Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2008:0510-01] Moderate: Red Hat Application Stack v1.3 security and enhancement update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: Red Hat Application Stack v1.3 security and enhancement update

Advisory ID: RHSA-2008:0510-01

Product: Red Hat Application Stack

Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0510.html

Issue date: 2008-07-02

CVE Names: CVE-2008-2079

=====================================================================

 

1. Summary:

 

Red Hat Application Stack v1.3 is now available. This update fixes a

security issue and adds several enhancements.

 

This updated has been rated as having moderate security impact by the Red

Hat Security Response Team.

 

2. Relevant releases/architectures:

 

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64

Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

 

3. Description:

 

The Red Hat Application Stack is an integrated open source application

stack, and includes JBoss Enterprise Application Platform (EAP).

 

Starting with this update, JBoss EAP is no longer provided via the

Application Stack channels. Instead, all Application Stack customers are

automatically entitled to the JBoss EAP channels. This ensures all users

have immediate access to JBoss EAP packages when they are released,

ensuring lesser wait for security and critical patches.

 

As a result, you must MANUALLY subscribe to the appropriate JBoss EAP

channel, as all further JBoss EAP updates will only go to that channel.

 

This update also entitles all customers to the JBoss EAP 4.3.0 channels.

Users receive support for JBoss EAP 4.3.0 if they choose to install it.

Important: downgrading from JBoss EAP 4.3.0 to 4.2.0 is unsupported.

 

MySQL was updated to version 5.0.50sp1a, fixing the following security

issue:

 

MySQL did not correctly check directories used as arguments for the DATA

DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated

attacker could elevate their access privileges to tables created by other

database users. Note: this attack does not work on existing tables. An

attacker can only elevate their access to another user's tables as the

tables are created. As well, the names of these created tables need to be

predicted correctly for this attack to succeed. (CVE-2008-2079)

 

The following packages are updated:

 

* httpd to 2.0.63

* mod_jk to 1.2.26

* the MySQL Connector/ODBC to 3.51.24r1071

* perl-DBD-MySQL to 4.006

* perl-DBI to 1.604

* postgresqlclient7 to 7.4.19

* postgresql-jdbc to 8.1.412

* unixODBC to 2.2.12

 

4. Solution:

 

Before applying this update, make sure that all previously-released

errata relevant to your system have been applied.

 

This update is available via Red Hat Network. Details on how to use

the Red Hat Network to apply this update are available at

http://kbase.redhat.com/faq/FAQ_58_10188

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

445222 - CVE-2008-2079 mysql: privilege escalation via DATA/INDEX DIRECTORY directives

 

6. Package List:

 

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

 

Source:

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/httpd-2.0.63-2.el4s1.2.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/mod_jk-1.2.26-1.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/mysql-5.0.50sp1a-2.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/mysql-connector-odbc-3.51.24r1071-1.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/perl-DBD-MySQL-4.006-1.el4.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/perl-DBI-1.604-1.el4s1.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.9.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/postgresql-jdbc-8.1.412-1jpp.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/postgresqlclient7-7.4.19-1.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/unixODBC-2.2.12-6.el4s1.1.src.rpm

 

i386:

httpd-2.0.63-2.el4s1.2.i386.rpm

httpd-debuginfo-2.0.63-2.el4s1.2.i386.rpm

httpd-devel-2.0.63-2.el4s1.2.i386.rpm

httpd-manual-2.0.63-2.el4s1.2.i386.rpm

mod_jk-ap20-1.2.26-1.el4s1.1.i386.rpm

mod_jk-debuginfo-1.2.26-1.el4s1.1.i386.rpm

mod_jk-manual-1.2.26-1.el4s1.1.i386.rpm

mod_ssl-2.0.63-2.el4s1.2.i386.rpm

mysql-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-bench-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-cluster-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-connector-odbc-3.51.24r1071-1.el4s1.1.i386.rpm

mysql-connector-odbc-debuginfo-3.51.24r1071-1.el4s1.1.i386.rpm

mysql-debuginfo-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-devel-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-libs-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-server-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-test-5.0.50sp1a-2.el4s1.1.i386.rpm

