-2876 CVE-2007-2878 CVE-2007-3739 CVE-2007-3740 CVE-2007-3843 CVE-2007-3851 ELSA-2007-0710: wireshark security update (LOW) Oracle Linux 5 [0.99.6-1.el5.01] - Added patch for OCFS2 formatting [0.99.6-1] - upgrade to 0.99.6 - Wireshark could crash when dissecting an HTTP chunked response - Wireshark could crash while reading iSeries capture files - Wireshark could exhaust system memory while reading a malformed DCP ETSI packet - Wireshark could loop excessively while reading a malformed SSL packet - Resolves: #247623 LOW Copyright 2007 Oracle, Inc. CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393 ELSA-2007-0720: Important: cups security update (IMPORTANT) Oracle Linux 5 [1.1.22-0.rc1.9.20.2] - Better patch for CVE-2007-3387 (bug #248220). [1.1.22-0.rc1.9.20.1] - Applied patch to fix CVE-2007-3387 (bug #248220). IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3387 ELSA-2007-0721: Moderate: qt security update (MODERATE) Oracle Linux 5 [3.3.3-11.RHEL4] - Resolves: bz#248419, CVE-2007-3388 qt3 format string flaw MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3388 ELSA-2007-0724: Critical: firefox security update (CRITICAL) Oracle Linux 5 [1.5.0.12-0.3.el4.0.1] - Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js for errata rebuild [1.5.0.12-0.3.el4] - Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12 [1.5.0.12-0.2.el4] - Update to latest snapshot of Mozilla 1.8.0 branch - Include patches for Mozilla bugs 379245, 384925, 178993, 381300 (+382686), 358594 (+380933), 382532 (+382503) CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 ELSA-2007-0731: Important: tetex security update (IMPORTANT) Oracle Linux 5 [2.0.2-22.0.1.EL4.8] - backport upstream fix for xpdf integer overflow CVE-2007-3387 (#248207) Resolves: #248207 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3387 ELSA-2007-0732: Important: poppler security update (IMPORTANT) Oracle Linux 5 [0.5.4-4.1] - Add patch to fix CVE-2007-3387 (#248212). IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3387 ELSA-2007-0740: Moderate: bind security update (MODERATE) Oracle Linux 5 [9.2.4-27.0.1.el4] - fixed cryptographically weak query id generator (CVE-2007-2926) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2926 ELSA-2007-0746: httpd security, bug fix, and enhancement update (MODERATE) Oracle Linux 5 [2.2.3-11.el5.0.1] - use oracle index page oracle_index.html, update vstring and distro [2.2.3-11.el5] - mark httpd.conf config(noreplace) (#247881) [2.2.3-10.el5] - add security fix for CVE-2007-3847 (#250761) [2.2.3-9.el5] - load mod_version by default (#247881) [2.2.3-8.el5] - add 'ServerTokens Full-Release' config option (#240857) - use init script in logrotate postrotate (#241680) - fix mod_proxy option inheritance (#245719) - fix ProxyErrorOverride to only affect 4xx, 5xx responses (#240024) - bump logresolve line buffer length to 10K (#245763) - add security fixes for CVE-2007-1863, CVE-2007-3304, and CVE-2006-5752 (#244666) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3847 ELSA-2007-0777: Moderate: gdm security and bug fix update (MODERATE) Oracle Linux 5 [2.16.0-31.0.1] - CVE-2007-3381 Resolves: #247659 [2.16.0-31] - change 200d character to 200c character in ml.po MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3381 ELSA-2007-0845: Important:libvorbis security update (NA) Oracle Linux 5 [1.0-8.el3] - Add 16 patches to fix various CVEs. - Resolves: #245995 N/A Copyright 2007 Oracle, Inc. CVE-2007-3106 CVE-2007-4029 CVE-2007-4065 CVE-2007-4066 ELSA-2007-0858: Important: krb5 security update (IMPORTANT) Oracle Linux 5 [1.5-28] - add preliminary patch to fix buffer overflow in rpcsec_gss implementation in libgssrpc (#250973, CVE-2007-3999) and write through uninitialized pointer in kadmind (#250976, CVE-2007-4000) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3999 CVE-2007-4000 ELSA-2007-0860: Moderate: tar security update (MODERATE) Oracle Linux 5 [1.14-12.5.1.RHEL4] - CVE-2007-4131 tar directory traversal vulnerability (#251921) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-4131 ELSA-2007-0871: Moderate: tomcat security update (MODERATE) Oracle Linux 5 [5.5.23-0jpp.3.0.2] - Patch