Skip to navigation

Security Advisory Moderate: vixie-cron security update

Advisory: RHSA-2007:0345-3
Type: Security Advisory
Severity: Moderate
Issued on: 2007-05-17
Last updated on: 2007-05-17
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-1856

Details

Updated vixie-cron packages that fix a denial of service issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.

Raphael Marichez discovered a denial of service bug in the way vixie-cron
verifies crontab file integrity. A local user with the ability to create a
hardlink to /etc/crontab can prevent vixie-cron from executing certain
system cron jobs. (CVE-2007-1856)

All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
vixie-cron-4.1-19.EL3.src.rpm
File outdated by:  RHBA-2007:1001
    MD5: 7c765917fa13d34ca705284d0a51d16e
 
IA-32:
vixie-cron-4.1-19.EL3.i386.rpm
File outdated by:  RHBA-2007:1001
    MD5: ea525e4a8c8dc818b9e113c02a7e4c48
 
x86_64:
vixie-cron-4.1-19.EL3.x86_64.rpm
File outdated by:  RHBA-2007:1001
    MD5: c2440f24a81ded632ef8ce71c5f379a6
 
Red Hat Desktop (v. 4)

SRPMS:
vixie-cron-4.1-47.EL4.src.rpm
File outdated by:  RHBA-2010:0171
    MD5: c963050603bd83341aa5512719bcd6e1
 
IA-32:
vixie-cron-4.1-47.EL4.i386.rpm
File outdated by:  RHBA-2010:0171
    MD5: e50b7208f6e67ef36a941a9d53dd4ecd
 
x86_64:
vixie-cron-4.1-47.EL4.x86_64.rpm
File outdated by:  RHBA-2010:0171
    MD5: 9cdec79f5fd5c4daaec883aa70bb6432
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
vixie-cron-4.1-70.el5.src.rpm
File outdated by:  RHSA-2012:0304
    MD5: 91b16cc530bd52916de05ebf3a291ec3
 
IA-32:
vixie-cron-4.1-70.el5.i386.rpm
File outdated by:  RHSA-2012:0304
    MD5: bf66188eda08c4e4410854a118448fce
 
IA-64:
vixie-cron-4.1-70.el5.ia64.rpm
File outdated by:  RHSA-2012:0304
    MD5: 4bd5c5c644d7cae8a7a35ee8a8db1fe3
 
PPC:
vixie-cron-4.1-70.el5.ppc.rpm
File outdated by:  RHSA-2012:0304
    MD5: ccd2a860b388dcf0b8174ac301813692
 
s390x:
vixie-cron-4.1-70.el5.s390x.rpm
File outdated by:  RHSA-2012:0304
    MD5: 308a141f06dcf269d3fcbf80d464cd9d
 
x86_64:
vixie-cron-4.1-70.el5.x86_64.rpm
File outdated by:  RHSA-2012:0304
    MD5: 2d9c6bdffb703c8ecdfb5bbac74a193e
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
vixie-cron-4.1-19.EL3.src.rpm
File outdated by:  RHBA-2007:1001
    MD5: 7c765917fa13d34ca705284d0a51d16e
 
IA-32:
vixie-cron-4.1-19.EL3.i386.rpm
File outdated by:  RHBA-2007:1001
    MD5: ea525e4a8c8dc818b9e113c02a7e4c48
 
IA-64:
vixie-cron-4.1-19.EL3.ia64.rpm
File outdated by:  RHBA-2007:1001
    MD5: dbd7433ff15f0aaf005cd1bbed789112
 
PPC:
vixie-cron-4.1-19.EL3.ppc.rpm
File outdated by:  RHBA-2007:1001
    MD5: 097b5ff35bfae9dc80600b1c5c625b28
 
s390:
vixie-cron-4.1-19.EL3.s390.rpm
File outdated by:  RHBA-2007:1001
    MD5: 825a473c9476f6c4c0998c9b37c87584
 
s390x:
vixie-cron-4.1-19.EL3.s390x.rpm
File outdated by:  RHBA-2007:1001
    MD5: a69ee247f2c81ef9baa7636c8f695ab5
 
x86_64:
vixie-cron-4.1-19.EL3.x86_64.rpm
File outdated by:  RHBA-2007:1001
    MD5: c2440f24a81ded632ef8ce71c5f379a6
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
vixie-cron-4.1-47.EL4.src.rpm
File outdated by:  RHBA-2010:0171
    MD5: c963050603bd83341aa5512719bcd6e1
 
IA-32:
vixie-cron-4.1-47.EL4.i386.rpm
File outdated by:  RHBA-2010:0171
    MD5: e50b7208f6e67ef36a941a9d53dd4ecd
 
IA-64:
vixie-cron-4.1-47.EL4.ia64.rpm
File outdated by:  RHBA-2010:0171
    MD5: 2a8acdc3387f80b88b05d3caf37494b4
 
PPC:
vixie-cron-4.1-47.EL4.ppc.rpm
File outdated by:  RHBA-2010:0171
    MD5: 68741ea68b37363dc302345cc3bf2209
 
s390:
vixie-cron-4.1-47.EL4.s390.rpm
File outdated by:  RHBA-2010:0171
    MD5: 4bcc729825cd7622cc9cf2ce317f641f
 
s390x:
vixie-cron-4.1-47.EL4.s390x.rpm
File outdated by:  RHBA-2010:0171
    MD5: 903f1dbd19ee18070d02b659d8d8ba83
 
x86_64:
vixie-cron-4.1-47.EL4.x86_64.rpm
File outdated by:  RHBA-2010:0171
    MD5: 9cdec79f5fd5c4daaec883aa70bb6432
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
vixie-cron-4.1-47.EL4.src.rpm
File outdated by:  RHBA-2010:0171
    MD5: c963050603bd83341aa5512719bcd6e1
 
