Skip to navigation

Security Advisory Moderate: Red Hat Certificate System 7.3 security update

Advisory: RHSA-2010:0602-2
Type: Security Advisory
Severity: Moderate
Issued on: 2010-08-04
Last updated on: 2010-08-04
Affected Products: Red Hat Certificate System v7.3
CVEs (cve.mitre.org): CVE-2005-2090
CVE-2005-3510
CVE-2006-3835
CVE-2006-3918
CVE-2006-5752
CVE-2007-0450
CVE-2007-1349
CVE-2007-1358
CVE-2007-1863
CVE-2007-3304
CVE-2007-3382
CVE-2007-3385
CVE-2007-3847
CVE-2007-4465
CVE-2007-5000
CVE-2007-5116
CVE-2007-5333
CVE-2007-5461
CVE-2007-6388
CVE-2008-0005
CVE-2008-0128
CVE-2008-1232
CVE-2008-1927
CVE-2008-2364
CVE-2008-2370
CVE-2008-2939
CVE-2008-5515
CVE-2009-0023
CVE-2009-0033
CVE-2009-0580
CVE-2009-1891
CVE-2009-1955
CVE-2009-1956
CVE-2009-2412
CVE-2009-3094
CVE-2009-3095
CVE-2009-4901
CVE-2010-0407
CVE-2010-0434

Details

Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)

This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)

This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.

A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.

Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.

Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)

As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.

All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Certificate System v7.3

SRPMS:
ant-1.6.5-1jpp_1rh.src.rpm     MD5: f21de3e8f6cdf2b01c26abbfbd2ed4ee
SHA-256: 2b6be8d6b6480bed5e472d5fdd97dbb6af052487117158332e822506f04951c6
avalon-logkit-1.2-2jpp_4rh.src.rpm     MD5: c6316e235f48bbb877fbebe410c04981
SHA-256: b82828b61464c3f58c65601be5adcf222dfcd81f3e1847e2a3ada0ecf33a649f
axis-1.2.1-1jpp_3rh.src.rpm     MD5: 8189ce885ed519aa16247c965d212be7
SHA-256: d2751a91b6ee09683c04a68e0cca8a571f22d8e5edf83a7a90b68d6129edac94
classpathx-jaf-1.0-2jpp_6rh.src.rpm     MD5: 0e53b81070adf94ad91ffbc4e7983653
SHA-256: 751872acc6941bcd725bb6f6a4b7fb20f9e217f262638b179fca1b4dc9f0c5e0
classpathx-mail-1.1.1-2jpp_8rh.src.rpm     MD5: 17a050636b7fe0d818da3b4fc3f7ba96
SHA-256: 8ed3822b31899c0c10bc91e4363d8409edf0eacf1199dc7f1b8a86bc6c374b5c
geronimo-specs-1.0-0.M4.1jpp_10rh.src.rpm     MD5: 319c1d8263aaee56351424bbeaf488fe
SHA-256: 501b4844d6bc26c0ae1116869d79b16b1cbd55741310c32f604fd66731170ba5
jakarta-commons-modeler-2.0-3jpp_2rh.src.rpm     MD5: b3162bbdc2d76355fea5ba90a3f987f7
SHA-256: 3fd12dcb7f441df7893fd9a73ccc331651997cb4864b52543821b8f35a9957b3
log4j-1.2.12-1jpp_1rh.src.rpm     MD5: 77bc48f57792c8a9c470021fed9b0414
SHA-256: 051ab0a05b4ad5efedef0afa54a25c4d0dd7d8fe8dfb9ba25424317572a8ebd1
mx4j-3.0.1-1jpp_4rh.src.rpm     MD5: d53337b58af93d6083a8fbbcb16792d7
SHA-256: ba9800e47bf4614b6f4c4a208220d5a2b4890f76015e1b6f893d2b48c07b2dfd
pcsc-lite-1.3.3-3.el4.src.rpm     MD5: 9d3f384bffbaaa82aa26c5e0860cc0f9
SHA-256: 3f51f13304bae61246c163863d9581f0909a7cc6977262abcf9b4d23622dab22
tomcat5-5.5.23-0jpp_4rh.16.src.rpm
File outdated by:  RHSA-2010:0693
    MD5: 191e7b1e3480da9933cdc5a5f5bf4480
SHA-256: 190f136041a087b8f1bdd12042f60c60e0c927ce45345186e97535135f87a59b
xerces-j2-2.7.1-1jpp_1rh.src.rpm     MD5: a61dda30e6874470f98bfe2934c369e6
SHA-256: 8290e1d1ee732c5bba0b796153df1edf5240d8c5d558277fd34be48ea31276dc
xml-commons-1.3.02-2jpp_1rh.src.rpm     MD5: 801194a98b4a912ceb7578db7aaed0e0
SHA-256: ec0bee4edac877943db4cc29d3b2b67019b06ff7e5c58264d6e7f6cb19b8a362
 
