Security Advisory Moderate: gnome-vfs, gnome-vfs2 security update

Advisory: RHSA-2009:0005-6
Type: Security Advisory
Severity: Moderate
Issued on: 2009-01-07
Last updated on: 2009-01-07
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20090005.xml
CVEs (cve.mitre.org): CVE-2005-0706

Details

Updated GNOME VFS packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1, 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

GNOME VFS is the GNOME virtual file system. It provides a modular
architecture and ships with several modules that implement support for
various local and remote file systems as well as numerous protocols,
including HTTP, FTP, and others.

A buffer overflow flaw was discovered in the GNOME virtual file system when
handling data returned by CDDB servers. If a user connected to a malicious
CDDB server, an attacker could use this flaw to execute arbitrary code on
the victim's machine. (CVE-2005-0706)

Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. All
running GNOME sessions must be restarted for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
gnome-vfs2-2.2.5-2E.3.3.src.rpm     ddfaff8873a15b41a92e3ce77ae8fcef
 
IA-32:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-devel-2.2.5-2E.3.3.i386.rpm     ccea939cb80710f04446069ed71b9105
 
x86_64:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-2.2.5-2E.3.3.x86_64.rpm     6cc4e13fdb380612eb7fceaf07d6d220
gnome-vfs2-devel-2.2.5-2E.3.3.x86_64.rpm     b4aa801bf93d433f45f1b6ccdac9f4f5
 
Red Hat Desktop (v. 4)
SRPMS:
gnome-vfs2-2.8.2-8.7.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0982		     467f7cee233b2153b2f50d475d8bb11a
 
IA-32:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     3f585539df930179d6de1c489aaaa28b
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     b377fa0e64372053f662de1eb6bbe731
 
x86_64:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     df6a3437d821dd83efd5313353915a67
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     c49995a39be232d6954a7e6b9e39c734
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     81fe49ad3885b3568b9e897d21922a99
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
gnome-vfs-1.0.1-18.2.src.rpm     efe140de5e323297b24c7cb301e3c998
 
IA-32:
gnome-vfs-1.0.1-18.2.i386.rpm     1a74268ad7213978648e3f00e47cb38d
gnome-vfs-devel-1.0.1-18.2.i386.rpm     6061e233ffa89fc94299e11ffa60e924
 
IA-64:
gnome-vfs-1.0.1-18.2.ia64.rpm     892b31c53a463de3c175cd0706361beb
gnome-vfs-devel-1.0.1-18.2.ia64.rpm     4da82e4aa869ea0f8a8cb21619001175
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
gnome-vfs2-2.2.5-2E.3.3.src.rpm     ddfaff8873a15b41a92e3ce77ae8fcef
 
IA-32:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-devel-2.2.5-2E.3.3.i386.rpm     ccea939cb80710f04446069ed71b9105
 
IA-64:
gnome-vfs2-2.2.5-2E.3.3.ia64.rpm     7ee1ac087330fc2d1c90922d6e8509c4
gnome-vfs2-devel-2.2.5-2E.3.3.ia64.rpm     e3cf03cfa7adb87c371c839c5b311363
 
PPC:
gnome-vfs2-2.2.5-2E.3.3.ppc.rpm     2e860f8a1276228b5ed04b3f90173a02
gnome-vfs2-devel-2.2.5-2E.3.3.ppc.rpm     ea07a9ae8f77f5553937680d66ec8ea6
 
s390:
gnome-vfs2-2.2.5-2E.3.3.s390.rpm     963198cc898808bdf0253c521d6dd6b9
gnome-vfs2-devel-2.2.5-2E.3.3.s390.rpm     38ef6f771f2948d703a0c35332036856
 
s390x:
gnome-vfs2-2.2.5-2E.3.3.s390x.rpm     e832e7f64c1feb8f4de8747f7f312c79
gnome-vfs2-devel-2.2.5-2E.3.3.s390x.rpm     13338dbc1a49624ad1b997e8715f702d
 
x86_64:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-2.2.5-2E.3.3.x86_64.rpm     6cc4e13fdb380612eb7fceaf07d6d220
gnome-vfs2-devel-2.2.5-2E.3.3.x86_64.rpm     b4aa801bf93d433f45f1b6ccdac9f4f5
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gnome-vfs2-2.8.2-8.7.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0982		     467f7cee233b2153b2f50d475d8bb11a
 
