LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: texinfo security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: texinfo security update
Advisory ID:       RHSA-2006:0727-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0727.html
Issue date:        2006-11-08
Updated on:        2006-11-08
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-3011 CVE-2006-4810 
- ---------------------------------------------------------------------

1. Summary:

New Texinfo packages that fix various security vulnerabilities are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Texinfo is a documentation system that can produce both online information
and printed output from a single source file.

A buffer overflow flaw was found in Texinfo's texindex command. An attacker
could construct a carefully crafted Texinfo file that could cause texindex
to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)

A flaw was found in the way Texinfo's texindex command creates temporary
files. A local user could leverage this flaw to overwrite files the user
executing texindex has write access to. (CVE-2005-3011)

Users of Texinfo should upgrade to these updated packages which contain
backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

169583 - CVE-2005-3011 texindex insecure temporary file usage
170743 - CVE-2005-3011 texindex insecure temporary file usage
170744 - CVE-2005-3011 texindex insecure temporary file usage
211484 - CVE-2006-4810 texindex buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c  texinfo-4.0b-3.el2.1.src.rpm

i386:
878a207e614180cf8fd43920d51947d6  info-4.0b-3.el2.1.i386.rpm
58cc2bc691496d3aef522fc87449554b  texinfo-4.0b-3.el2.1.i386.rpm

ia64:
a259d8d26dbaa8cc96686f169dc05911  info-4.0b-3.el2.1.ia64.rpm
6fae56c8168b45be80ae719ebe0aca82  texinfo-4.0b-3.el2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c  texinfo-4.0b-3.el2.1.src.rpm

ia64:
a259d8d26dbaa8cc96686f169dc05911  info-4.0b-3.el2.1.ia64.rpm
6fae56c8168b45be80ae719ebe0aca82  texinfo-4.0b-3.el2.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c  texinfo-4.0b-3.el2.1.src.rpm

i386:
878a207e614180cf8fd43920d51947d6  info-4.0b-3.el2.1.i386.rpm
58cc2bc691496d3aef522fc87449554b  texinfo-4.0b-3.el2.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/texinfo-4.0b-3.el2.1.src.rpm
4f77dc80717cf15b1f565cb8dfb12b8c  texinfo-4.0b-3.el2.1.src.rpm

i386:
878a207e614180cf8fd43920d51947d6  info-4.0b-3.el2.1.i386.rpm
58cc2bc691496d3aef522fc87449554b  texinfo-4.0b-3.el2.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1  texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba  info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588  texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6  texinfo-debuginfo-4.5-3.el3.1.i386.rpm

ia64:
42ca02702693284272a52b61b0914d66  info-4.5-3.el3.1.ia64.rpm
3fabad46614f61118bc29cffbd83df54  texinfo-4.5-3.el3.1.ia64.rpm
d8bb2bd2fd7be72a8822e93b1372b625  texinfo-debuginfo-4.5-3.el3.1.ia64.rpm

ppc:
5fe3e1eca608678fc0770f0de702cd8d  info-4.5-3.el3.1.ppc.rpm
9275ad56b995b25f275af0a44c3d01bf  texinfo-4.5-3.el3.1.ppc.rpm
f54a3f00a87b3ce1d4d0af73f0601bf7  texinfo-debuginfo-4.5-3.el3.1.ppc.rpm

s390:
215d4ea1202a2309c7c676e3c1e46299  info-4.5-3.el3.1.s390.rpm
7085ead3927535c315c336c3314b9d2f  texinfo-4.5-3.el3.1.s390.rpm
2d670e1ec1d3ab67628aa982d125bed4  texinfo-debuginfo-4.5-3.el3.1.s390.rpm

s390x:
fd6332f0b59ad9bd8f99cf40a8ff1ad9  info-4.5-3.el3.1.s390x.rpm
a7d61c3643d31ac0db2f6b15d0ea996b  texinfo-4.5-3.el3.1.s390x.rpm
566c653544cdb5e1a5eb82f6b67edb9c  texinfo-debuginfo-4.5-3.el3.1.s390x.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc  info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a  texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8  texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1  texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba  info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588  texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6  texinfo-debuginfo-4.5-3.el3.1.i386.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc  info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a  texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8  texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1  texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba  info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588  texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6  texinfo-debuginfo-4.5-3.el3.1.i386.rpm

ia64:
42ca02702693284272a52b61b0914d66  info-4.5-3.el3.1.ia64.rpm
3fabad46614f61118bc29cffbd83df54  texinfo-4.5-3.el3.1.ia64.rpm
d8bb2bd2fd7be72a8822e93b1372b625  texinfo-debuginfo-4.5-3.el3.1.ia64.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc  info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a  texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8  texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/texinfo-4.5-3.el3.1.src.rpm
cae389223d777d79c862b4672c75a9e1  texinfo-4.5-3.el3.1.src.rpm