for CVE-2007-3382 and CVE-2007-3385 Resolves: rhbz#254155 [5.5.23-0jpp.3.0.1] - Patch for CVE-2007-3386 Resolves: rhbz#254155 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 ELSA-2007-0873: Moderate: star security update (MODERATE) Oracle Linux 5 [1.5a08-5] - fix directory traversal vulnerability CVE-2007-4134 - Resolves: rhbz#254130 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-4134 ELSA-2007-0875: Important: mysql security update (IMPORTANT) Oracle Linux 5 [4.1.20-2.RHEL4.1.0.1] - Fix CVE-2007-3780: remote DOS via bad password length byte Resolves: #257621 - Workaround for new gcc bug on ia64: it locks up while compiling sql_table.cc IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3780 ELSA-2007-0883: Important: qt security update (IMPORTANT) Oracle Linux 5 [3.3.6-23] - Resolves: #277011, Qt UTF8 improper character expansion, CVE-2007-0242 - Resolves: #269141, Qt off by one buffer overflow, CVE-2007-413 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-0242 CVE-2007-4137 ELSA-2007-0890: Moderate: php security update (MODERATE) Oracle Linux 5 [5.1.6-15.el5] - improve fix for CVE-2007-3997 (#278411) [5.1.6-14.el5] - fix backport for CVE-2007-3996 (#278411) [5.1.6-13.el5] - add security fixes for CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 (#278411) MODERATE Copyright 2007 Oracle, Inc. CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 CVE-2007-4670 ELSA-2007-0892: Important: krb5 security update (IMPORTANT) Oracle Linux 5 [1.5-29] - update to revised patch for CVE-2007-3999 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-4743 ELSA-2007-0905: Moderate: kdebase security update (MODERATE) Oracle Linux 5 [3.3.1-6.el4.0.1] - turn off ' [3.3.1-6.l4] - Resolves: #290851, CVE-2007-4569, kdm password-less login vulnerability CVE-2007-3820, CVE-2007-4224 CVE-2007-4225, Konqueror address bar spoofin MODERATE Copyright 2007 Oracle, Inc. CVE-2007-3820 CVE-2007-4224 CVE-2007-4569 ELSA-2007-0909: Moderate: kdelibs security update (MODERATE) Oracle Linux 5 [3.5.4-13.el5.0.1] - Remove Version branding - Maximum rpm trademark logos removed (pics/crystalsvg/*-mime-rpm*) [3.5.4-13.el5] - Resolves: #293571 CVE-2007-0537 Konqueror improper HTML comment rendering CVE-2007-1564 FTP protocol PASV design flaw affects konqueror [3.5.4-12.el5] - resolves: #293421, CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 - Resolves: #293911, UTF-8 overlong sequence decoding vulnerability, CVE-2007-0242 - Resolves: #293571, Konqueror improper HTML comment rendering, CVE-2007-0537 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-0242 CVE-2007-0537 CVE-2007-1308 CVE-2007-1564 CVE-2007-3820 CVE-2007-4224 ELSA-2007-0933: Moderate: elinks security update (MODERATE) Oracle Linux 5 [0.9.2-3.3.5.2] - fix elinks-0.9.2-httpspostdata.patch (#303881) [0.9.2-3.3.5.1] - fix #297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy [0.9.2-3.3] - fix #215731 - elinks smb protocol arbitrary file access MODERATE Copyright 2007 Oracle, Inc. CVE-2007-5034 ELSA-2007-0936: Important: kernel security update (IMPORTANT) Oracle Linux 5 [2.6.18-8.1.14.0.2.el5] - Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660] - Add entropy module option to e1000/bnx2 (John Sobecki) [ORA 6045759] [2.6.18-8.1.14.el5] - Revert changes back to 2.6.18-8.1.10. - [x86_64] Zero extend all registers after ptrace in 32bit entry path (Anton Arapov ) [297871] {CVE-2007-4573} [2.6.18-8.1.12.el5] - [x86_64] Don't leak NT bit into next task (Dave Anderson ) [298151] {CVE-2007-4574} - [fs] Reset current->pdeath_signal on SUID binary execution (Peter Zijlstra ) [252307] {CVE-2007-3848} - [misc] Bounds check ordering issue in random driver (Anton Arapov ) [275961] {CVE-2007-3105} - [usb] usblcd: Locally triggerable memory consumption (Anton Arapov ) [276001] {CVE-2007-3513} - [x86_64] Zero extend all registers after ptrace in 32bit entry path (Anton Arapov ) [297871] {CVE-2007-4573} - [net] igmp: check for NULL when allocating GFP_ATOMIC skbs (Neil Horman ) [303281] [2.6.18-8.1.11.el5] - [xen] Guest access to MSR may cause system crash/data corruption (Bhavana Nagendra ) [253312] {CVE-2007-3733} - [dlm] A TCP connection to