IA-32:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     3f585539df930179d6de1c489aaaa28b
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     b377fa0e64372053f662de1eb6bbe731
 
IA-64:
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     83a638068ac0b2cdcf4f43858efb39e0
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     06bd0ff25799f86d1a3567b155d34a59
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     2af8e6f6e1036539b34d3a2da379cd25
 
PPC:
gnome-vfs2-2.8.2-8.7.el4_7.2.ppc.rpm
File outdated by:  RHBA-2009:0982		     08ea1dcac2ac303ed2f3d206d371f805
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ppc.rpm
File outdated by:  RHBA-2009:0982		     0bd6f5b1c9a51dc72ad5149a2730f7bd
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ppc.rpm
File outdated by:  RHBA-2009:0982		     b42fa0b890e4e6759eb71319fb89cd92
 
s390:
gnome-vfs2-2.8.2-8.7.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0982		     5a534cde7f1cb08276b7372b40c71849
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0982		     530f9a0c037326c11f68456a456ca4e8
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0982		     600c5429537484e60cc5572d237d8074
 
s390x:
gnome-vfs2-2.8.2-8.7.el4_7.2.s390x.rpm
File outdated by:  RHBA-2009:0982		     825043f13b7d53f86d1c166b6e8e13fd
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390x.rpm
File outdated by:  RHBA-2009:0982		     58edfa3dbf7a39c05687182c94fd8053
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390x.rpm
File outdated by:  RHBA-2009:0982		     4b601d5ef9dcb01467581211fedf23f2
 
x86_64:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     df6a3437d821dd83efd5313353915a67
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     c49995a39be232d6954a7e6b9e39c734
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     81fe49ad3885b3568b9e897d21922a99
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
gnome-vfs2-2.8.2-8.7.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0982		     467f7cee233b2153b2f50d475d8bb11a
 
IA-32:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm     3f585539df930179d6de1c489aaaa28b
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm     b377fa0e64372053f662de1eb6bbe731
 
IA-64:
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm     83a638068ac0b2cdcf4f43858efb39e0
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm     06bd0ff25799f86d1a3567b155d34a59
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm     2af8e6f6e1036539b34d3a2da379cd25
 
PPC:
gnome-vfs2-2.8.2-8.7.el4_7.2.ppc.rpm     08ea1dcac2ac303ed2f3d206d371f805
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ppc.rpm     0bd6f5b1c9a51dc72ad5149a2730f7bd
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ppc.rpm     b42fa0b890e4e6759eb71319fb89cd92
 
s390:
gnome-vfs2-2.8.2-8.7.el4_7.2.s390.rpm     5a534cde7f1cb08276b7372b40c71849
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390.rpm     530f9a0c037326c11f68456a456ca4e8
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390.rpm     600c5429537484e60cc5572d237d8074
 
s390x:
gnome-vfs2-2.8.2-8.7.el4_7.2.s390x.rpm     825043f13b7d53f86d1c166b6e8e13fd
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.s390x.rpm     58edfa3dbf7a39c05687182c94fd8053
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.s390x.rpm     4b601d5ef9dcb01467581211fedf23f2
 
x86_64:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm     df6a3437d821dd83efd5313353915a67
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm     c49995a39be232d6954a7e6b9e39c734
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm     81fe49ad3885b3568b9e897d21922a99
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
gnome-vfs-1.0.1-18.2.src.rpm     efe140de5e323297b24c7cb301e3c998
 
IA-32:
gnome-vfs-1.0.1-18.2.i386.rpm     1a74268ad7213978648e3f00e47cb38d
gnome-vfs-devel-1.0.1-18.2.i386.rpm     6061e233ffa89fc94299e11ffa60e924
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
gnome-vfs2-2.2.5-2E.3.3.src.rpm     ddfaff8873a15b41a92e3ce77ae8fcef
 
IA-32:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-devel-2.2.5-2E.3.3.i386.rpm     ccea939cb80710f04446069ed71b9105
 
