![[LWN Logo]](/images/lwn.banner.gif)
Date: Mon, 6 Dec 1999 13:10:55 -0500 (EST)
From: Elliot Lee <sopwith@redhat.com>
To: redhat-watch-list@redhat.com, redhat-announce-list@redhat.com
Subject: RHSA-1999:058 - ORBit, esound, gnome-core
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: new ORBit, esound, and gnome-core packages
Advisory ID: RHSA-1999:058-01
Issue date: 1999-12-03
---------------------------------------------------------------------
1. Topic:
ORBit and gnome-session each contained a denial-of-service hole.
ORBit and esound each contained a security hole.
2. Relevant releases/architectures:
Red Hat Linux 6.1
3. Problem description:
ORBit and esound used a source of random data that was easily guessable,
possibly allowing an attacker with local access to guess the
authentication keys used to control access to these services.
ORBit and gnome-session contained a bug that allowed attackers to remotely
crash a program under unusual circumstances. In addition to fixing these
problems, TCP Wrappers support has been added to gnome-session. ORBit
already makes use of TCP Wrappers. It is recommended that this
functionality be used when additional access controls are desired on
network access to these services.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Uvh <filename>
where filename is the name of the RPM.
5. RPMs required:
Intel:
ftp://updates.redhat.com/6.1/i386/ORBit-0.5.0-2.i386.rpm
ftp://updates.redhat.com/6.1/i386/ORBit-devel-0.5.0-2.i386.rpm
ftp://updates.redhat.com/6.1/i386/esound-0.2.17-1.i386.rpm
ftp://updates.redhat.com/6.1/i386/esound-devel-0.2.17-1.i386.rpm
ftp://updates.redhat.com/6.1/i386/gnome-core-1.0.54-2.i386.rpm
ftp://updates.redhat.com/6.1/i386/gnome-core-devel-1.0.54-2.i386.rpm
Sparc:
ftp://updates.redhat.com/6.1/sparc/ORBit-0.5.0-2.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/ORBit-devel-0.5.0-2.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/esound-0.2.17-1.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/esound-devel-0.2.17-1.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/gnome-core-1.0.54-2.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/gnome-core-devel-1.0.54-2.sparc.rpm
Source packages:
ftp://updates.redhat.com/6.1/SRPMS/ORBit-0.5.0-2.src.rpm
ftp://updates.redhat.com/6.1/SRPMS/esound-0.2.17-1.src.rpm
ftp://updates.redhat.com/6.1/SRPMS/gnome-core-1.0.54-2.src.rpm
9. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
35cb261853a01711fb47ee6d48149bd4 i386/ORBit-0.5.0-2.i386.rpm
808e9dca462f8ef765b454b25e017614 i386/ORBit-devel-0.5.0-2.i386.rpm
261e7063065c50f5eb4235cb373c85f1 i386/esound-0.2.17-1.i386.rpm
fa44e546df9b307cec6557cac0112eff i386/esound-devel-0.2.17-1.i386.rpm
d8c3814f4b8c19c38af526271dd1c294 i386/gnome-core-1.0.54-2.i386.rpm
a689359b3ff0bbe3ebc908a4ab5aaaad i386/gnome-core-devel-1.0.54-2.i386.rpm
4ce667c72a33146c5280cc7fecba0f4d sparc/ORBit-0.5.0-2.sparc.rpm
473056e09906fe49914c1d79dd30dc98 sparc/ORBit-devel-0.5.0-2.sparc.rpm
8ed14577fb93f8c684a98962c564b772 sparc/esound-0.2.17-1.sparc.rpm
0f8965c2d13bc000a87ed26ab5459ffb sparc/esound-devel-0.2.17-1.sparc.rpm
11a28ec13e110cbaabb403333efe27c1 sparc/gnome-core-1.0.54-2.sparc.rpm
7b86b6bb257376242e88096f1aafc722 sparc/gnome-core-devel-1.0.54-2.sparc.rpm
9fa749891ed4e9505b07cac512e80808 SRPMS/ORBit-0.5.0-2.src.rpm
4d34ef79104c3b754f368900a1f09370 SRPMS/esound-0.2.17-1.src.rpm
48f5b99bc92048e99e159a026b314871 SRPMS/gnome-core-1.0.54-2.src.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
-- Elliot
--
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.