IA-32:
ant-1.6.5-1jpp_1rh.noarch.rpm     MD5: 2debc78956f86cec4ade23494c7b46a6
SHA-256: 0548289b06f3969d392094560a67853b95272e704fa8935629557e515e2cdb76
avalon-logkit-1.2-2jpp_4rh.noarch.rpm     MD5: e35fb11bcb3102084f38cfebc7930f6d
SHA-256: f07545dbf891db2714338272f2ba1cb599583252db4ef6d7c4425bfdc584ffd1
axis-1.2.1-1jpp_3rh.noarch.rpm     MD5: bf9acee77a1b8f82d3f156fc1ebd00c4
SHA-256: 47fac69a96ab45fb28230ffbc0d2ec289643d5cdd53d5e1ddeb39fde0e91a8f8
classpathx-jaf-1.0-2jpp_6rh.noarch.rpm     MD5: 7da40c8e395ea732aef4bab63dbc4e5a
SHA-256: 28a01da6c09a7f77da6c8ec909508be7ae7b82bcae740206342b31a79a4ac469
classpathx-mail-1.1.1-2jpp_8rh.noarch.rpm     MD5: 9aed7de13915d223a19ea1e6a70ccb26
SHA-256: ddfa2952c5d21d6829ce26f6629e0441002ed26377f6f27ec2135f6f82141a6e
geronimo-ejb-2.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 24abe5bace1613c285310f226ca75b14
SHA-256: c8c6a9d129b5a7f13cd30cf2aeaa25ab79a68d3a65dc4a5f5dd66d59d26fbf72
geronimo-j2ee-1.4-apis-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 2870ae3814ed6a5cf25f172244cd6124
SHA-256: 565085d9ad0ac95daa639abdc41d387fc5ae683f44e83fd1003c68df933db8d6
geronimo-j2ee-connector-1.5-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 76fbce4ce1fdf8a101c7ac24d1dc7be4
SHA-256: ae942e411f71a107248f24970570d59429ea8a84a3d650ff550833db3dfaf164
geronimo-j2ee-deployment-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 6b50285a2127f0dd9e3936118e77bac7
SHA-256: 84db28a0b804f5926828fd5c2a06ebdf99706681c492e4f8fb06651ba5c2319f
geronimo-j2ee-management-1.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 48e8c6fe9b58607760d920d628882774
SHA-256: af42eef7364899d9506a9a207cdccc5f6f189740022682e9889ab0bb0987c109
geronimo-jms-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: e8bce47dba595bdc3407c018a69d9225
SHA-256: 71077f1eaaa64a28b8358fa9db17b036700638bb348e31da800a8efb78af921d
geronimo-jsp-2.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 3c49f8ecbd501fab57eaa8010107040a
SHA-256: 2555a347eedede87458b4ef1f0198cb793ac8890e773f9ba6a00d2eb0947b8e0
geronimo-jta-1.0.1B-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: f8a6b0dda29cc7f291f98662e2a40b14
SHA-256: bbceae312bd1a2d9a9cc86a5ae46dd0f65efe181a24114adf9e8a180cb0191e8
geronimo-servlet-2.4-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: c2fd1d3894fdc5ded784711447102921
SHA-256: 6a08004ae7f0d686e80192ba758d3a59719d295d647ae9a68202c497552f0460
geronimo-specs-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 951cec51e598cbafd5b78a1497f6fa99
SHA-256: 26c871d178021020d8205907e4288980fddbc7cb330c999f1e917a98bc3e3f2e
geronimo-specs-javadoc-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: ad5412daac8434f5a54b06e4c6f9dfca
SHA-256: 7da3f7483ec6ee1407d8248dc727534300058402e26907422b75f4c58e19b310
jakarta-commons-modeler-2.0-3jpp_2rh.noarch.rpm     MD5: dbca75f8d8c4e5a2142c230507341a6d
SHA-256: 31bc35aec00d0cc13c23a55b37e8a09b128878ea997974dbe64cb47e57a25b71
log4j-1.2.12-1jpp_1rh.noarch.rpm     MD5: ade77cf36760ace52a5956d7b9fb803f
SHA-256: 4a32ca401248edf663bf30c41157a80408cc917db49fb5ceec89dabd0c803f4a
mx4j-3.0.1-1jpp_4rh.noarch.rpm     MD5: 88de86c9f384d8c891a4146b7677d80e