perl-DBD-MySQL-4.006-1.el4.i386.rpm

perl-DBD-MySQL-debuginfo-4.006-1.el4.i386.rpm

perl-DBI-1.604-1.el4s1.i386.rpm

perl-DBI-debuginfo-1.604-1.el4s1.i386.rpm

php-5.1.6-3.el4s1.9.i386.rpm

php-bcmath-5.1.6-3.el4s1.9.i386.rpm

php-cli-5.1.6-3.el4s1.9.i386.rpm

php-common-5.1.6-3.el4s1.9.i386.rpm

php-dba-5.1.6-3.el4s1.9.i386.rpm

php-debuginfo-5.1.6-3.el4s1.9.i386.rpm

php-devel-5.1.6-3.el4s1.9.i386.rpm

php-gd-5.1.6-3.el4s1.9.i386.rpm

php-imap-5.1.6-3.el4s1.9.i386.rpm

php-ldap-5.1.6-3.el4s1.9.i386.rpm

php-mbstring-5.1.6-3.el4s1.9.i386.rpm

php-mysql-5.1.6-3.el4s1.9.i386.rpm

php-ncurses-5.1.6-3.el4s1.9.i386.rpm

php-odbc-5.1.6-3.el4s1.9.i386.rpm

php-pdo-5.1.6-3.el4s1.9.i386.rpm

php-pgsql-5.1.6-3.el4s1.9.i386.rpm

php-snmp-5.1.6-3.el4s1.9.i386.rpm

php-soap-5.1.6-3.el4s1.9.i386.rpm

php-xml-5.1.6-3.el4s1.9.i386.rpm

php-xmlrpc-5.1.6-3.el4s1.9.i386.rpm

postgresql-jdbc-8.1.412-1jpp.el4s1.1.i386.rpm

postgresql-jdbc-debuginfo-8.1.412-1jpp.el4s1.1.i386.rpm

postgresqlclient7-7.4.19-1.el4s1.1.i386.rpm

postgresqlclient7-debuginfo-7.4.19-1.el4s1.1.i386.rpm

unixODBC-2.2.12-6.el4s1.1.i386.rpm

unixODBC-debuginfo-2.2.12-6.el4s1.1.i386.rpm

unixODBC-devel-2.2.12-6.el4s1.1.i386.rpm

unixODBC-kde-2.2.12-6.el4s1.1.i386.rpm

 

x86_64:

httpd-2.0.63-2.el4s1.2.x86_64.rpm

httpd-debuginfo-2.0.63-2.el4s1.2.x86_64.rpm

httpd-devel-2.0.63-2.el4s1.2.x86_64.rpm

httpd-manual-2.0.63-2.el4s1.2.x86_64.rpm

mod_jk-ap20-1.2.26-1.el4s1.1.x86_64.rpm

mod_jk-debuginfo-1.2.26-1.el4s1.1.x86_64.rpm

mod_jk-manual-1.2.26-1.el4s1.1.x86_64.rpm

mod_ssl-2.0.63-2.el4s1.2.x86_64.rpm

mysql-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-bench-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-cluster-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-connector-odbc-3.51.24r1071-1.el4s1.1.x86_64.rpm

mysql-connector-odbc-debuginfo-3.51.24r1071-1.el4s1.1.x86_64.rpm

mysql-debuginfo-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-debuginfo-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-devel-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-libs-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-libs-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-server-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-test-5.0.50sp1a-2.el4s1.1.x86_64.rpm