DLM port blocks DLM operations (Patrick Caulfield ) [245922] {CVE-2007-3380} - [ppc] 4k page mapping support for userspace in 64k kernels (Scott Moser ) [275841] {CVE-2007-3850} - [ptrace] NULL pointer dereference triggered by ptrace (Anton Arapov ) [275981] {CVE-2007-3731} - [fs] hugetlb: fix prio_tree unit (Konrad Rzeszutek ) [253929] {CVE-2007-4133} IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-4573 ELSA-2007-0940: Important:kernel security update (NA) Oracle Linux 5 [2.6.18-8.1.15.0.1.el5] - Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660] - Add entropy module option to e1000/bnx2 (John Sobecki) [ORA 6045759] [2.6.18-8.1.15.el5] - [dlm] A TCP connection to DLM port blocks DLM operations (Patrick Caulfield ) [245922] {CVE-2007-3380} - [ppc] 4k page mapping support for userspace in 64k kernels (Scott Moser ) [275841] {CVE-2007-3850} - [ptrace] NULL pointer dereference triggered by ptrace (Anton Arapov ) [275981] {CVE-2007-3731} - [fs] hugetlb: fix prio_tree unit (Konrad Rzeszutek ) [253929] {CVE-2007-4133} - [x86_64] Don't leak NT bit into next task (Dave Anderson ) [298151] {CVE-2007-4574} - [fs] Reset current->pdeath_signal on SUID binary execution (Peter Zijlstra ) [252307] {CVE-2007-3848} - [misc] Bounds check ordering issue in random driver (Anton Arapov ) [275961] {CVE-2007-3105} - [usb] usblcd: Locally triggerable memory consumption (Anton Arapov ) [276001] {CVE-2007-3513} - [net] igmp: check for NULL when allocating GFP_ATOMIC skbs (Neil Horman ) [303281] - [scsi] aacraid: Missing ioctl() permission checks (Vitaly Mayatskikh ) [298371] {CVE-2007-4308} - [xen] Guest access to MSR may cause system crash/data corruption (Bhavana Nagendra ) [253312] {CVE-2007-3733} N/A Copyright 2007 Oracle, Inc. CVE-2007-3105 CVE-2007-3380 CVE-2007-3513 CVE-2007-3731 CVE-2007-3848 CVE-2007-3850 CVE-2007-4133 CVE-2007-4308 CVE-2007-4574 ELSA-2007-0951: Important: nfs-utils-lib security update (IMPORTANT) Oracle Linux 5 [1.0.8-7.2.z2] - Updated libnfsidmap to -17 to fix a security issue (bz 254041) [1.0.8-7.2.z1] - Fixed RPC library buffer overflow (bz 265061) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3999 CVE-2007-4135 ELSA-2007-0960: Important: hplip security update (IMPORTANT) Oracle Linux 5 [1.6.7-4.1.el5_0.3] - Fixed post scriptlet to make sure it restarts the daemon on upgrade (part of bug #320011). [1.6.7-4.1.el5_0.2] - Build requires openssl-devel (part of bug #320011). [1.6.7-4.1.el5_0.1] - Applied patch to fix CVE-2007-5208 (bug #320011). IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-5208 ELSA-2007-0964: Important: openssl security update (IMPORTANT) Oracle Linux 5 [0.9.8b-8.3.2] - more DTLS fixes (#321211) [0.9.8b-8.3.1] - fix CVE-2007-3108 - side channel attack on private keys (#322891) - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309871) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321211) IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 ELSA-2007-0965: Moderate: ruby security update (MODERATE) Oracle Linux 5 [1.8.5-5.el5_1.1] - security fix for CVE-2007-5162 and CVE-2007-5770 - ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL certificate. (#320331) - Fix the multilib regression issue. [1.8.5-5] - security fix release. - ruby-1.8.5-cgi-CVE-2006-6303.patch: fix a infinite loop with certain HTTP request. (#218290) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.oracle.com/pipermail/el-errata/attachments/20071123/5e0ea409/attachment.html MODERATE Copyright 2007 Oracle, Inc. CVE-2007-5162 CVE-2007-5770 ELSA-2007-0966: Important: perl security update (IMPORTANT) Oracle Linux 5 [5.8.5-36.el4_5.2.0.1] - Added patch perl-5.8.5-OEL-mock-build.patch to disable test lib/Net/t/hostname.t, so that mock build succeeds [5.8.5-36.el4.2] - Resolves: bug#323791 - fix previous patch [5.8.5-36.el4.1] - Resolves: bug#323791 - fix regular expression UTF parsing errors IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-5116 ELSA-2007-0967: Critical: pcre security update (CRITICAL) Oracle Linux 5 [6.6-2.1] - Resolves: #315951, CVE-2007-1659, CVE-2007-1660 [6.6-1.2] - Resolves: #315951, CVE-2007-1659, CVE-2007-1660 CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-1659 