SHA-256: 1d0ab16fc9ba0b27614bbd61bc328d92b85d0b92dd2534d7956b3d4c8166e9b0
pcsc-lite-1.3.3-3.el4.i386.rpm     MD5: 6be76f2916d10157403570f17a837e65
SHA-256: dc919f3b97b25bdc7884897e9a4515dc678af5909add6674f30f2866f002790d
pcsc-lite-doc-1.3.3-3.el4.i386.rpm     MD5: cd107c700aad7252a33cda61e82edb2a
SHA-256: efdc6c2e1ce041d3d8e251222cc3f0692507540b103d23224e2c38b35fefdc97
pcsc-lite-libs-1.3.3-3.el4.i386.rpm     MD5: d015b239e6a86dc0e0d3d41e1e21deb5
SHA-256: 119ca7cab8787f519ae8c24cb65dd226c795f3d52623dc528f34a6393b8e9646
rhpki-ca-7.3.0-20.el4.noarch.rpm
File outdated by:  RHSA-2010:0837
    MD5: 80c4d84fd31df8e744ef33e1b3bf1c8b
SHA-256: ee0989397a342c0899257a725cdf20d46441f74f42fcddc0e191b2861a3f89e1
rhpki-java-tools-7.3.0-10.el4.noarch.rpm     MD5: da7ee7b4add3a60867b6835786c5e106
SHA-256: 65d1f214d37da0280cbf64cba041e9436f926d40e816f23f0419d1d623aae6e0
rhpki-kra-7.3.0-14.el4.noarch.rpm     MD5: 8f3071428e701373bb75ddf3a3b3107b
SHA-256: f3c85e053a78280c91c0aac4e1e35995afa8e6bf45db3f7c57fc9e90dd9b58a1
rhpki-manage-7.3.0-19.el4.noarch.rpm     MD5: a63a2a89d415dd5d7967460ed0c99366
SHA-256: c3412dbc0c5f304b51f12da53b3fc42297b2ff5a714d8e3e4bd96b9ecdd5a4fa
rhpki-native-tools-7.3.0-6.el4.i386.rpm     MD5: 5a580ab21244513e542697d5eda0fa27
SHA-256: cc91b10758fac2d0a17f5bf3db49efcd83ceae0264f113f4992226d3d18b0539
rhpki-ocsp-7.3.0-13.el4.noarch.rpm     MD5: 82015eb1bccd07e734d6de4d317ef457
SHA-256: 81121721c17b1a0e7f7e88ecfcea31a5b5cc271307317a8d455c64b30019734b
rhpki-tks-7.3.0-13.el4.noarch.rpm     MD5: 7a4732ff10b292b6b69172a9f5961249
SHA-256: 2a1b2f8f018fe1ce158d4bb85fbeea154dde702ea3d79e02cbab59f3f7af043c
tomcat5-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: ff0085ce1ef6fe95e1784596bad85435
SHA-256: 8766b436c544811fb26c0126b7604b350554e9d4549ebb27e9c6d919f6195b84
tomcat5-common-lib-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: aa8e4403e83e5922e86611e19dc0faa0
SHA-256: ec2dfde937e71159f17365b17080b43ee89522bd6415543afb8cec5970466d5b
tomcat5-jasper-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: ed4041eb7b295a188b4fd5156a1833a8
SHA-256: ce60b585dd1893de40883f5815a9c8cf7f5074cee41a7c18ee1e95deec2e5172
tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: fd2d8ae35d29098cac01b9f4d3dd3e20
SHA-256: d78c2f397e396da72da2ef474f0d206274852c5648c0a842c06c264d1d70dc35
tomcat5-server-lib-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: f9ce0d00f917bebc04e3b3fa67566e4c
SHA-256: e01d63f94233e007076bd85cc72e017757c2b547b5c68e7d7c65f882f74bd48d
tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: c79a736556c9a5a7a659d2b018777590
SHA-256: a426f722b0c2012513533ef914cfd1d356581ff4be6681bd87698d7b1692ecf0
xerces-j2-2.7.1-1jpp_1rh.noarch.rpm     MD5: 6e860ff13f63f3e2f5c3f510b5f77d4d
SHA-256: b13a77e67c10269962f77a91d9cdb5a7647758528a80de672a259a1a6e6bc2bc
xml-commons-1.3.02-2jpp_1rh.noarch.rpm     MD5: a943c940368b26a860dbe17051b2a142
SHA-256: 2c4b9842822ef924dfb59214cb54fe606d274ecc3aa82e6c657c229985b3c2dc
xml-commons-apis-1.3.02-2jpp_1rh.noarch.rpm     MD5: 5aa6f086e68a56308cb414fbc60136ae
SHA-256: c5bba9f534266645b3a4ec577f280be898cb1acc26772384521243f266f1d5e3
 