i386:
1fc65ec7fb762b72f4f31030e10a8bba  info-4.5-3.el3.1.i386.rpm
04bd5020018f6727b77fd8c2a9fb2588  texinfo-4.5-3.el3.1.i386.rpm
1ee197caad9a5c8fa930215a7c5ca9e6  texinfo-debuginfo-4.5-3.el3.1.i386.rpm

ia64:
42ca02702693284272a52b61b0914d66  info-4.5-3.el3.1.ia64.rpm
3fabad46614f61118bc29cffbd83df54  texinfo-4.5-3.el3.1.ia64.rpm
d8bb2bd2fd7be72a8822e93b1372b625  texinfo-debuginfo-4.5-3.el3.1.ia64.rpm

x86_64:
544245c16b5f0d94a65c9c9ccb4c94cc  info-4.5-3.el3.1.x86_64.rpm
8921c67695089cf7d6fb4bc7fe61c24a  texinfo-4.5-3.el3.1.x86_64.rpm
5e7e98da194c722cee0ab2e1f05989b8  texinfo-debuginfo-4.5-3.el3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922  texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6  info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee  texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01  texinfo-debuginfo-4.7-5.el4.2.i386.rpm

ia64:
99deee5e7579a4d49a0c7cb82a13e54b  info-4.7-5.el4.2.ia64.rpm
119c541a6cfe685fc2762e4718c772de  texinfo-4.7-5.el4.2.ia64.rpm
17d075dc8887246a394f9bb699791d81  texinfo-debuginfo-4.7-5.el4.2.ia64.rpm

ppc:
706a14c171a272ce82f3201364ec17a2  info-4.7-5.el4.2.ppc.rpm
1d1b035106a9889fa3bfa96f79a88248  texinfo-4.7-5.el4.2.ppc.rpm
52cc1d3e4c5fa6f2d745654706363d22  texinfo-debuginfo-4.7-5.el4.2.ppc.rpm

s390:
1f1c0056ceed97e903f70f9583bce14a  info-4.7-5.el4.2.s390.rpm
d4170f862521f47487a88eae5f1c6946  texinfo-4.7-5.el4.2.s390.rpm
6eb45ee9e2bcf48289334e33c3b54846  texinfo-debuginfo-4.7-5.el4.2.s390.rpm

s390x:
f5ccba218def5a9c496ff4ff6a8177d2  info-4.7-5.el4.2.s390x.rpm
bd3f9d50bb9855b8adeefe44ca7c0793  texinfo-4.7-5.el4.2.s390x.rpm
d64aa22173ce1036c50a23748f835251  texinfo-debuginfo-4.7-5.el4.2.s390x.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd  info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3  texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e  texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922  texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6  info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee  texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01  texinfo-debuginfo-4.7-5.el4.2.i386.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd  info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3  texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e  texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922  texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6  info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee  texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01  texinfo-debuginfo-4.7-5.el4.2.i386.rpm

ia64:
99deee5e7579a4d49a0c7cb82a13e54b  info-4.7-5.el4.2.ia64.rpm
119c541a6cfe685fc2762e4718c772de  texinfo-4.7-5.el4.2.ia64.rpm
17d075dc8887246a394f9bb699791d81  texinfo-debuginfo-4.7-5.el4.2.ia64.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd  info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3  texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e  texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/texinfo-4.7-5.el4.2.src.rpm
c5fabea21ca9dbc20658e542dabf2922  texinfo-4.7-5.el4.2.src.rpm

i386:
7e86f2eef9fb548f6be88025bee5a9b6  info-4.7-5.el4.2.i386.rpm
5f509002c109ce1a2b9876b60e7b1eee  texinfo-4.7-5.el4.2.i386.rpm
11151582bace0b111ec2061041da9a01  texinfo-debuginfo-4.7-5.el4.2.i386.rpm

ia64:
99deee5e7579a4d49a0c7cb82a13e54b  info-4.7-5.el4.2.ia64.rpm
119c541a6cfe685fc2762e4718c772de  texinfo-4.7-5.el4.2.ia64.rpm
17d075dc8887246a394f9bb699791d81  texinfo-debuginfo-4.7-5.el4.2.ia64.rpm

x86_64:
8211780e84883ff3c9f5428a54cadfcd  info-4.7-5.el4.2.x86_64.rpm
33ec657749738e6737a569d75ffe79c3  texinfo-4.7-5.el4.2.x86_64.rpm
d824601958b4d0b0961f5ea9c312bd9e  texinfo-debuginfo-4.7-5.el4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.