Microsoft (8)
Red Hat (28)
SUSE (8)
Microsoft
April 12, 2005,
Vulnerability in Windows Kernel Could Allow Elevation of Privilege and
Denial of Service (890859): MS05-018
http://www.microsoft.com/technet/security/current.aspx
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Windows 2000 Professional
Windows 2000 Server
Windows XP Home Edition
Windows XP Professional
Windows Server 2003 for Small Business Server
Windows Server 2003, Datacenter Edition
Windows Server 2003, Enterprise Edition
Windows Server 2003, Standard Edition
Windows Server 2003, Web Edition
Windows 98
Windows 98 SE
Windows Me
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows Server 2003 Gold
Windows 98 Gold
Windows 98 SE Gold
Windows 98 SP1
Windows Me Gold
April 12, 2005,
Vulnerability in Windows Shell that Could Allow Remote Code
Execution (893086): MS05-016
http://www.microsoft.com/technet/security/current.aspx
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Windows 2000 Professional
Windows 2000 Server
Windows XP Home Edition
Windows XP Professional
Windows Server 2003 for Small Business Server
Windows Server 2003, Datacenter Edition
Windows Server 2003, Enterprise Edition
Windows Server 2003, Standard Edition
Windows Server 2003, Web Edition
Windows 98
Windows 98 SE
Windows Me
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows Server 2003 Gold
Windows 98 Gold
Windows 98 SE Gold
Windows 98 SP1
Windows Me Gold
April 12, 2005,
Vulnerability in Message Queuing Could Allow Code Execution
(892944): MS05-017
http://www.microsoft.com/technet/security/current.aspx
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Windows 2000 Professional
Windows 2000 Server
Windows XP Home Edition
Windows XP Professional
Windows 98
Windows 98 SE
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows 98 Gold
Windows 98 SE Gold
Windows 98 SP1
April 12, 2005,
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and
Denial of Service (893066): MS05-019
http://www.microsoft.com/technet/security/current.aspx
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Windows 2000 Professional
Windows 2000 Server
Windows XP Home Edition
Windows XP Professional
Windows Server 2003 for Small Business Server
Windows Server 2003, Datacenter Edition
Windows Server 2003, Enterprise Edition
Windows Server 2003, Standard Edition
Windows Server 2003, Web Edition
Windows 98
Windows 98 SE
Windows Me
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows XP Service Pack 2
Windows Server 2003 Gold
Windows 98 Gold
Windows 98 SE Gold
Windows 98 SP1
Windows Me Gold
April 12, 2005,
Cumulative Security Update for Internet Explorer (890923): MS05-020
http://www.microsoft.com/technet/security/current.aspx
Internet Explorer 5.01
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Internet Explorer 6.0 for Windows XP Service Pack 2
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Windows 2000 Professional
Windows 2000 Server
Windows XP Home Edition
Windows XP Professional
Windows Server 2003 for Small Business Server
Windows Server 2003, Datacenter Edition
Windows Server 2003, Enterprise Edition
Windows Server 2003, Standard Edition
Windows Server 2003, Web Edition
Windows 98
Windows 98 SE
Windows Me
Internet Explorer 5.01 SP3
Internet Explorer 5.01 SP4
Internet Explorer 6.0 SP1
Windows Server 2003 Gold
Windows XP Service Pack 2
Windows 2000 Service Pack 3
Windows 2000 Service Pack 4
Windows XP Service Pack 1
Windows 98 Gold
Windows 98 SE Gold
Windows 98 SP1
Windows Me Gold
April 12, 2005,
Vulnerability in Exchange Server Could Allow Remote Code Execution
(894549): MS05-021
http://www.microsoft.com/technet/security/current.aspx
Exchange 2000 Server
Exchange 2000 Enterprise Server
Exchange Server 2003
Exchange 2000 SP3
Exchange Server 2003 Gold
Exchange Server 2003 SP1
April 12, 2005,
Vulnerability in MSN Messenger Could Lead to Remote Code Execution
(896597): MS05-022
http://www.microsoft.com/technet/security/current.aspx
MSN Messenger 6
MSN Messenger Gold
April 12, 2005,
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution
(890169): MS05-023
http://www.microsoft.com/technet/security/current.aspx
Word 2000
Office 2000
Works 2001
Office XP
Word 2002
Works 2002
Works 2003
Works 2004
Office 2003
Word 2003
Word 2000 SP3
Office 2000 Service Pack 3
Works 2001 Gold
Office XP SP3
Word 2002 SP3
Works 2002 Gold
Works 2003 Gold
Works 2004 Gold
Office 2003 SP1
Word 2003 SP1
Red Hat
April 1, 2005,
gtk2 security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00000.html
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 1, 2005,
tetex security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00001.html