x86_64:
ant-1.6.5-1jpp_1rh.noarch.rpm     MD5: 2debc78956f86cec4ade23494c7b46a6
SHA-256: 0548289b06f3969d392094560a67853b95272e704fa8935629557e515e2cdb76
avalon-logkit-1.2-2jpp_4rh.noarch.rpm     MD5: e35fb11bcb3102084f38cfebc7930f6d
SHA-256: f07545dbf891db2714338272f2ba1cb599583252db4ef6d7c4425bfdc584ffd1
axis-1.2.1-1jpp_3rh.noarch.rpm     MD5: bf9acee77a1b8f82d3f156fc1ebd00c4
SHA-256: 47fac69a96ab45fb28230ffbc0d2ec289643d5cdd53d5e1ddeb39fde0e91a8f8
classpathx-jaf-1.0-2jpp_6rh.noarch.rpm     MD5: 7da40c8e395ea732aef4bab63dbc4e5a
SHA-256: 28a01da6c09a7f77da6c8ec909508be7ae7b82bcae740206342b31a79a4ac469
classpathx-mail-1.1.1-2jpp_8rh.noarch.rpm     MD5: 9aed7de13915d223a19ea1e6a70ccb26
SHA-256: ddfa2952c5d21d6829ce26f6629e0441002ed26377f6f27ec2135f6f82141a6e
geronimo-ejb-2.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 24abe5bace1613c285310f226ca75b14
SHA-256: c8c6a9d129b5a7f13cd30cf2aeaa25ab79a68d3a65dc4a5f5dd66d59d26fbf72
geronimo-j2ee-1.4-apis-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 2870ae3814ed6a5cf25f172244cd6124
SHA-256: 565085d9ad0ac95daa639abdc41d387fc5ae683f44e83fd1003c68df933db8d6
geronimo-j2ee-connector-1.5-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 76fbce4ce1fdf8a101c7ac24d1dc7be4
SHA-256: ae942e411f71a107248f24970570d59429ea8a84a3d650ff550833db3dfaf164
geronimo-j2ee-deployment-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 6b50285a2127f0dd9e3936118e77bac7
SHA-256: 84db28a0b804f5926828fd5c2a06ebdf99706681c492e4f8fb06651ba5c2319f
geronimo-j2ee-management-1.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 48e8c6fe9b58607760d920d628882774
SHA-256: af42eef7364899d9506a9a207cdccc5f6f189740022682e9889ab0bb0987c109
geronimo-jms-1.1-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: e8bce47dba595bdc3407c018a69d9225
SHA-256: 71077f1eaaa64a28b8358fa9db17b036700638bb348e31da800a8efb78af921d
geronimo-jsp-2.0-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 3c49f8ecbd501fab57eaa8010107040a
SHA-256: 2555a347eedede87458b4ef1f0198cb793ac8890e773f9ba6a00d2eb0947b8e0
geronimo-jta-1.0.1B-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: f8a6b0dda29cc7f291f98662e2a40b14
SHA-256: bbceae312bd1a2d9a9cc86a5ae46dd0f65efe181a24114adf9e8a180cb0191e8
geronimo-servlet-2.4-api-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: c2fd1d3894fdc5ded784711447102921
SHA-256: 6a08004ae7f0d686e80192ba758d3a59719d295d647ae9a68202c497552f0460
geronimo-specs-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: 951cec51e598cbafd5b78a1497f6fa99
SHA-256: 26c871d178021020d8205907e4288980fddbc7cb330c999f1e917a98bc3e3f2e
geronimo-specs-javadoc-1.0-0.M4.1jpp_10rh.noarch.rpm     MD5: ad5412daac8434f5a54b06e4c6f9dfca
SHA-256: 7da3f7483ec6ee1407d8248dc727534300058402e26907422b75f4c58e19b310
jakarta-commons-modeler-2.0-3jpp_2rh.noarch.rpm     MD5: dbca75f8d8c4e5a2142c230507341a6d
SHA-256: 31bc35aec00d0cc13c23a55b37e8a09b128878ea997974dbe64cb47e57a25b71
log4j-1.2.12-1jpp_1rh.noarch.rpm     MD5: ade77cf36760ace52a5956d7b9fb803f
SHA-256: 4a32ca401248edf663bf30c41157a80408cc917db49fb5ceec89dabd0c803f4a
mx4j-3.0.1-1jpp_4rh.noarch.rpm     MD5: 88de86c9f384d8c891a4146b7677d80e
SHA-256: 1d0ab16fc9ba0b27614bbd61bc328d92b85d0b92dd2534d7956b3d4c8166e9b0
