Oval Definition:oval:com.redhat.rhsa:def:20070345
Revision Date:2008-03-20Version:636
Title:RHSA-2007:0345: vixie-cron security update (Moderate)
Description:The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times.

  • Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856)

    All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-1856
    RHSA-2007:0345
    RHSA-2007:0345-02
    RHSA-2007:0345-02
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND vixie-cron is earlier than 0:4.1-19.EL3
  • AND vixie-cron is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND vixie-cron is earlier than 4:4.1-47.EL4
  • AND vixie-cron is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND vixie-cron is earlier than 4:4.1-70.el5
  • AND vixie-cron is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND vixie-cron is earlier than 4:4.1-47.EL4
  • AND vixie-cron is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND vixie-cron is earlier than 4:4.1-70.el5
  • AND vixie-cron is signed with Red Hat redhatrelease2 key
    • BACK