Enterprise Linux AS (Advanced Server) version 2.1 i386, ia64
Linux Advanced Workstation 2.1 ia64
Enterprise Linux ES version 2.1 i386
Enterprise Linux WS version 2.1 i386
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
April 1, 2005,
up2date bug fix update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00002.html
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 5, 2005,
curl security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00003.html
Enterprise Linux AS (Advanced Server) version 2.1 i386, ia64
Linux Advanced Workstation 2.1 ia64
Enterprise Linux ES version 2.1 i386
Enterprise Linux WS version 2.1 i386
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 5, 2005,
gdk-pixbuf security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00004.html
Enterprise Linux AS (Advanced Server) version 2.1 i386, ia64
Linux Advanced Workstation 2.1 ia64
Enterprise Linux ES version 2.1 i386
Enterprise Linux WS version 2.1 i386
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 5, 2005,
mysql-server security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00005.html
Enterprise Linux AS version 3 Extras
Desktop version 3 Extras
Enterprise Linux ES version 3 Extras
Enterprise Linux WS version 3 Extras
April 6, 2005,
XFree86 security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00006.html
Enterprise Linux AS (Advanced Server) version 2.1 i386, ia64
Linux Advanced Workstation 2.1 ia64
Enterprise Linux ES version 2.1 i386
Enterprise Linux WS version 2.1 i386
April 6, 2005,
kdelibs security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00007.html
Enterprise Linux AS (Advanced Server) version 2.1 i386, ia64
Linux Advanced Workstation 2.1 ia64
Enterprise Linux ES version 2.1 i386
Enterprise Linux WS version 2.1 i386
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
April 12, 2005,
kdegraphics security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00008.html
Enterprise Linux AS (Advanced Server) version 2.1 i386, ia64
Linux Advanced Workstation 2.1 ia64
Enterprise Linux ES version 2.1 i386
Enterprise Linux WS version 2.1 i386
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
April 12, 2005,
dhcp security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00009.html
Enterprise Linux AS (Advanced Server) version 2.1 i386, ia64
Linux Advanced Workstation 2.1 ia64
Enterprise Linux ES version 2.1 i386
April 12, 2005,
gaim security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00010.html
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 19, 2005,
xloadimage security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00011.html
Enterprise Linux AS (Advanced Server) version 2.1
Linux Advanced Workstation 2.1
Enterprise Linux ES version 2.1
Enterprise Linux WS version 2.1
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 19, 2005,
logwatch security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00012.html
Enterprise Linux AS (Advanced Server) version 2.1
Linux Advanced Workstation 2.1
Enterprise Linux ES version 2.1
Enterprise Linux WS version 2.1
April 19, 2005,
kernel security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00013.html
Enterprise Linux AS version 4 , noarch
Enterprise Linux Desktop version 4 , noarch
Enterprise Linux ES version 4 , noarch
Enterprise Linux WS version 4 , noarch
April 20, 2005,
RealPlayer security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00014.html
Enterprise Linux AS version 4 Extras
Desktop version 4 Extras
Enterprise Linux ES version 4 Extras
Enterprise Linux WS version 4 Extras
April 20, 2005,
HelixPlayer security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00015.html
Enterprise Linux AS version 4 , ppc
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 20, 2005,
RealPlayer security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00016.html
Enterprise Linux AS version 3 Extras
Desktop version 3 Extras
Enterprise Linux ES version 3 Extras
Enterprise Linux WS version 3 Extras
April 21, 2005,
firefox security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00017.html
Enterprise Linux AS (Advanced Server) version 2.1
Linux Advanced Workstation 2.1
Enterprise Linux ES version 2.1
Enterprise Linux WS version 2.1
April 22, 2005,
kernel security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00018.html
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
April 26, 2005,
openoffice.org security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00019.html
OpenOffice.org is an office productivity suite that includes desktop applications such as a
word processor, spreadsheet, presentation manager, formula editor, and drawing program.