pcsc-lite-1.3.3-3.el4.x86_64.rpm     MD5: 49f69b6ef49b205b60d09e2019ef1c60
SHA-256: f4c643d2aaf7021acdccb1dccd2ea0029dc5046c21c08d7643b54235f0d327f1
pcsc-lite-doc-1.3.3-3.el4.x86_64.rpm     MD5: 7b513fae0ce20877e31147d6b53901a8
SHA-256: 0073babb003f9f9f642439eb9e797941d886acf8d47054817b68e269cedc34b1
pcsc-lite-libs-1.3.3-3.el4.x86_64.rpm     MD5: 72ce5b21d4e59986f4f9dd606d9b4ec6
SHA-256: f845b1ff955a9235f2bafb6c5ca0bfa4898f34e2a4d146c8631275611bb2c723
rhpki-ca-7.3.0-20.el4.noarch.rpm
File outdated by:  RHSA-2010:0837
    MD5: 80c4d84fd31df8e744ef33e1b3bf1c8b
SHA-256: ee0989397a342c0899257a725cdf20d46441f74f42fcddc0e191b2861a3f89e1
rhpki-java-tools-7.3.0-10.el4.noarch.rpm     MD5: da7ee7b4add3a60867b6835786c5e106
SHA-256: 65d1f214d37da0280cbf64cba041e9436f926d40e816f23f0419d1d623aae6e0
rhpki-kra-7.3.0-14.el4.noarch.rpm     MD5: 8f3071428e701373bb75ddf3a3b3107b
SHA-256: f3c85e053a78280c91c0aac4e1e35995afa8e6bf45db3f7c57fc9e90dd9b58a1
rhpki-manage-7.3.0-19.el4.noarch.rpm     MD5: a63a2a89d415dd5d7967460ed0c99366
SHA-256: c3412dbc0c5f304b51f12da53b3fc42297b2ff5a714d8e3e4bd96b9ecdd5a4fa
rhpki-native-tools-7.3.0-6.el4.x86_64.rpm     MD5: da3de6177d9fab56d1382a32c1ee452c
SHA-256: a931e4241a688163e5879ef5c448b98724e5d3c077528d71da326830cb9a1738
rhpki-ocsp-7.3.0-13.el4.noarch.rpm     MD5: 82015eb1bccd07e734d6de4d317ef457
SHA-256: 81121721c17b1a0e7f7e88ecfcea31a5b5cc271307317a8d455c64b30019734b
rhpki-tks-7.3.0-13.el4.noarch.rpm     MD5: 7a4732ff10b292b6b69172a9f5961249
SHA-256: 2a1b2f8f018fe1ce158d4bb85fbeea154dde702ea3d79e02cbab59f3f7af043c
tomcat5-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: ff0085ce1ef6fe95e1784596bad85435
SHA-256: 8766b436c544811fb26c0126b7604b350554e9d4549ebb27e9c6d919f6195b84
tomcat5-common-lib-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: aa8e4403e83e5922e86611e19dc0faa0
SHA-256: ec2dfde937e71159f17365b17080b43ee89522bd6415543afb8cec5970466d5b
tomcat5-jasper-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: ed4041eb7b295a188b4fd5156a1833a8
SHA-256: ce60b585dd1893de40883f5815a9c8cf7f5074cee41a7c18ee1e95deec2e5172
tomcat5-jsp-2.0-api-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: fd2d8ae35d29098cac01b9f4d3dd3e20
SHA-256: d78c2f397e396da72da2ef474f0d206274852c5648c0a842c06c264d1d70dc35
tomcat5-server-lib-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: f9ce0d00f917bebc04e3b3fa67566e4c
SHA-256: e01d63f94233e007076bd85cc72e017757c2b547b5c68e7d7c65f882f74bd48d
tomcat5-servlet-2.4-api-5.5.23-0jpp_4rh.16.noarch.rpm
File outdated by:  RHSA-2010:0693
    MD5: c79a736556c9a5a7a659d2b018777590
SHA-256: a426f722b0c2012513533ef914cfd1d356581ff4be6681bd87698d7b1692ecf0
xerces-j2-2.7.1-1jpp_1rh.noarch.rpm     MD5: 6e860ff13f63f3e2f5c3f510b5f77d4d
SHA-256: b13a77e67c10269962f77a91d9cdb5a7647758528a80de672a259a1a6e6bc2bc
xml-commons-1.3.02-2jpp_1rh.noarch.rpm     MD5: a943c940368b26a860dbe17051b2a142
SHA-256: 2c4b9842822ef924dfb59214cb54fe606d274ecc3aa82e6c657c229985b3c2dc
xml-commons-apis-1.3.02-2jpp_1rh.noarch.rpm     MD5: 5aa6f086e68a56308cb414fbc60136ae
SHA-256: c5bba9f534266645b3a4ec577f280be898cb1acc26772384521243f266f1d5e3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