IA-32:
vixie-cron-4.1-47.EL4.i386.rpm     MD5: e50b7208f6e67ef36a941a9d53dd4ecd
 
IA-64:
vixie-cron-4.1-47.EL4.ia64.rpm     MD5: 2a8acdc3387f80b88b05d3caf37494b4
 
PPC:
vixie-cron-4.1-47.EL4.ppc.rpm     MD5: 68741ea68b37363dc302345cc3bf2209
 
s390:
vixie-cron-4.1-47.EL4.s390.rpm     MD5: 4bcc729825cd7622cc9cf2ce317f641f
 
s390x:
vixie-cron-4.1-47.EL4.s390x.rpm     MD5: 903f1dbd19ee18070d02b659d8d8ba83
 
x86_64:
vixie-cron-4.1-47.EL4.x86_64.rpm     MD5: 9cdec79f5fd5c4daaec883aa70bb6432
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
vixie-cron-4.1-70.el5.src.rpm
File outdated by:  RHSA-2012:0304
    MD5: 91b16cc530bd52916de05ebf3a291ec3
 
IA-32:
vixie-cron-4.1-70.el5.i386.rpm
File outdated by:  RHSA-2012:0304
    MD5: bf66188eda08c4e4410854a118448fce
 
x86_64:
vixie-cron-4.1-70.el5.x86_64.rpm
File outdated by:  RHSA-2012:0304
    MD5: 2d9c6bdffb703c8ecdfb5bbac74a193e
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
vixie-cron-4.1-19.EL3.src.rpm
File outdated by:  RHBA-2007:1001
    MD5: 7c765917fa13d34ca705284d0a51d16e
 
IA-32:
vixie-cron-4.1-19.EL3.i386.rpm
File outdated by:  RHBA-2007:1001
    MD5: ea525e4a8c8dc818b9e113c02a7e4c48
 
IA-64:
vixie-cron-4.1-19.EL3.ia64.rpm
File outdated by:  RHBA-2007:1001
    MD5: dbd7433ff15f0aaf005cd1bbed789112
 
x86_64:
vixie-cron-4.1-19.EL3.x86_64.rpm
File outdated by:  RHBA-2007:1001
    MD5: c2440f24a81ded632ef8ce71c5f379a6
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
vixie-cron-4.1-47.EL4.src.rpm
File outdated by:  RHBA-2010:0171
    MD5: c963050603bd83341aa5512719bcd6e1
 
IA-32:
vixie-cron-4.1-47.EL4.i386.rpm
File outdated by:  RHBA-2010:0171
    MD5: e50b7208f6e67ef36a941a9d53dd4ecd
 
IA-64:
vixie-cron-4.1-47.EL4.ia64.rpm
File outdated by:  RHBA-2010:0171
    MD5: 2a8acdc3387f80b88b05d3caf37494b4
 
x86_64:
vixie-cron-4.1-47.EL4.x86_64.rpm
File outdated by:  RHBA-2010:0171
    MD5: 9cdec79f5fd5c4daaec883aa70bb6432
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
vixie-cron-4.1-47.EL4.src.rpm
File outdated by:  RHBA-2010:0171
    MD5: c963050603bd83341aa5512719bcd6e1
 
IA-32:
vixie-cron-4.1-47.EL4.i386.rpm     MD5: e50b7208f6e67ef36a941a9d53dd4ecd
 
IA-64:
vixie-cron-4.1-47.EL4.ia64.rpm     MD5: 2a8acdc3387f80b88b05d3caf37494b4
 
x86_64:
vixie-cron-4.1-47.EL4.x86_64.rpm     MD5: 9cdec79f5fd5c4daaec883aa70bb6432
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
vixie-cron-4.1-19.EL3.src.rpm
File outdated by:  RHBA-2007:1001
    MD5: 7c765917fa13d34ca705284d0a51d16e
 
IA-32:
vixie-cron-4.1-19.EL3.i386.rpm
File outdated by:  RHBA-2007:1001
    MD5: ea525e4a8c8dc818b9e113c02a7e4c48
 
IA-64:
vixie-cron-4.1-19.EL3.ia64.rpm
File outdated by:  RHBA-2007:1001
    MD5: dbd7433ff15f0aaf005cd1bbed789112
 
x86_64:
vixie-cron-4.1-19.EL3.x86_64.rpm
File outdated by:  RHBA-2007:1001
    MD5: c2440f24a81ded632ef8ce71c5f379a6
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
vixie-cron-4.1-47.EL4.src.rpm
File outdated by:  RHBA-2010:0171
    MD5: c963050603bd83341aa5512719bcd6e1
 
IA-32:
vixie-cron-4.1-47.EL4.i386.rpm
File outdated by:  RHBA-2010:0171
    MD5: e50b7208f6e67ef36a941a9d53dd4ecd
 
IA-64:
vixie-cron-4.1-47.EL4.ia64.rpm
File outdated by:  RHBA-2010:0171
    MD5: 2a8acdc3387f80b88b05d3caf37494b4
 
x86_64:
vixie-cron-4.1-47.EL4.x86_64.rpm
File outdated by:  RHBA-2010:0171
    MD5: 9cdec79f5fd5c4daaec883aa70bb6432
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

223662 - crond failed "Days of week" after a few hours on 1st/Jan
235880 - CVE-2007-1856 crontab denial of service


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/