 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 2 Jun 2010 14:54:30 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: rhn-client-tools security update
Issue date: 2010-06-01
CVE Names: CVE-2010-1439
It was discovered that rhn-client-tools set insecure permissions on the
loginAuth.pkl file, used to store session credentials for authenticating
connections to servers. A local, unprivileged user could use these
credentials to download packages they wouldn't normally have permission
to download. They could also manipulate package or action lists
associated with the system's profile. (CVE-2010-1439)
Note: This package pulled in several other packages as dependencies in
order to fix all bugs and security holes.
SL 5.x
SRPMS:
rhn-client-tools-0.4.20-33.el5_5.2.src.rpm
i386:
hal-0.5.8.1-59.el5.i386.rpm
hal-devel-0.5.8.1-59.el5.i386.rpm
hal-gnome-0.5.8.1-59.el5.i386.rpm
m2crypto-0.16-6.el5.6.i386.rpm
pm-utils-0.99.3-10.el5.i386.rpm
python-dmidecode-3.10.8-4.el5.i386.rpm
rhn-check-0.4.20-33.el5_5.2.noarch.rpm
rhn-client-tools-0.4.20-33.el5_5.2.noarch.rpm
rhnlib-2.5.22-3.el5.noarch.rpm
rhn-setup-0.4.20-33.el5_5.2.noarch.rpm
rhn-setup-gnome-0.4.20-33.el5_5.2.noarch.rpm
yum-rhn-plugin-0.5.4-15.el5.noarch.rpm
x86_64:
hal-0.5.8.1-59.el5.i386.rpm
hal-0.5.8.1-59.el5.x86_64.rpm
hal-devel-0.5.8.1-59.el5.i386.rpm
hal-devel-0.5.8.1-59.el5.x86_64.rpm
hal-gnome-0.5.8.1-59.el5.x86_64.rpm
m2crypto-0.16-6.el5.6.x86_64.rpm
pm-utils-0.99.3-10.el5.x86_64.rpm
python-dmidecode-3.10.8-4.el5.x86_64.rpm
rhn-check-0.4.20-33.el5_5.2.noarch.rpm
rhn-client-tools-0.4.20-33.el5_5.2.noarch.rpm
rhnlib-2.5.22-3.el5.noarch.rpm
rhn-setup-0.4.20-33.el5_5.2.noarch.rpm
rhn-setup-gnome-0.4.20-33.el5_5.2.noarch.rpm
yum-rhn-plugin-0.5.4-15.el5.noarch.rpm
-Connie Sieh
-Troy Dawson
|
|
|