IA-64:
gnome-vfs2-2.2.5-2E.3.3.ia64.rpm     7ee1ac087330fc2d1c90922d6e8509c4
gnome-vfs2-devel-2.2.5-2E.3.3.ia64.rpm     e3cf03cfa7adb87c371c839c5b311363
 
x86_64:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-2.2.5-2E.3.3.x86_64.rpm     6cc4e13fdb380612eb7fceaf07d6d220
gnome-vfs2-devel-2.2.5-2E.3.3.x86_64.rpm     b4aa801bf93d433f45f1b6ccdac9f4f5
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gnome-vfs2-2.8.2-8.7.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0982		     467f7cee233b2153b2f50d475d8bb11a
 
IA-32:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     3f585539df930179d6de1c489aaaa28b
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     b377fa0e64372053f662de1eb6bbe731
 
IA-64:
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     83a638068ac0b2cdcf4f43858efb39e0
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     06bd0ff25799f86d1a3567b155d34a59
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     2af8e6f6e1036539b34d3a2da379cd25
 
x86_64:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     df6a3437d821dd83efd5313353915a67
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     c49995a39be232d6954a7e6b9e39c734
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     81fe49ad3885b3568b9e897d21922a99
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
gnome-vfs2-2.8.2-8.7.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0982		     467f7cee233b2153b2f50d475d8bb11a
 
IA-32:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm     3f585539df930179d6de1c489aaaa28b
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm     b377fa0e64372053f662de1eb6bbe731
 
IA-64:
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm     83a638068ac0b2cdcf4f43858efb39e0
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm     06bd0ff25799f86d1a3567b155d34a59
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm     2af8e6f6e1036539b34d3a2da379cd25
 
x86_64:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm     df6a3437d821dd83efd5313353915a67
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm     c49995a39be232d6954a7e6b9e39c734
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm     81fe49ad3885b3568b9e897d21922a99
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
gnome-vfs-1.0.1-18.2.src.rpm     efe140de5e323297b24c7cb301e3c998
 
IA-32:
gnome-vfs-1.0.1-18.2.i386.rpm     1a74268ad7213978648e3f00e47cb38d
gnome-vfs-devel-1.0.1-18.2.i386.rpm     6061e233ffa89fc94299e11ffa60e924
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
gnome-vfs2-2.2.5-2E.3.3.src.rpm     ddfaff8873a15b41a92e3ce77ae8fcef
 
IA-32:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-devel-2.2.5-2E.3.3.i386.rpm     ccea939cb80710f04446069ed71b9105
 
IA-64:
gnome-vfs2-2.2.5-2E.3.3.ia64.rpm     7ee1ac087330fc2d1c90922d6e8509c4
gnome-vfs2-devel-2.2.5-2E.3.3.ia64.rpm     e3cf03cfa7adb87c371c839c5b311363
 
x86_64:
gnome-vfs2-2.2.5-2E.3.3.i386.rpm     baa88b59f4aedf9f7f24b54139743663
gnome-vfs2-2.2.5-2E.3.3.x86_64.rpm     6cc4e13fdb380612eb7fceaf07d6d220
gnome-vfs2-devel-2.2.5-2E.3.3.x86_64.rpm     b4aa801bf93d433f45f1b6ccdac9f4f5
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gnome-vfs2-2.8.2-8.7.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0982		     467f7cee233b2153b2f50d475d8bb11a
 
IA-32:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     3f585539df930179d6de1c489aaaa28b
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     b377fa0e64372053f662de1eb6bbe731
 
IA-64:
gnome-vfs2-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     83a638068ac0b2cdcf4f43858efb39e0
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     06bd0ff25799f86d1a3567b155d34a59
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0982		     2af8e6f6e1036539b34d3a2da379cd25
 
x86_64:
gnome-vfs2-2.8.2-8.7.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0982		     e4bbeff725ef37a735b140205b6e3f76
gnome-vfs2-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     df6a3437d821dd83efd5313353915a67
gnome-vfs2-devel-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     c49995a39be232d6954a7e6b9e39c734
gnome-vfs2-smb-2.8.2-8.7.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0982		     81fe49ad3885b3568b9e897d21922a99
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
gnome-vfs-1.0.1-18.2.src.rpm     efe140de5e323297b24c7cb301e3c998
 
IA-64:
gnome-vfs-1.0.1-18.2.ia64.rpm     892b31c53a463de3c175cd0706361beb
gnome-vfs-devel-1.0.1-18.2.ia64.rpm     4da82e4aa869ea0f8a8cb21619001175
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

470552 - CVE-2005-0706 grip,libcdaudio: buffer overflow caused by large amount of CDDB replies


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0706
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/