CVE-2007-1660 ELSA-2007-0975: Important: flac security update (IMPORTANT) Oracle Linux 5 [1.1.0-7.el_4.2] - Add RHEL-5 patch to remove execstack requirement Related: rhbz #332591 [1.1.0-7.el_4.1] - Add patch from Takashi Iwai to fix CVE-2007-4619 Resolves: rhbz #332591 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-4619 CVE-2007-6277 ELSA-2007-0979: Critical: firefox security update (CRITICAL) Oracle Linux 5 [1.5.0.12-0.7.el4.0.1] - Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js for errata rebuild [1.5.0.12-0.7.el4] - Update to latest snapshot of Mozilla 1.8.0 branch [1.5.0.12-0.6.el4] - added pathes for Mozilla bugs 325761 and 392149 [1.5.0.12-0.5.el4] - added pathes for Mozilla bugs 199088,267833,309322,345305,361745, 362901,372309,378787,381300,384105,386914,387033,387881,388121,388784 390078,393537,395942 [1.5.0.12-0.4.el4] - Updated pango patches, added indic printing support (#129207) CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 ELSA-2007-0992: Moderate: libpng security update (MODERATE) Oracle Linux 5 [1.2.7-3.el4_5.1] - Back-port critical fixes from libpng 1.2.22, primarily to fix CVE-2007-5269 Resolves: #337501 - Update License tag and some other obsolete bits in specfile [1.0.16-3.el4_5.1] - Back-port critical fixes from libpng 1.0.30, primarily to fix CVE-2007-5269 Resolves: #337561 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-5269 ELSA-2007-0993: Important: kernel security update (IMPORTANT) Oracle Linux 5 - CVE-2007-4571 ALSA memory disclosure flaw - Tick divider bugs on x86_64 - CVE-2007-5494 open(O_ATOMICLOOKUP) leaks dentry - [PATCH] jbd: wait for already submitted t_sync_datalist buffer to complete (Possibility of in-place data destruction) - LSPP: audit rule causes kernel 'out of memory' condition and auditd failure - [EL5][BUG] Unexpected SIGILL on NFS/Montecito(ia64) - task-&gt;mm or slab corruption with CIFS - CVE-2007-4997 kernel ieee80211 off-by-two integer underflow - LSPP: audit enable not picking up all processes - [Broadcom 5.1.z bug] Performance regression on 5705 TG3 NICs - LTC35628-kexec/kdump kernel hung on Power5+ and Power6 based systems - LTC38135-vSCSI client reports 'Device sdX not ready' after deactive/active device on vSCSI server - forcedeth driver mishandles MSI interrupts under high load IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-4571 CVE-2007-4997 CVE-2007-5494 ELSA-2007-1017: Critical: samba security update (CRITICAL) Oracle Linux 5 [3.0.25b-0.el5_1.1] - Security fix for CVE-2007-4138 - Security fix for CVE-2007-4572 - Security fix for CVE-2007-5398 - Multilib Fix - resolves: #351501 - resolves: #350761 - resolves: #359151 - resolves: #356851 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.oracle.com/pipermail/el-errata/attachments/20071123/ec47524f/attachment.html CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-4138 CVE-2007-4572 CVE-2007-5398 ELSA-2007-1020: Important: cups security and bug fix update (IMPORTANT) Oracle Linux 5 [1.2.4-11.14.el5_1.1] - Applied patch to fix CVE-2007-4351 (STR #2561, bug #353981). [1.2.4-11.14] - Applied patch to fix cupsd crash when failing to open a file: URI (STR #2351, bug #250415). [1.2.4-11.13] - Moved LSPP security attributes check before job creation (bug #231522). [1.2.4-11.12] - Moved LSPP access check before job creation (bug #231522). [1.2.4-11.11] - Better error checking in the LSPP patch (bug #231522). [1.2.4-11.10] - Applied patch to fix CVE-2007-3387 (bug #248223). [1.2.4-11.9] - Fixed IPv6 address parsing (bug #241400, STR #2117). - Fixed a bug that caused cups-lpd not to set the correct value for job-originating-host-name (bug #240223, STR #2023). - Cleaned up initscript error handling (bug #237953). - Fixed cups-lpd -odocument-format=... option (bug #230073, STR #2266). - Fixed If-Modified-Since: handling in libcups (bug #218764, STR #2133). - Make the initscript use start priority 56 (bug #213828). [1.2.4-11.8] - Applied fix for STR #2264 (bug #230118). - Added patch for UNIX domain sockets authentication (bug #230613). - LSPP: Updated patch for line-wrapped labels (bug #228107). [1.2.4-11.7] - Don't reload CUPS after