200732 - CVE-2006-3918 Expect header XSS
237079 - CVE-2005-2090 tomcat multiple content-length header poisioning
237080 - CVE-2007-0450 tomcat directory traversal
237084 - CVE-2006-3835 tomcat directory listing issue
237085 - CVE-2005-3510 tomcat DoS
240423 - CVE-2007-1349 mod_perl PerlRun denial of service
244658 - CVE-2007-1863 httpd mod_cache segfault
244803 - CVE-2007-1358 tomcat accept-language xss flaw
245111 - CVE-2007-3304 httpd scoreboard lack of PID protection
245112 - CVE-2006-5752 httpd mod_status XSS
247972 - CVE-2007-3382 tomcat handling of cookies
247976 - CVE-2007-3385 tomcat handling of cookie values
250731 - CVE-2007-3847 httpd out of bounds read
289511 - CVE-2007-4465 mod_autoindex XSS
323571 - CVE-2007-5116 perl regular expression UTF parsing errors
333791 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
419931 - CVE-2007-5000 mod_imagemap XSS
427228 - CVE-2007-6388 apache mod_status cross-site scripting
427739 - CVE-2008-0005 mod_proxy_ftp XSS
427766 - CVE-2007-5333 Improve cookie parsing for tomcat5
429821 - CVE-2008-0128 tomcat5 SSO cookie login information disclosure
443928 - CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server
457597 - CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call
457934 - CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability
458250 - CVE-2008-2939 httpd: mod_proxy_ftp globbing XSS
493381 - CVE-2009-0033 tomcat6 Denial-Of-Service with AJP connection
503928 - CVE-2009-0023 apr-util heap buffer underwrite
503978 - CVE-2009-0580 tomcat6 Information disclosure in authentication classes
504390 - CVE-2009-1956 apr-util single NULL byte buffer overflow
504555 - CVE-2009-1955 apr-util billion laughs attack
504753 - CVE-2008-5515 tomcat request dispatcher information disclosure vulnerability
509125 - CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate
515698 - CVE-2009-2412 apr, apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management
521619 - CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
522209 - CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
570171 - CVE-2010-0434 httpd: request header information leak
596426 - CVE-2009-4901 CVE-2009-4902 CVE-2010-0407 pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages


