Red Hat Product Errata RHSA-2009:0005 - Security Advisory
Issued:
2009-01-07
Updated:
2009-01-07

RHSA-2009:0005 - Security Advisory

Synopsis

Moderate: gnome-vfs, gnome-vfs2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated GNOME VFS packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1, 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

GNOME VFS is the GNOME virtual file system. It provides a modular
architecture and ships with several modules that implement support for
various local and remote file systems as well as numerous protocols,
including HTTP, FTP, and others.

A buffer overflow flaw was discovered in the GNOME virtual file system when
handling data returned by CDDB servers. If a user connected to a malicious
CDDB server, an attacker could use this flaw to execute arbitrary code on
the victim's machine. (CVE-2005-0706)

Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. All
running GNOME sessions must be restarted for the update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc

Fixes

  • BZ - 470552 - CVE-2005-0706 grip,libcdaudio: buffer overflow caused by large amount of CDDB replies

Red Hat Enterprise Linux Server 4

SRPM
x86_64
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 19aff14de9d66eec4a5ba1d1a40e59869db81136fe067f42083bcea40976c12e
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 19aff14de9d66eec4a5ba1d1a40e59869db81136fe067f42083bcea40976c12e
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 92da0a757695fea9007ee5a4b5c0d14476d2ea40f6ff26675ee33e3b29670fee
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 92da0a757695fea9007ee5a4b5c0d14476d2ea40f6ff26675ee33e3b29670fee
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 10c6ac3514c2bc9b18f3c1365494934e3b52820a3fb17cb2fb4f9070386d9493
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 10c6ac3514c2bc9b18f3c1365494934e3b52820a3fb17cb2fb4f9070386d9493
ia64
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: 33d2315f107cd1f51fcd0bdc94085f9828c4ce04d51fab8489090c9907f0e41f
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: 33d2315f107cd1f51fcd0bdc94085f9828c4ce04d51fab8489090c9907f0e41f
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: f55f080f0994354e6beb29b689562dae4a405a7b1250f2f2459721cf8438fb4a
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: f55f080f0994354e6beb29b689562dae4a405a7b1250f2f2459721cf8438fb4a
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: d12490d9f685cc7fdaaf8a51a330977d1bb7b26015e9962d79b2ce929c8b3604
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: d12490d9f685cc7fdaaf8a51a330977d1bb7b26015e9962d79b2ce929c8b3604
i386
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: dd388878139170d947bc93dd30ea1e7f21c26439ad1e091676ec45e4600850d6
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: dd388878139170d947bc93dd30ea1e7f21c26439ad1e091676ec45e4600850d6
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: 0ae30f59e697ab821e15a2dfe63ea31de5ca8e460c41f4c4f342793f70d55850
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: 0ae30f59e697ab821e15a2dfe63ea31de5ca8e460c41f4c4f342793f70d55850

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7

SRPM
x86_64
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 19aff14de9d66eec4a5ba1d1a40e59869db81136fe067f42083bcea40976c12e
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 19aff14de9d66eec4a5ba1d1a40e59869db81136fe067f42083bcea40976c12e
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 92da0a757695fea9007ee5a4b5c0d14476d2ea40f6ff26675ee33e3b29670fee
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 92da0a757695fea9007ee5a4b5c0d14476d2ea40f6ff26675ee33e3b29670fee
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 10c6ac3514c2bc9b18f3c1365494934e3b52820a3fb17cb2fb4f9070386d9493
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 10c6ac3514c2bc9b18f3c1365494934e3b52820a3fb17cb2fb4f9070386d9493
ia64
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: 33d2315f107cd1f51fcd0bdc94085f9828c4ce04d51fab8489090c9907f0e41f
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: 33d2315f107cd1f51fcd0bdc94085f9828c4ce04d51fab8489090c9907f0e41f
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: f55f080f0994354e6beb29b689562dae4a405a7b1250f2f2459721cf8438fb4a
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: f55f080f0994354e6beb29b689562dae4a405a7b1250f2f2459721cf8438fb4a
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: d12490d9f685cc7fdaaf8a51a330977d1bb7b26015e9962d79b2ce929c8b3604
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: d12490d9f685cc7fdaaf8a51a330977d1bb7b26015e9962d79b2ce929c8b3604
i386
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: dd388878139170d947bc93dd30ea1e7f21c26439ad1e091676ec45e4600850d6
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: dd388878139170d947bc93dd30ea1e7f21c26439ad1e091676ec45e4600850d6
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: 0ae30f59e697ab821e15a2dfe63ea31de5ca8e460c41f4c4f342793f70d55850
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: 0ae30f59e697ab821e15a2dfe63ea31de5ca8e460c41f4c4f342793f70d55850