rotating the logs with logrotate, but make sure to use the new file in that case (bug #215024). [1.2.4-11.6] - LSPP: added check_context() function for get_jobs(), get_job_attrs() and validate_user() (bug #229673). - Fixed a potential scheduler crash (bug #231522). IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-4351 ELSA-2007-1026: Important: poppler security update (IMPORTANT) Oracle Linux 5 [2.3.27-8.1] Fixes for: - 345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit() - 345111 - CVE-2007-5392 xpdf buffer overflow in DCTStream::reset() - 345121 - CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar() IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 ELSA-2007-1037: Important: openldap security and enhancement update (IMPORTANT) Oracle Linux 5 [2.3.27-8.1] - fix security issue CVE-2007-5707 (#360001) - fix manual bind timeout (#368231) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.oracle.com/pipermail/el-errata/attachments/20071123/279499e3/attachment-0001.html IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-5707 ELSA-2007-1052: Critical: pcre security update (CRITICAL) Oracle Linux 5 [ 4.5-4.4] - Resolves: #373421, More complete fix for CVE-2006-7224 [ 4.5-4.2] -Resolves: #373421, CVE-2006-7224 CRITICAL Copyright 2007 Oracle, Inc. CVE-2006-7227 CVE-2005-4872 ELSA-2007-1059: Important: pcre security update (IMPORTANT) Oracle Linux 5 [6.6-2.7] - Fix the names of the patches added in 6.6-2.5: mv pcre-6.4-posix.diff pcre-6.6-CVE-2006-7225.patch mv pcre-6.4-fix1.patch pcre-6.6-CVE-2006-7226.patch - Update pcre-6.6-CVE-2007-1659.patch - Update pcre-6.6-CVE-2007-1660.patch - Add pcre-6.6-CVE-2006-7230.patch - Resolves: #380531 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2006-7225 CVE-2006-7226 CVE-2006-7228 CVE-2006-7230 ELSA-2007-1078: Important: cairo security update (IMPORTANT) Oracle Linux 5 [1.2.4-3] - Add cairo-1.2.4-alloc-overflow.patch - Resolves: bug #387521 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-5503 ELSA-2007-1082: Critical: firefox security update (CRITICAL) Oracle Linux 5 [1.5.0.12-7.0.1] - Added Oracle specific links into default bookmarks. [1.5.0.12-7] - Add patches for mozilla bugs: 369814,373911,391028,393326,402649,403331 CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-5947 CVE-2007-5959 CVE-2007-5960 ELSA-2007-1095: Moderate: htdig security update (MODERATE) Oracle Linux 5 [3:3.2.0b6-4] - CVE-2007-6110 MODERATE Copyright 2007 Oracle, Inc. CVE-2007-6110 ELSA-2007-1114: Critical: samba security and bug fix update (CRITICAL) Oracle Linux 5 [3.0.9-1.3E.14.3] - Security fix for CVE-2007-6015 - Fix for regression introduced with CVE-2007-4572 - resolves: #407321 - resolves: #389021 CRITICAL Copyright 2007 Oracle, Inc. CVE-2007-6015 ELSA-2007-1128: Important: autofs security update (IMPORTANT) Oracle Linux 5 [5.0.1-0.rc2.55.el5.1] - Bug 410041: CVE-2007-5964 autofs defaults don't restrict suid in /net - use mount option nosuid for -hosts map unless suid is explicily specified. - Related: rhbz#410041 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-5964 ELSA-2007-1130: Moderate: squid security update (MODERATE) Oracle Linux 5 [2.5.STABLE3-8.3E] - fix for #410181 - CVE-2007-6239 Squid DoS in cache updates [2.5.STABLE3-7] - resolves: #238103: 'forwarded_for off' in squid.conf does not work. MODERATE Copyright 2007 Oracle, Inc. CVE-2007-6239 ELSA-2007-1155: Important: mysql security update (IMPORTANT) Oracle Linux 5 [4.1.20-3.RHEL4.1.el4_6.1] - Back-port upstream fixes for CVE-2007-5925, CVE-2007-5969. Resolves: #422181 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-5925 CVE-2007-5969 ELSA-2007-1165: Moderate:libexif security update (NA) Oracle Linux 5 [0.6.13-4.0.2.el5_1.1] - Add patch for CVE-2007-6351. Fixes bug #425681 - Add patch for CVE-2007-6352. Fixes bug #425681 N/A Copyright 2007 Oracle, Inc. CVE-2007-6351 CVE-2007-6352 ELSA-2007-1176: Important: autofs security update (IMPORTANT) Oracle Linux 5 [5.0.1-0.rc2.55.el5.2] - Bug 426219: CVE-2007-6285 autofs default doesn't set nodev in /net [rhel-5.1.z] - use mount option nodev for -hosts map unless dev is explicily specified. - Related: rhbz#426219 IMPORTANT