A heap based buffer overflow bug was found in the OpenOffice.org DOC file processor.
An attacker could create a carefully crafted DOC file in such a way that it could cause
OpenOffice.org to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0941 to this issue.
All users of OpenOffice.org are advised to upgrade to these updated packages, which
contain backported fixes for these issues.
April 26, 2005,
cvs security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00020.html
Enterprise Linux AS (Advanced Server) version 2.1
Linux Advanced Workstation 2.1
Enterprise Linux ES version 2.1
Enterprise Linux WS version 2.1
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 26, 2005,
sharutils security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00021.html
The sharutils package contains a set of tools for encoding and decoding packages of files
in binary or text format.
A stack based overflow bug was found in the way shar handles the -o option. If a user can
be tricked into running a specially crafted command, it could lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1772 to this issue. Please note that this issue does not
affect Red Hat Enterprise Linux 4.
Two buffer overflow bugs were found in sharutils. If an attacker can place a malicious
'wc' command on a victim's machine, or trick a victim into running a specially crafted
command, it could lead to arbitrary code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1773 to this issue.
A bug was found in the way unshar creates temporary files. A local user could use
symlinks to overwrite arbitrary files the victim running unshar has write access to. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0990 to this issue.
All users of sharutils should upgrade to this updated package, which includes backported
fixes to correct these issues.
April 26, 2005,
Mozilla security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00022.html
Enterprise Linux AS version 4
Enterprise Linux Desktop version 4
Enterprise Linux ES version 4
Enterprise Linux WS version 4
April 28, 2005,
glibc security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00023.html
Enterprise Linux AS (Advanced Server) version 2.1
Linux Advanced Workstation 2.1
Enterprise Linux ES version 2.1
Enterprise Linux WS version 2.1
April 28, 2005,
kernel security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00024.html
Enterprise Linux AS (Advanced Server) version 2.1
Enterprise Linux ES version 2.1
Enterprise Linux WS version 2.1
April 28, 2005,
kernel security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00025.html
Enterprise Linux AS (Advanced Server) version 2.1
Linux Advanced Workstation 2.1
April 28, 2005,
Mozilla security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00026.html
Enterprise Linux AS (Advanced Server) version 2.1
Linux Advanced Workstation 2.1
Enterprise Linux ES version 2.1
Enterprise Linux WS version 2.1
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
April 28, 2005,
PHP security update
https://www.redhat.com/archives/enterprise-watch-list/2005-April/msg00027.html
Enterprise Linux AS version 3
Desktop version 3
Enterprise Linux ES version 3
Enterprise Linux WS version 3
SUSE
April 4, 2005,
kernel local privilege escalation (SUSE-SA:2005:021)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0001.html
8.2, 9.0, 9.2
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8
April 11, 2005,
various KDE security problems (SUSE-SA:2005:022)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0003.html
9.1, 9.2, 9.3
SUSE Linux Enterprise Server 9
Novell Linux Desktop 9
April 15, 2005,
php remote denial of service (SUSE-SA:2005:023)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0004.html
8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9
April 18, 2005,
cvs (SUSE-SA:2005:024)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0006.html
8.2, 9.0, 9.1, 9.2, 9.3
SUSE CORE 9 for x86
SuSE Linux Enterprise Server 8, 9
UnitedLinux 1.0
School-Server 1
Open-Enterprise-Server 9
April 19, 2005,
OpenOffice heap overflow problem (SUSE-SA:2005:025)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0007.html
8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
Novell Linux Desktop 9
April 20, 2005,
RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0008.html
9.2, 9.3
Novell Linux Desktop 9
April 20, 2005,
PostgreSQL buffer overflow problems (SUSE-SA-2005:027)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0009.html
8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9
April 27, 2005,
Mozilla Firefox, Mozilla various security problems (SUSE-
SA:2005:028)
http://lists.suse.com/archive/suse-security-announce/2005-Apr/0010.html
8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9