| Revision Date: | 2008-03-20 | Version: | 636 |
| Title: | RHSA-2007:0345: vixie-cron security update (Moderate) |
| Description: | The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times.
Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856)
All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2007-1856
RHSA-2007:0345
RHSA-2007:0345-02
RHSA-2007:0345-02
|
| Platform(s): | Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 3 is installed
AND vixie-cron is earlier than 0:4.1-19.EL3
AND vixie-cron is signed with Red Hat master key
OR Package Information
Red Hat Enterprise Linux 4 is installed
AND vixie-cron is earlier than 4:4.1-47.EL4
AND vixie-cron is signed with Red Hat master key
OR Package Information
Red Hat Enterprise Linux 5 is installed
AND vixie-cron is earlier than 4:4.1-70.el5
AND vixie-cron is signed with Red Hat redhatrelease key
|
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed
OR Package Information
Red Hat Enterprise Linux 4 is installed
AND vixie-cron is earlier than 4:4.1-47.EL4
AND vixie-cron is signed with Red Hat redhatrelease2 key
OR Package Information
Red Hat Enterprise Linux 5 is installed
AND vixie-cron is earlier than 4:4.1-70.el5
AND vixie-cron is signed with Red Hat redhatrelease2 key
|