Copyright 2007 Oracle, Inc. CVE-2007-6285 bind-sdb bind-chroot bind-devel bind-libs bind oraclelinux-release caching-nameserver bind-utils bind-libbind-devel wireshark-gnome wireshark oraclelinux-release krb5-libs krb5-server krb5-devel krb5-workstation oraclelinux-release gnupg oraclelinux-release xen-devel xen xen-libs oraclelinux-release cups-devel cups-lpd cups cups-libs oraclelinux-release xorg-x11-server-Xorg oraclelinux-release xorg-x11-server-Xephyr xorg-x11-server-Xnest xorg-x11-server-Xvfb xorg-x11-server-sdk xorg-x11-server-Xdmx squid oraclelinux-release libXfont libXfont-devel oraclelinux-release libX11-devel libX11 xorg-x11-apps oraclelinux-release xen-devel xen xen-libs oraclelinux-release tomcat5-admin-webapps jakarta-commons-modeler-javadoc oraclelinux-release tomcat5-servlet-2.4-api-javadoc tomcat5-common-lib tomcat5-jasper-javadoc tomcat5 tomcat5-server-lib jakarta-commons-modeler tomcat5-jsp-2.0-api tomcat5-jasper tomcat5-webapps tomcat5-jsp-2.0-api-javadoc tomcat5-servlet-2.4-api postgresql-tcl rh-postgresql-libs postgresql-devel rh-postgresql-docs postgresql-docs postgresql-libs rh-postgresql-pl rh-postgresql-tcl rh-postgresql-server postgresql-pl rh-postgresql-python rh-postgresql-devel rh-postgresql-contrib rh-postgresql-test postgresql-python postgresql-test postgresql-server postgresql oraclelinux-release rh-postgresql-jdbc postgresql-contrib postgresql-jdbc rh-postgresql freeradius-mysql freeradius-postgresql freeradius-unixODBC freeradius oraclelinux-release ipsec-tools oraclelinux-release gimp-libs gimp gimp-devel gimp-perl oraclelinux-release evolution-data-server evolution-data-server-devel oraclelinux-release vixie-cron oraclelinux-release vim-minimal vim-enhanced vim-common vim-X11 oraclelinux-release kernel-headers kernel oracleasm-2.6.18-8.1.4.0.1.el5 kernel-PAE-devel kernel-doc ocfs2-2.6.18-8.1.4.0.1.el5xen oraclelinux-release kernel-devel kernel-xen-devel kernel-PAE ocfs2-2.6.18-8.1.4.0.1.el5PAE ocfs2-2.6.18-8.1.4.0.1.el5 oracleasm-2.6.18-8.1.4.0.1.el5xen kernel-xen oracleasm-2.6.18-8.1.4.0.1.el5PAE php-odbc php-mbstring php-devel oraclelinux-release php-soap php-ldap php-xmlrpc php-imap php-dba php-pdo php-snmp php-ncurses php-bcmath php-cli php-pgsql php-common php-mysql php-gd php php-xml samba-common samba samba-swat samba-client oraclelinux-release libpng libpng10 libpng-devel libpng10-devel oraclelinux-release squirrelmail oraclelinux-release tcpdump arpwatch libpcap-devel libpcap oraclelinux-release kernel-headers kernel ocfs2-2.6.18-8.1.6.0.1.el5 kernel-PAE-devel kernel-doc oracleasm-2.6.18-8.1.6.0.1.el5xen oraclelinux-release kernel-devel oracleasm-2.6.18-8.1.6.0.1.el5PAE kernel-xen-devel kernel-PAE oracleasm-2.6.18-8.1.6.0.1.el5 kernel-xen ocfs2-2.6.18-8.1.6.0.1.el5xen ocfs2-2.6.18-8.1.6.0.1.el5PAE fetchmail oraclelinux-release mutt oraclelinux-release quagga quagga-contrib quagga-devel oraclelinux-release file oraclelinux-release mod_perl-devel mod_perl oraclelinux-release firefox yelp oraclelinux-release devhelp firefox-devel devhelp-devel freetype-utils freetype freetype-demos freetype-devel oraclelinux-release spamassassin oraclelinux-release kdebase-devel kdebase oraclelinux-release iscsi-initiator-utils oraclelinux-release evolution-data-server evolution-data-server-devel oraclelinux-release gimp-libs gimp gimp-devel gimp-perl oraclelinux-release xorg-x11-xfs-utils xorg-x11-xfs oraclelinux-release aide oraclelinux-release openssh-server openssh openssh-clients openssh-askpass oraclelinux-release mcstrans oraclelinux-release pam pam-devel oraclelinux-release httpd httpd-devel httpd-manual mod_ssl oraclelinux-release cman-devel cman oraclelinux-release krb5-libs krb5-server krb5-devel krb5-workstation oraclelinux-release tomcat5-admin-webapps oraclelinux-release tomcat5-servlet-2.4-api-javadoc tomcat5 tomcat5-common-lib tomcat5-jasper-javadoc tomcat5-server-lib tomcat5-jsp-2.0-api tomcat5-jasper tomcat5-webapps tomcat5-jsp-2.0-api-javadoc tomcat5-servlet-2.4-api kernel-headers kernel oracleasm-2.6.18-8.1.8.0.1.el5 oracleasm-2.6.18-8.1.8.0.1.el5xen kernel-PAE-devel kernel-doc oraclelinux-release kernel-devel kernel-xen-devel kernel-PAE