Skip to navigation

Security Advisory Important: raptor security update

Advisory: RHSA-2012:0410-1
Type: Security Advisory
Severity: Important
Issued on: 2012-03-22
Last updated on: 2012-03-22
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-0037

Details

Updated raptor packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Raptor provides parsers for Resource Description Framework (RDF) files.

An XML External Entity expansion flaw was found in the way Raptor processed
RDF files. If an application linked against Raptor were to open a
specially-crafted RDF file, it could possibly allow a remote attacker to
obtain a copy of an arbitrary local file that the user running the
application had access to. A bug in the way Raptor handled external
entities could cause that application to crash or, possibly, execute
arbitrary code with the privileges of the user running the application.
(CVE-2012-0037)

Red Hat would like to thank Timothy D. Morgan of VSR for reporting this
issue.

All Raptor users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
linked against Raptor must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
raptor-1.4.18-5.el6_2.1.src.rpm     MD5: 15c1b56d510fb2137b5da4433bc8250b
SHA-256: e046f5c7bec305f244a5b138af59226dfa009d082c94e9cbd4d455d81383bd9d
 
IA-32:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
 
x86_64:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-1.4.18-5.el6_2.1.x86_64.rpm     MD5: a0086de5eff435b7fdaf728116a34ccc
SHA-256: 20fb251c481dc8dc0f2f616738efb616c2ace3e95686d008145f770b6496969e
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-debuginfo-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 607e9c06df92d09f619180c3c481ee0a
SHA-256: 56b081ed87664ad045abaa204fd1bcaac00f200a90436c34b4cb802934332b5b
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
raptor-devel-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 10bd583d3ab8cf5695fd18fdf765734b
SHA-256: 9df023e0e1507e4f9496d133ed2fea2083e5245970eaae195776f82f14c2d5de
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
raptor-1.4.18-5.el6_2.1.src.rpm     MD5: 15c1b56d510fb2137b5da4433bc8250b
SHA-256: e046f5c7bec305f244a5b138af59226dfa009d082c94e9cbd4d455d81383bd9d
 
x86_64:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-1.4.18-5.el6_2.1.x86_64.rpm     MD5: a0086de5eff435b7fdaf728116a34ccc
SHA-256: 20fb251c481dc8dc0f2f616738efb616c2ace3e95686d008145f770b6496969e
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-debuginfo-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 607e9c06df92d09f619180c3c481ee0a
SHA-256: 56b081ed87664ad045abaa204fd1bcaac00f200a90436c34b4cb802934332b5b
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
raptor-devel-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 10bd583d3ab8cf5695fd18fdf765734b
SHA-256: 9df023e0e1507e4f9496d133ed2fea2083e5245970eaae195776f82f14c2d5de
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
raptor-1.4.18-5.el6_2.1.src.rpm     MD5: 15c1b56d510fb2137b5da4433bc8250b
SHA-256: e046f5c7bec305f244a5b138af59226dfa009d082c94e9cbd4d455d81383bd9d
 
IA-32:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
 
PPC:
raptor-1.4.18-5.el6_2.1.ppc.rpm     MD5: 4c0bde817059501afef6b8784469b608
SHA-256: 07e82f9a60f369cbe7e976f5133c741921635a02c8b59f9d2ffde9409e18ab5a
raptor-1.4.18-5.el6_2.1.ppc64.rpm     MD5: 0ef0441d3d63bd276bb201f94f65f750
SHA-256: 46d54b1871091a04079df31e07088511a4db02fc74f47c78d334b984e610ec9e
raptor-debuginfo-1.4.18-5.el6_2.1.ppc.rpm     MD5: 548fd2de1445be75f6d6e81ced7a12fe
SHA-256: c8b12b37efbba596662fdf09de12db9a7996c3b4950c2a2266cb32c5940026c0
raptor-debuginfo-1.4.18-5.el6_2.1.ppc64.rpm     MD5: cffe81ae45b6817037f10e1cb454501d
SHA-256: 0aeac15024f3c8ceaece2779a9ab0b4664f43a15d16af77208027a03c8b0c1db
raptor-devel-1.4.18-5.el6_2.1.ppc.rpm     MD5: 2f0ca55a739397c32b8dcd69d0d7a707
SHA-256: 41f05304c93d2addeafd0b96f180c66987fabaaed787e298780f9b88714a7aea
raptor-devel-1.4.18-5.el6_2.1.ppc64.rpm     MD5: c0c4d70a10dddd8edb4cb4e4a451aef2
SHA-256: 63bd018c16fe03b0052bc07dc3756fcc7931077886ac1bb66d32bdbcd22fb6af
 