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 19aff14de9d66eec4a5ba1d1a40e59869db81136fe067f42083bcea40976c12e
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 92da0a757695fea9007ee5a4b5c0d14476d2ea40f6ff26675ee33e3b29670fee
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 10c6ac3514c2bc9b18f3c1365494934e3b52820a3fb17cb2fb4f9070386d9493
ia64
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: 33d2315f107cd1f51fcd0bdc94085f9828c4ce04d51fab8489090c9907f0e41f
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: f55f080f0994354e6beb29b689562dae4a405a7b1250f2f2459721cf8438fb4a
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm SHA-256: d12490d9f685cc7fdaaf8a51a330977d1bb7b26015e9962d79b2ce929c8b3604
i386
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: dd388878139170d947bc93dd30ea1e7f21c26439ad1e091676ec45e4600850d6
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: 0ae30f59e697ab821e15a2dfe63ea31de5ca8e460c41f4c4f342793f70d55850

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 19aff14de9d66eec4a5ba1d1a40e59869db81136fe067f42083bcea40976c12e
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 92da0a757695fea9007ee5a4b5c0d14476d2ea40f6ff26675ee33e3b29670fee
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm SHA-256: 10c6ac3514c2bc9b18f3c1365494934e3b52820a3fb17cb2fb4f9070386d9493
i386
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: ed3030a3177fa15a8adeb143c7d6fbf7d43cef25044d09e99fa4ebd9f783101a
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: dd388878139170d947bc93dd30ea1e7f21c26439ad1e091676ec45e4600850d6
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm SHA-256: 0ae30f59e697ab821e15a2dfe63ea31de5ca8e460c41f4c4f342793f70d55850

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
gnome-vfs2-2.8.2-8.7.el4_7.2.s390x.rpm SHA-256: 6ef6385aa5a9a3dc8ce7f8ae57111eb123cafa4be58374464deab84db4f2079c
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390x.rpm SHA-256: 3786133253599270a78cc233dd4132254ef6f288aeb5559ba8152c0b387c7b6d
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390x.rpm SHA-256: 55b163bc1d3ea30bb15e99491642da15733593176d9e2e04101721ba9eda30f2
s390
gnome-vfs2-2.8.2-8.7.el4_7.2.s390.rpm SHA-256: 48165c5a9a653589cccc815854119f12f66ae8fd3dd6d7340a1616be3198d52f
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390.rpm SHA-256: 1d8e71124732ac34828b199a7e8e446ea7eeca526489082f1aa66d89f991f149
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390.rpm SHA-256: 0af28fed1e5e2ae3de49d6e3202a6aba2dffbc3121547ed06f3fabb57008e076

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
s390x
gnome-vfs2-2.8.2-8.7.el4_7.2.s390x.rpm SHA-256: 6ef6385aa5a9a3dc8ce7f8ae57111eb123cafa4be58374464deab84db4f2079c
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390x.rpm SHA-256: 3786133253599270a78cc233dd4132254ef6f288aeb5559ba8152c0b387c7b6d
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390x.rpm SHA-256: 55b163bc1d3ea30bb15e99491642da15733593176d9e2e04101721ba9eda30f2
s390
gnome-vfs2-2.8.2-8.7.el4_7.2.s390.rpm SHA-256: 48165c5a9a653589cccc815854119f12f66ae8fd3dd6d7340a1616be3198d52f
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390.rpm SHA-256: 1d8e71124732ac34828b199a7e8e446ea7eeca526489082f1aa66d89f991f149
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390.rpm SHA-256: 0af28fed1e5e2ae3de49d6e3202a6aba2dffbc3121547ed06f3fabb57008e076

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
gnome-vfs2-2.8.2-8.7.el4_7.2.ppc.rpm SHA-256: e081e817e3443ce45cb6f3527c3a64b53ea4d8e13edab8b841613276a5420314
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ppc.rpm SHA-256: 2a4796121bd61bb37697b510478f1c1fe67cbdfad0c0d2aa882e6949b616dde0
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ppc.rpm SHA-256: cf8421e4bb6c4b77e46b13923f3e90ac55b76d370c3778b4adc9e35a264456cf

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
ppc
gnome-vfs2-2.8.2-8.7.el4_7.2.ppc.rpm SHA-256: e081e817e3443ce45cb6f3527c3a64b53ea4d8e13edab8b841613276a5420314
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ppc.rpm SHA-256: 2a4796121bd61bb37697b510478f1c1fe67cbdfad0c0d2aa882e6949b616dde0
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ppc.rpm SHA-256: cf8421e4bb6c4b77e46b13923f3e90ac55b76d370c3778b4adc9e35a264456cf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.