perl-DBD-MySQL-4.006-1.el4.x86_64.rpm

perl-DBD-MySQL-debuginfo-4.006-1.el4.x86_64.rpm

perl-DBI-1.604-1.el4s1.x86_64.rpm

perl-DBI-debuginfo-1.604-1.el4s1.x86_64.rpm

php-5.1.6-3.el4s1.9.x86_64.rpm

php-bcmath-5.1.6-3.el4s1.9.x86_64.rpm

php-cli-5.1.6-3.el4s1.9.x86_64.rpm

php-common-5.1.6-3.el4s1.9.x86_64.rpm

php-dba-5.1.6-3.el4s1.9.x86_64.rpm

php-debuginfo-5.1.6-3.el4s1.9.x86_64.rpm

php-devel-5.1.6-3.el4s1.9.x86_64.rpm

php-gd-5.1.6-3.el4s1.9.x86_64.rpm

php-imap-5.1.6-3.el4s1.9.x86_64.rpm

php-ldap-5.1.6-3.el4s1.9.x86_64.rpm

php-mbstring-5.1.6-3.el4s1.9.x86_64.rpm

php-mysql-5.1.6-3.el4s1.9.x86_64.rpm

php-ncurses-5.1.6-3.el4s1.9.x86_64.rpm

php-odbc-5.1.6-3.el4s1.9.x86_64.rpm

php-pdo-5.1.6-3.el4s1.9.x86_64.rpm

php-pgsql-5.1.6-3.el4s1.9.x86_64.rpm

php-snmp-5.1.6-3.el4s1.9.x86_64.rpm

php-soap-5.1.6-3.el4s1.9.x86_64.rpm

php-xml-5.1.6-3.el4s1.9.x86_64.rpm

php-xmlrpc-5.1.6-3.el4s1.9.x86_64.rpm

postgresql-jdbc-8.1.412-1jpp.el4s1.1.x86_64.rpm

postgresql-jdbc-debuginfo-8.1.412-1jpp.el4s1.1.x86_64.rpm

postgresqlclient7-7.4.19-1.el4s1.1.i386.rpm

postgresqlclient7-7.4.19-1.el4s1.1.x86_64.rpm

postgresqlclient7-debuginfo-7.4.19-1.el4s1.1.i386.rpm

postgresqlclient7-debuginfo-7.4.19-1.el4s1.1.x86_64.rpm

unixODBC-2.2.12-6.el4s1.1.i386.rpm

unixODBC-2.2.12-6.el4s1.1.x86_64.rpm

unixODBC-debuginfo-2.2.12-6.el4s1.1.i386.rpm

unixODBC-debuginfo-2.2.12-6.el4s1.1.x86_64.rpm

unixODBC-devel-2.2.12-6.el4s1.1.x86_64.rpm

unixODBC-kde-2.2.12-6.el4s1.1.i386.rpm

unixODBC-kde-2.2.12-6.el4s1.1.x86_64.rpm

 

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

 

Source:

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/httpd-2.0.63-2.el4s1.2.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/mod_jk-1.2.26-1.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/mysql-5.0.50sp1a-2.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/mysql-connector-odbc-3.51.24r1071-1.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/perl-DBD-MySQL-4.006-1.el4.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/perl-DBI-1.604-1.el4s1.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.9.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/postgresql-jdbc-8.1.412-1jpp.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/postgresqlclient7-7.4.19-1.el4s1.1.src.rpm

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/unixODBC-2.2.12-6.el4s1.1.src.rpm

 

i386:

httpd-2.0.63-2.el4s1.2.i386.rpm

httpd-debuginfo-2.0.63-2.el4s1.2.i386.rpm

httpd-devel-2.0.63-2.el4s1.2.i386.rpm

httpd-manual-2.0.63-2.el4s1.2.i386.rpm

mod_jk-ap20-1.2.26-1.el4s1.1.i386.rpm

mod_jk-debuginfo-1.2.26-1.el4s1.1.i386.rpm

mod_jk-manual-1.2.26-1.el4s1.1.i386.rpm

mod_ssl-2.0.63-2.el4s1.2.i386.rpm

mysql-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-bench-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-cluster-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-connector-odbc-3.51.24r1071-1.el4s1.1.i386.rpm

mysql-connector-odbc-debuginfo-3.51.24r1071-1.el4s1.1.i386.rpm

mysql-debuginfo-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-devel-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-libs-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-server-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-test-5.0.50sp1a-2.el4s1.1.i386.rpm

perl-DBD-MySQL-4.006-1.el4.i386.rpm

perl-DBD-MySQL-debuginfo-4.006-1.el4.i386.rpm

perl-DBI-1.604-1.el4s1.i386.rpm

perl-DBI-debuginfo-1.604-1.el4s1.i386.rpm

php-5.1.6-3.el4s1.9.i386.rpm

php-bcmath-5.1.6-3.el4s1.9.i386.rpm

php-cli-5.1.6-3.el4s1.9.i386.rpm

php-common-5.1.6-3.el4s1.9.i386.rpm

php-dba-5.1.6-3.el4s1.9.i386.rpm

php-debuginfo-5.1.6-3.el4s1.9.i386.rpm

php-devel-5.1.6-3.el4s1.9.i386.rpm

php-gd-5.1.6-3.el4s1.9.i386.rpm

php-imap-5.1.6-3.el4s1.9.i386.rpm

php-ldap-5.1.6-3.el4s1.9.i386.rpm

php-mbstring-5.1.6-3.el4s1.9.i386.rpm

php-mysql-5.1.6-3.el4s1.9.i386.rpm

php-ncurses-5.1.6-3.el4s1.9.i386.rpm

php-odbc-5.1.6-3.el4s1.9.i386.rpm

php-pdo-5.1.6-3.el4s1.9.i386.rpm

php-pgsql-5.1.6-3.el4s1.9.i386.rpm

php-snmp-5.1.6-3.el4s1.9.i386.rpm

php-soap-5.1.6-3.el4s1.9.i386.rpm

php-xml-5.1.6-3.el4s1.9.i386.rpm

php-xmlrpc-5.1.6-3.el4s1.9.i386.rpm

postgresql-jdbc-8.1.412-1jpp.el4s1.1.i386.rpm

postgresql-jdbc-debuginfo-8.1.412-1jpp.el4s1.1.i386.rpm

postgresqlclient7-7.4.19-1.el4s1.1.i386.rpm

postgresqlclient7-debuginfo-7.4.19-1.el4s1.1.i386.rpm

unixODBC-2.2.12-6.el4s1.1.i386.rpm

unixODBC-debuginfo-2.2.12-6.el4s1.1.i386.rpm

unixODBC-devel-2.2.12-6.el4s1.1.i386.rpm

unixODBC-kde-2.2.12-6.el4s1.1.i386.rpm

 