s390x:
raptor-1.4.18-5.el6_2.1.s390.rpm     MD5: 4784698096ceb9a4a7764a9f9f0721a9
SHA-256: a897adb3448225c83f73e286d3057f6c8fbf49c6e41fafe3b8b40da7805bcbe4
raptor-1.4.18-5.el6_2.1.s390x.rpm     MD5: aec76723a01660b91dc0ed8ba0e7c6cb
SHA-256: 810bf472ef9810fb0d31592bad8b7b1a68fc61f9a3981b3dd6a5a8cee0854097
raptor-debuginfo-1.4.18-5.el6_2.1.s390.rpm     MD5: 62b0ab6a1e4eac62dc51b90196bed51e
SHA-256: 4f67f13c69c7ff880a46e9a6894ee5722322bf53bb72eead412672883daf0bd2
raptor-debuginfo-1.4.18-5.el6_2.1.s390x.rpm     MD5: 08856037f54050140505b4540251336c
SHA-256: 728a32d7a1bce65b59f03f8878f7275e9e0f4e42392b968232b5f731fe879ced
raptor-devel-1.4.18-5.el6_2.1.s390.rpm     MD5: c0af677027a73b0031011ae162eb9627
SHA-256: 24660ce10acb4b67876fac2087da50371408cb585bb19fc76a5f42fc8dc290e4
raptor-devel-1.4.18-5.el6_2.1.s390x.rpm     MD5: ffd662940f7f5ab3b594aa2c304b3933
SHA-256: 223a21e3796995d211e7c6c79d33afabf9f66c4dc33580dc8ec1631a43c14668
 
x86_64:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-1.4.18-5.el6_2.1.x86_64.rpm     MD5: a0086de5eff435b7fdaf728116a34ccc
SHA-256: 20fb251c481dc8dc0f2f616738efb616c2ace3e95686d008145f770b6496969e
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-debuginfo-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 607e9c06df92d09f619180c3c481ee0a
SHA-256: 56b081ed87664ad045abaa204fd1bcaac00f200a90436c34b4cb802934332b5b
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
raptor-devel-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 10bd583d3ab8cf5695fd18fdf765734b
SHA-256: 9df023e0e1507e4f9496d133ed2fea2083e5245970eaae195776f82f14c2d5de
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
raptor-1.4.18-5.el6_2.1.src.rpm     MD5: 15c1b56d510fb2137b5da4433bc8250b
SHA-256: e046f5c7bec305f244a5b138af59226dfa009d082c94e9cbd4d455d81383bd9d
 
x86_64:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-1.4.18-5.el6_2.1.x86_64.rpm     MD5: a0086de5eff435b7fdaf728116a34ccc
SHA-256: 20fb251c481dc8dc0f2f616738efb616c2ace3e95686d008145f770b6496969e
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-debuginfo-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 607e9c06df92d09f619180c3c481ee0a
SHA-256: 56b081ed87664ad045abaa204fd1bcaac00f200a90436c34b4cb802934332b5b
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
raptor-devel-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 10bd583d3ab8cf5695fd18fdf765734b
SHA-256: 9df023e0e1507e4f9496d133ed2fea2083e5245970eaae195776f82f14c2d5de
 
Red Hat Enterprise Linux Server EUS (v. 6.2.z)

SRPMS:
raptor-1.4.18-5.el6_2.1.src.rpm     MD5: 15c1b56d510fb2137b5da4433bc8250b
SHA-256: e046f5c7bec305f244a5b138af59226dfa009d082c94e9cbd4d455d81383bd9d
 
IA-32:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
 
PPC:
raptor-1.4.18-5.el6_2.1.ppc.rpm     MD5: 4c0bde817059501afef6b8784469b608
SHA-256: 07e82f9a60f369cbe7e976f5133c741921635a02c8b59f9d2ffde9409e18ab5a
raptor-1.4.18-5.el6_2.1.ppc64.rpm     MD5: 0ef0441d3d63bd276bb201f94f65f750
SHA-256: 46d54b1871091a04079df31e07088511a4db02fc74f47c78d334b984e610ec9e
raptor-debuginfo-1.4.18-5.el6_2.1.ppc.rpm     MD5: 548fd2de1445be75f6d6e81ced7a12fe
SHA-256: c8b12b37efbba596662fdf09de12db9a7996c3b4950c2a2266cb32c5940026c0
raptor-debuginfo-1.4.18-5.el6_2.1.ppc64.rpm     MD5: cffe81ae45b6817037f10e1cb454501d
SHA-256: 0aeac15024f3c8ceaece2779a9ab0b4664f43a15d16af77208027a03c8b0c1db
raptor-devel-1.4.18-5.el6_2.1.ppc.rpm     MD5: 2f0ca55a739397c32b8dcd69d0d7a707
SHA-256: 41f05304c93d2addeafd0b96f180c66987fabaaed787e298780f9b88714a7aea
raptor-devel-1.4.18-5.el6_2.1.ppc64.rpm     MD5: c0c4d70a10dddd8edb4cb4e4a451aef2
SHA-256: 63bd018c16fe03b0052bc07dc3756fcc7931077886ac1bb66d32bdbcd22fb6af
 
