[El-errata] ELSA-2007-0465 Moderate: Enterprise Linux 3 pam security and bug fix update
el-errata at oss.oracle.com
el-errata at oss.oracle.com
Wed Jun 20 15:28:26 PDT 2007
Enterprise Linux Security Advisory ELSA-2007-0465
https://rhn.redhat.com/errata/RHSA-2007-0465.html
The following updated rpms for Enterprise Linux 3 have been uploaded to
the Unbreakable Linux Network:
i386:
cdrecord-2.01.0.a32-0.EL3.6.i386.rpm
cdrecord-devel-2.01.0.a32-0.EL3.6.i386.rpm
mkisofs-2.01.0.a32-0.EL3.6.i386.rpm
pam-0.75-72.i386.rpm
pam-devel-0.75-72.i386.rpm
x86_64:
cdrecord-2.01.0.a32-0.EL3.6.x86_64.rpm
cdrecord-devel-2.01.0.a32-0.EL3.6.x86_64.rpm
mkisofs-2.01.0.a32-0.EL3.6.x86_64.rpm
pam-0.75-72.i386.rpm
pam-0.75-72.x86_64.rpm
pam-devel-0.75-72.i386.rpm
pam-devel-0.75-72.x86_64.rpm
SRPMS:
http://oss.oracle.com/el3/SRPMS-updates/cdrtools-2.01.0.a32-0.EL3.6.src.rpm
http://oss.oracle.com/el3/SRPMS-updates/pam-0.75-72.src.rpm
Description of changes:
cdrtools-2.01.0.a32-0.EL3.6
[2.01.0.a32-0.EL3.6]
- fix for CVE-2004-0813
- cdrecord and readcd are now suid, but with a pam_console check
- Resolves: rhbz#232096
[2.01.0.a32-0.EL3.3]
- fix for CAN-2005-0866 "cdrecord insecure temporary file"
[2.01.0.a32-0.EL3.2]
- added patch for CAN-2004-0806, if s.o. was so stupid to make cdrecord
suid
- removed the suid section from the manpage
[2.01.0.a32-0.EL3.1]
- errata version for RHEL3
pam-0.75-72
[0.75-72]
- remove /dev/cdwriter* from console.perms - CVE-2004-0813 (#133098)
- decrement console login count correctly - CVE-2007-1716 (#234142)
[0.75-71]
- requires ghostscript and linuxdoc-tools to build
[0.75-70]
- fix memory leaks in pam_stack (#204055)
- fix memory leak in pam_unix (#230625)
More information about the El-errata
mailing list