x86_64:

httpd-2.0.63-2.el4s1.2.x86_64.rpm

httpd-debuginfo-2.0.63-2.el4s1.2.x86_64.rpm

httpd-devel-2.0.63-2.el4s1.2.x86_64.rpm

httpd-manual-2.0.63-2.el4s1.2.x86_64.rpm

mod_jk-ap20-1.2.26-1.el4s1.1.x86_64.rpm

mod_jk-debuginfo-1.2.26-1.el4s1.1.x86_64.rpm

mod_jk-manual-1.2.26-1.el4s1.1.x86_64.rpm

mod_ssl-2.0.63-2.el4s1.2.x86_64.rpm

mysql-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-bench-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-cluster-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-connector-odbc-3.51.24r1071-1.el4s1.1.x86_64.rpm

mysql-connector-odbc-debuginfo-3.51.24r1071-1.el4s1.1.x86_64.rpm

mysql-debuginfo-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-debuginfo-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-devel-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-libs-5.0.50sp1a-2.el4s1.1.i386.rpm

mysql-libs-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-server-5.0.50sp1a-2.el4s1.1.x86_64.rpm

mysql-test-5.0.50sp1a-2.el4s1.1.x86_64.rpm

perl-DBD-MySQL-4.006-1.el4.x86_64.rpm

perl-DBD-MySQL-debuginfo-4.006-1.el4.x86_64.rpm

perl-DBI-1.604-1.el4s1.x86_64.rpm

perl-DBI-debuginfo-1.604-1.el4s1.x86_64.rpm

php-5.1.6-3.el4s1.9.x86_64.rpm

php-bcmath-5.1.6-3.el4s1.9.x86_64.rpm

php-cli-5.1.6-3.el4s1.9.x86_64.rpm

php-common-5.1.6-3.el4s1.9.x86_64.rpm

php-dba-5.1.6-3.el4s1.9.x86_64.rpm

php-debuginfo-5.1.6-3.el4s1.9.x86_64.rpm

php-devel-5.1.6-3.el4s1.9.x86_64.rpm

php-gd-5.1.6-3.el4s1.9.x86_64.rpm

php-imap-5.1.6-3.el4s1.9.x86_64.rpm

php-ldap-5.1.6-3.el4s1.9.x86_64.rpm

php-mbstring-5.1.6-3.el4s1.9.x86_64.rpm

php-mysql-5.1.6-3.el4s1.9.x86_64.rpm

php-ncurses-5.1.6-3.el4s1.9.x86_64.rpm

php-odbc-5.1.6-3.el4s1.9.x86_64.rpm

php-pdo-5.1.6-3.el4s1.9.x86_64.rpm

php-pgsql-5.1.6-3.el4s1.9.x86_64.rpm

php-snmp-5.1.6-3.el4s1.9.x86_64.rpm

php-soap-5.1.6-3.el4s1.9.x86_64.rpm

php-xml-5.1.6-3.el4s1.9.x86_64.rpm

php-xmlrpc-5.1.6-3.el4s1.9.x86_64.rpm

postgresql-jdbc-8.1.412-1jpp.el4s1.1.x86_64.rpm

postgresql-jdbc-debuginfo-8.1.412-1jpp.el4s1.1.x86_64.rpm

postgresqlclient7-7.4.19-1.el4s1.1.i386.rpm

postgresqlclient7-7.4.19-1.el4s1.1.x86_64.rpm

postgresqlclient7-debuginfo-7.4.19-1.el4s1.1.i386.rpm

postgresqlclient7-debuginfo-7.4.19-1.el4s1.1.x86_64.rpm

unixODBC-2.2.12-6.el4s1.1.i386.rpm

unixODBC-2.2.12-6.el4s1.1.x86_64.rpm

unixODBC-debuginfo-2.2.12-6.el4s1.1.i386.rpm

unixODBC-debuginfo-2.2.12-6.el4s1.1.x86_64.rpm

unixODBC-devel-2.2.12-6.el4s1.1.x86_64.rpm

unixODBC-kde-2.2.12-6.el4s1.1.i386.rpm

unixODBC-kde-2.2.12-6.el4s1.1.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://www.redhat.com/security/team/key/#package

 

7. References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079

http://www.redhat.com/docs/en-US/Red_Hat_Application_Stack/1.3/html-single/Release_Notes/

http://www.redhat.com/security/updates/classification/#moderate

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

 

Copyright 2008 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFIa31UXlSAg2UNWIIRAnL8AKCeWKFjok+M3zZm7UAKoupYDhO8XACfYcpJ

HqKUkij9JOKvBqXxn6lkMMc=

=KGG4

-----END PGP SIGNATURE-----

 

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×