References

https://www.redhat.com/security/data/cve/CVE-2005-2090.html
https://www.redhat.com/security/data/cve/CVE-2005-3510.html
https://www.redhat.com/security/data/cve/CVE-2006-3835.html
https://www.redhat.com/security/data/cve/CVE-2006-3918.html
https://www.redhat.com/security/data/cve/CVE-2006-5752.html
https://www.redhat.com/security/data/cve/CVE-2007-0450.html
https://www.redhat.com/security/data/cve/CVE-2007-1349.html
https://www.redhat.com/security/data/cve/CVE-2007-1358.html
https://www.redhat.com/security/data/cve/CVE-2007-1863.html
https://www.redhat.com/security/data/cve/CVE-2007-3304.html
https://www.redhat.com/security/data/cve/CVE-2007-3382.html
https://www.redhat.com/security/data/cve/CVE-2007-3385.html
https://www.redhat.com/security/data/cve/CVE-2007-3847.html
https://www.redhat.com/security/data/cve/CVE-2007-4465.html
https://www.redhat.com/security/data/cve/CVE-2007-5000.html
https://www.redhat.com/security/data/cve/CVE-2007-5116.html
https://www.redhat.com/security/data/cve/CVE-2007-5333.html
https://www.redhat.com/security/data/cve/CVE-2007-5461.html
https://www.redhat.com/security/data/cve/CVE-2007-6388.html
https://www.redhat.com/security/data/cve/CVE-2008-0005.html
https://www.redhat.com/security/data/cve/CVE-2008-0128.html
https://www.redhat.com/security/data/cve/CVE-2008-1232.html
https://www.redhat.com/security/data/cve/CVE-2008-1927.html
https://www.redhat.com/security/data/cve/CVE-2008-2364.html
https://www.redhat.com/security/data/cve/CVE-2008-2370.html
https://www.redhat.com/security/data/cve/CVE-2008-2939.html
https://www.redhat.com/security/data/cve/CVE-2008-5515.html
https://www.redhat.com/security/data/cve/CVE-2009-0023.html
https://www.redhat.com/security/data/cve/CVE-2009-0033.html
https://www.redhat.com/security/data/cve/CVE-2009-0580.html
https://www.redhat.com/security/data/cve/CVE-2009-1891.html
https://www.redhat.com/security/data/cve/CVE-2009-1955.html
https://www.redhat.com/security/data/cve/CVE-2009-1956.html
https://www.redhat.com/security/data/cve/CVE-2009-2412.html
https://www.redhat.com/security/data/cve/CVE-2009-3094.html
https://www.redhat.com/security/data/cve/CVE-2009-3095.html
https://www.redhat.com/security/data/cve/CVE-2009-4901.html
https://www.redhat.com/security/data/cve/CVE-2010-0407.html
https://www.redhat.com/security/data/cve/CVE-2010-0434.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/