ocfs2-2.6.18-8.1.8.0.1.el5xen oracleasm-2.6.18-8.1.8.0.1.el5PAE ocfs2-2.6.18-8.1.8.0.1.el5PAE kernel-xen ocfs2-2.6.18-8.1.8.0.1.el5 coolkey-devel coolkey oraclelinux-release ricci luci oraclelinux-release perl-Net-DNS oraclelinux-release kernel-headers kernel oracleasm-2.6.18-8.1.10.0.1.el5 kernel-PAE-devel kernel-doc oracleasm-2.6.18-8.1.10.0.1.el5PAE oraclelinux-release kernel-devel kernel-xen-devel kernel-PAE oracleasm-2.6.18-8.1.10.0.1.el5xen ocfs2-2.6.18-8.1.10.0.1.el5PAE ocfs2-2.6.18-8.1.10.0.1.el5 kernel-xen ocfs2-2.6.18-8.1.10.0.1.el5xen wireshark-gnome wireshark oraclelinux-release cups-devel cups-lpd cups cups-libs oraclelinux-release qt-MySQL qt-config qt oraclelinux-release qt-designer qt-devel qt-PostgreSQL qt-ODBC qt-devel-docs firefox-devel firefox oraclelinux-release tetex-latex tetex-xdvi oraclelinux-release tetex-afm tetex-dvips tetex-doc tetex tetex-fonts poppler-devel poppler poppler-utils oraclelinux-release bind-sdb bind-chroot bind-devel bind-libs bind oraclelinux-release caching-nameserver bind-utils bind-libbind-devel httpd httpd-devel httpd-manual mod_ssl oraclelinux-release gdm oraclelinux-release libvorbis libvorbis-devel oraclelinux-release krb5-libs krb5-server krb5-devel krb5-workstation oraclelinux-release tar oraclelinux-release tomcat5-admin-webapps oraclelinux-release tomcat5-servlet-2.4-api-javadoc tomcat5 tomcat5-common-lib tomcat5-jasper-javadoc tomcat5-server-lib tomcat5-jsp-2.0-api tomcat5-jasper tomcat5-webapps tomcat5-jsp-2.0-api-javadoc tomcat5-servlet-2.4-api star oraclelinux-release mysql-devel mysql-bench oraclelinux-release mysql-server mysql mysql-test qt-MySQL qt-config qt oraclelinux-release qt-designer qt-devel qt-PostgreSQL qt-ODBC qt-devel-docs php-mbstring php-soap php-xml php-pdo php-pgsql php-domxml php-xmlrpc php-imap php-snmp php-mysql php-common php-gd php-odbc php-devel php-ldap php php-pear oraclelinux-release php-dba php-ncurses php-bcmath php-cli krb5-libs krb5-server krb5-devel krb5-workstation oraclelinux-release kdebase-devel kdebase oraclelinux-release kdelibs kdelibs-devel kdelibs-apidocs oraclelinux-release elinks oraclelinux-release kernel-headers kernel ocfs2-2.6.18-8.1.14.0.2.el5xen ocfs2-2.6.18-8.1.14.0.2.el5PAE kernel-PAE-devel kernel-doc oraclelinux-release oracleasm-2.6.18-8.1.14.0.2.el5xen kernel-devel kernel-xen-devel oracleasm-2.6.18-8.1.14.0.2.el5 kernel-PAE kernel-xen oracleasm-2.6.18-8.1.14.0.2.el5PAE ocfs2-2.6.18-8.1.14.0.2.el5 kernel-headers kernel oracleasm-2.6.18-8.1.15.0.1.el5PAE kernel-PAE-devel kernel-doc oracleasm-2.6.18-8.1.15.0.1.el5xen oraclelinux-release ocfs2-2.6.18-8.1.15.0.1.el5 kernel-devel kernel-xen-devel ocfs2-2.6.18-8.1.15.0.1.el5xen kernel-PAE oracleasm-2.6.18-8.1.15.0.1.el5 kernel-xen ocfs2-2.6.18-8.1.15.0.1.el5PAE nfs-utils-lib nfs-utils-lib-devel oraclelinux-release libsane-hpaio hplip hpijs oraclelinux-release openssl-perl openssl openssl-devel oraclelinux-release ruby-docs ruby-devel ruby-rdoc ruby ruby-irb oraclelinux-release ruby-tcltk ruby-mode ruby-ri ruby-libs oraclelinux-release perl-suidperl perl perl-CPAN perl-CGI perl-DB_File pcre pcre-devel oraclelinux-release flac-devel xmms-flac flac oraclelinux-release firefox-devel firefox oraclelinux-release libpng libpng10 libpng-devel libpng10-devel oraclelinux-release kernel-headers kernel kernel-PAE-devel kernel-debug oraclelinux-release kernel-devel kernel-xen-devel kernel-PAE kernel-debug-devel kernel-xen samba-common samba samba-swat samba-client oraclelinux-release cups-devel cups-lpd cups cups-libs oraclelinux-release poppler-devel poppler poppler-utils oraclelinux-release openldap-servers-sql openldap-servers compat-openldap oraclelinux-release openldap-clients openldap openldap-devel pcre pcre-devel oraclelinux-release pcre pcre-devel oraclelinux-release cairo cairo-devel oraclelinux-release firefox-devel firefox oraclelinux-release htdig-web htdig oraclelinux-release samba-common samba samba-swat samba-client oraclelinux-release autofs oraclelinux-release squid oraclelinux-release mysql-devel mysql-bench oraclelinux-release mysql-server mysql mysql-test libexif libexif-devel oraclelinux-release autofs oraclelinux-release 66ced3de1e5e0159 ^5 