s390x:
raptor-1.4.18-5.el6_2.1.s390.rpm     MD5: 4784698096ceb9a4a7764a9f9f0721a9
SHA-256: a897adb3448225c83f73e286d3057f6c8fbf49c6e41fafe3b8b40da7805bcbe4
raptor-1.4.18-5.el6_2.1.s390x.rpm     MD5: aec76723a01660b91dc0ed8ba0e7c6cb
SHA-256: 810bf472ef9810fb0d31592bad8b7b1a68fc61f9a3981b3dd6a5a8cee0854097
raptor-debuginfo-1.4.18-5.el6_2.1.s390.rpm     MD5: 62b0ab6a1e4eac62dc51b90196bed51e
SHA-256: 4f67f13c69c7ff880a46e9a6894ee5722322bf53bb72eead412672883daf0bd2
raptor-debuginfo-1.4.18-5.el6_2.1.s390x.rpm     MD5: 08856037f54050140505b4540251336c
SHA-256: 728a32d7a1bce65b59f03f8878f7275e9e0f4e42392b968232b5f731fe879ced
raptor-devel-1.4.18-5.el6_2.1.s390.rpm     MD5: c0af677027a73b0031011ae162eb9627
SHA-256: 24660ce10acb4b67876fac2087da50371408cb585bb19fc76a5f42fc8dc290e4
raptor-devel-1.4.18-5.el6_2.1.s390x.rpm     MD5: ffd662940f7f5ab3b594aa2c304b3933
SHA-256: 223a21e3796995d211e7c6c79d33afabf9f66c4dc33580dc8ec1631a43c14668
 
x86_64:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-1.4.18-5.el6_2.1.x86_64.rpm     MD5: a0086de5eff435b7fdaf728116a34ccc
SHA-256: 20fb251c481dc8dc0f2f616738efb616c2ace3e95686d008145f770b6496969e
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-debuginfo-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 607e9c06df92d09f619180c3c481ee0a
SHA-256: 56b081ed87664ad045abaa204fd1bcaac00f200a90436c34b4cb802934332b5b
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
raptor-devel-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 10bd583d3ab8cf5695fd18fdf765734b
SHA-256: 9df023e0e1507e4f9496d133ed2fea2083e5245970eaae195776f82f14c2d5de
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
raptor-1.4.18-5.el6_2.1.src.rpm     MD5: 15c1b56d510fb2137b5da4433bc8250b
SHA-256: e046f5c7bec305f244a5b138af59226dfa009d082c94e9cbd4d455d81383bd9d
 
IA-32:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
 
x86_64:
raptor-1.4.18-5.el6_2.1.i686.rpm     MD5: ad7f03c6b45a25043cd51db616e10e6b
SHA-256: ce7a2a920c96e137ac16ecd293c0a0f40b94556fe0d3887f363f7d477f8fe0b8
raptor-1.4.18-5.el6_2.1.x86_64.rpm     MD5: a0086de5eff435b7fdaf728116a34ccc
SHA-256: 20fb251c481dc8dc0f2f616738efb616c2ace3e95686d008145f770b6496969e
raptor-debuginfo-1.4.18-5.el6_2.1.i686.rpm     MD5: c4b6bf48f561a6ae5fe434d1f2d21dd2
SHA-256: 3d871e518fb5ff2c66f1e8be6b38fbe0d75359838ecab808b421538c8b1a54c1
raptor-debuginfo-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 607e9c06df92d09f619180c3c481ee0a
SHA-256: 56b081ed87664ad045abaa204fd1bcaac00f200a90436c34b4cb802934332b5b
raptor-devel-1.4.18-5.el6_2.1.i686.rpm     MD5: dfc6b65a12767815f9116970d5c740ab
SHA-256: 6dd411d1c00715a1c85a1a290ea734d654fffc33bc5123c8a4abcc74c420e408
raptor-devel-1.4.18-5.el6_2.1.x86_64.rpm     MD5: 10bd583d3ab8cf5695fd18fdf765734b
SHA-256: 9df023e0e1507e4f9496d133ed2fea2083e5245970eaae195776f82f14c2d5de
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

791296 - CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/