30:9.3.3-8.el5 66ced3de1e5e0159 ^5 0:0.99.5-1.el5.0.1 66ced3de1e5e0159 ^5 0:1.5-23 66ced3de1e5e0159 ^5 0:1.4.5-13 66ced3de1e5e0159 ^5 0:3.0.3-25.0.3.el5 66ced3de1e5e0159 ^5 1:1.2.4-11.5.1.el5 66ced3de1e5e0159 ^5 0:1.1.1-48.13.0.1.el5.0.1 66ced3de1e5e0159 ^5 7:2.6.STABLE6-4.el5 66ced3de1e5e0159 ^5 0:1.2.2-1.0.2.el5 66ced3de1e5e0159 ^5 0:1.0.3-8.0.1.el5 0:7.1-4.0.1.el5 66ced3de1e5e0159 ^5 0:3.0.3-25.0.4.el5 66ced3de1e5e0159 ^5 0:1.1-8jpp.1.0.2.el5 0:5.5.23-0jpp.1.0.3.el5 66ced3de1e5e0159 ^5 0:8.1.9-1.el5 66ced3de1e5e0159 ^5 0:1.1.3-1.2.el5 66ced3de1e5e0159 ^5 0:0.6.5-8.el5 66ced3de1e5e0159 ^5 2:2.2.13-2.el5 66ced3de1e5e0159 ^5 0:1.8.0-15.0.3.el5 66ced3de1e5e0159 ^5 4:4.1-70.el5 66ced3de1e5e0159 ^5 2:7.0.109-3.el5.3 66ced3de1e5e0159 ^5 0:2.6.18-8.1.4.0.1.el5 0:1.2.6-1.el5 0:2.0.4-1.el5 66ced3de1e5e0159 ^5 0:5.1.6-12.el5 66ced3de1e5e0159 ^5 0:3.0.23c-2.el5.2.0.2 66ced3de1e5e0159 ^5 2:1.2.10-7.0.2 66ced3de1e5e0159 ^5 0:1.4.8-4.0.1.el5.0.1 66ced3de1e5e0159 ^5 14:2.1a13-18.el5.0.1 14:0.9.4-11.el5.0.1 14:3.9.4-11.el5.0.1 66ced3de1e5e0159 ^5 0:2.6.18-8.1.6.0.1.el5 0:1.2.6-1.el5 0:2.0.4-1.el5 66ced3de1e5e0159 ^5 0:6.3.6-1.0.1.el5 66ced3de1e5e0159 ^5 5:1.4.2.2-3.0.2.el5 66ced3de1e5e0159 ^5 0:0.98.6-2.1.0.1.el5 66ced3de1e5e0159 ^5 0:4.17-9.0.1.el5 66ced3de1e5e0159 ^5 0:2.0.2-6.3.el5 66ced3de1e5e0159 ^5 0:0.12-11.el5 0:1.5.0.12-1.el5.0.1 0:2.16.0-15.el5 66ced3de1e5e0159 ^5 0:2.2.1-19.el5 66ced3de1e5e0159 ^5 0:3.1.9-1.el5 66ced3de1e5e0159 ^5 6:3.5.4-13.6.el5.0.1 66ced3de1e5e0159 ^5 0:6.2.0.742-0.6.el5 66ced3de1e5e0159 ^5 0:1.8.0-15.0.4.el5 66ced3de1e5e0159 ^5 2:2.2.13-2.0.7.el5 66ced3de1e5e0159 ^5 1:1.0.2-4 66ced3de1e5e0159 ^5 0:0.13.1-2.0.4.el5 66ced3de1e5e0159 ^5 0:4.3p2-24.el5 66ced3de1e5e0159 ^5 0:0.2.6-1.el5 66ced3de1e5e0159 ^5 0:0.99.6.2-3.26.el5 66ced3de1e5e0159 ^5 0:2.2.3-7.el5.0.1 1:2.2.3-7.el5.0.1 66ced3de1e5e0159 ^5 0:2.0.64-1.0.1.el5 66ced3de1e5e0159 ^5 0:1.5-26 66ced3de1e5e0159 ^5 0:5.5.23-0jpp.1.0.4.el5 66ced3de1e5e0159 ^5 0:2.6.18-8.1.8.0.1.el5 0:1.2.6-1.el5 0:2.0.4-1.el5 66ced3de1e5e0159 ^5 0:1.1.0-5.el5 66ced3de1e5e0159 ^5 0:0.10.0-6.el5.0.1 66ced3de1e5e0159 ^5 0:0.59-3.el5 66ced3de1e5e0159 ^5 0:2.6.18-8.1.10.0.1.el5 0:1.2.6-6.el5 0:2.0.4-1.el5 66ced3de1e5e0159 ^5 0:0.99.6-1.el5.0.1 66ced3de1e5e0159 ^5 1:1.2.4-11.5.3.el5 66ced3de1e5e0159 ^5 1:3.3.6-21.el5 66ced3de1e5e0159 ^5 0:1.5.0.12-3.el5.0.1 66ced3de1e5e0159 ^5 0:3.0-33.1.el5 66ced3de1e5e0159 ^5 0:0.5.4-4.1.el5 66ced3de1e5e0159 ^5 30:9.3.3-9.0.1.el5 66ced3de1e5e0159 ^5 0:2.2.3-11.el5.0.1 1:2.2.3-11.el5.0.1 66ced3de1e5e0159 ^5 1:2.16.0-31.0.1.el5 66ced3de1e5e0159 ^5 1:1.1.2-3.el5.0 66ced3de1e5e0159 ^5 0:1.5-28 66ced3de1e5e0159 ^5 2:1.15.1-23.0.1.el5 66ced3de1e5e0159 ^5 0:5.5.23-0jpp.3.0.2.el5 66ced3de1e5e0159 ^5 0:1.5a75-2 66ced3de1e5e0159 ^5 0:5.0.22-2.1.0.1 66ced3de1e5e0159 ^5 1:3.3.6-23.el5 66ced3de1e5e0159 ^5 0:5.1.6-15.el5 66ced3de1e5e0159 ^5 0:1.5-29 66ced3de1e5e0159 ^5 6:3.5.4-15.el5.0.1 66ced3de1e5e0159 ^5 6:3.5.4-13.el5.0.1 66ced3de1e5e0159 ^5 0:0.11.1-5.1.0.1.el5 66ced3de1e5e0159 ^5 0:2.6.18-8.1.14.0.2.el5 0:1.2.6-6.el5 0:2.0.4-1.el5 66ced3de1e5e0159 ^5 0:2.6.18-8.1.15.0.1.el5 0:1.2.6-6.el5 0:2.0.4-1.el5 66ced3de1e5e0159 ^5 0:1.0.8-7.2.z2 66ced3de1e5e0159 ^5 1:1.6.7-4.1.el5_0.3 0:1.6.7-4.1.el5_0.3 66ced3de1e5e0159 ^5 0:0.9.8b-8.3.el5_0.2 66ced3de1e5e0159 ^5 0:1.8.5-5.el5_1.1 66ced3de1e5e0159 ^5 4:5.8.8-10.0.1.el5_0.2 66ced3de1e5e0159 ^5 0:6.6-2.el5_0.1 66ced3de1e5e0159 ^5 0:1.1.2-28.el5_0.1 66ced3de1e5e0159 ^5 0:1.5.0.12-6.el5.0.1 66ced3de1e5e0159 ^5 2:1.2.10-7.1.el5_0.1 66ced3de1e5e0159 ^5 0:2.6.18-53.1.4.0.1.el5 66ced3de1e5e0159 ^5 0:3.0.25b-1.el5_1.2 66ced3de1e5e0159 ^5 1:1.2.4-11.14.el5_1.1 66ced3de1e5e0159 ^5 0:0.5.4-4.3.el5_1 66ced3de1e5e0159 ^5 0:2.3.27_2.2.29-8.el5_1.1 0:2.3.27-8.el5_1.1 66ced3de1e5e0159 ^5 0:6.6-2.el5_1.1 66ced3de1e5e0159 ^5 0:6.6-2.el5_1.7 66ced3de1e5e0159 ^5 0:1.2.4-3.el5_1 66ced3de1e5e0159 ^5 0:1.5.0.12-7.el5.0.1 66ced3de1e5e0159 ^5 3:3.2.0b6-9.0.1.el5_1 66ced3de1e5e0159 ^5 0:3.0.25b-1.el5_1.4 66ced3de1e5e0159 ^5 1:5.0.1-0.rc2.55.el5.1 66ced3de1e5e0159 ^5 7:2.6.STABLE6-5.el5_1.2 66ced3de1e5e0159 ^5 0:5.0.22-2.2.el5_1.1 66ced3de1e5e0159 ^5 0:0.6.13-4.0.2.el5_1.1 66ced3de1e5e0159 ^5 1:5.0.1-0.rc2.55.el5.2