statement

statement::KEY	vendorstatements::FKEY	cvename	organization	lastmodified	contributor	statement
1	1	CVE-1999-0997	Red Hat	2006-09-27	Joshua Bressers	Red Hat does not consider CVE-1999-0997 to be a security vulnerability. The wu-ftpd process chroots itself into the target ftp directory and will only run external commands as the user logged into the ftp server. Because the process chroots itself, an attacker needs a valid login with write access to the ftp server, and even then they could only potentially execute commands as themselves.
2	1	CVE-1999-1572	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
3	1	CVE-2000-0572	Razor	2007-02-22	Al Menendez	Subsequent releases of Razor address this issue and utilize a more robust encryption mechanism for the Razor password. If you are under maintenance, you have the option of upgrading to a more recent release of Razor at no cost. If you are not under maintenance and want to upgrade then you will need to contact Jennifer Stone at jstone@visible.com. Some additional notes ... - With version 4.1 and above, administrators of Razor may switch and use the local OS authentication instead of Razor?s authentication method. - OS permissions and protections always apply to the artifacts stored in the database. - This notice applies to users that have already logged into the supporting system. This primary means of defense is intact inspite of this particular vulnerability. - The next Razor release (due out in mid-2007) will allow remote UNIX clients to utilize SSH to authenticate the remote user. More information on this release and others may be found on the Visible Systems web site: http://www.visible.com/Products/Razor Please contact Visible Systems Corporation at 1-800-6-VISIBLE if you have additional questions.
4	1	CVE-2000-1137	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
5	1	CVE-2000-1199	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
6	1	CVE-2001-0187	Red Hat	2006-09-27	Joshua Bressers	Red Hat Enterprise Linux 2.1 ships with wu-ftp version 2.6.2 which is not vulnerable to this issue.
7	1	CVE-2001-0935	Red Hat	2006-09-27	Joshua Bressers	CVE-2001-0935 refers to vulnerabilities found when SUSE did a code audit of the wu-ftpd glob.c file in wu-ftpd 2.6.0. They shared these details with the wu-ftpd upstream authors who clarified that some of the issues did not apply, and all were addressed by the version of glob.c in upstream wu-ftpd 2.6.1. Therefore we believe that the issues labelled as CVE-2001-0935 do not affect wu-ftpd 2.6.1 or later versions and therefore do not affect Red Hat Enterprise Linux 2.1.
8	1	CVE-2001-1507	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
9	1	CVE-2001-1534	Red Hat	2006-08-30	Mark J Cox	This is not a security issue. The mod_usertrack cookies are not designed to be used for authentication.
10	1	CVE-2001-1556	Red Hat	2006-08-30	Mark J Cox	This is a duplicate CVE name and is a combination of CVE-2003-0020 and CVE-2003-0083.
11	1	CVE-2002-0004	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
12	1	CVE-2002-0497	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
13	1	CVE-2002-1642	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
14	1	CVE-2002-1648	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
15	1	CVE-2002-1649	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
16	1	CVE-2002-1650	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
17	1	CVE-2002-1850	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
18	1	CVE-2002-1903	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162899 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
19	1	CVE-2002-2013	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
20	1	CVE-2002-2043	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
21	1	CVE-2002-2061	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
22	1	CVE-2002-2067	EAST Technologies	2006-12-20	Alexandra Preda	This issue has been addressed in the latest version of our product, East-Tec Eraser 2007 and you may download it from http://www.east-tec.com
23	1	CVE-2002-2103	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
24	1	CVE-2002-2196	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
25	1	CVE-2002-2204	Red Hat	2006-08-30	Mark J Cox	We do not believe this is a security vulnerability. This is the documented and expected behaviour of rpm.
26	1	CVE-2002-2210	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the RPM packages of OpenOffice as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
27	1	CVE-2003-0131	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
28	1	CVE-2003-0147	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
29	1	CVE-2003-0367	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
30	1	CVE-2003-0427	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
31	1	CVE-2003-0543	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
32	1	CVE-2003-0544	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
33	1	CVE-2003-0545	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
34	1	CVE-2003-0618	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=114923 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 4.
35	1	CVE-2003-0860	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
36	1	CVE-2003-0861	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
37	1	CVE-2003-0885	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
38	1	CVE-2003-1138	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue.
39	1	CVE-2003-1307	Red Hat	2006-10-25	Mark J Cox	This is not a vulnerability. When PHP scripts are interpreted using the dynamically loaded mod_php DSO, the PHP interpreter executes with the privileges of the httpd child process. The PHP intepreter does not "sandbox" PHP scripts from the environment in which they run. On any modern Unix system a process can easily obtain access to all the parent file descriptors anyway, even if they have been closed.
40	1	CVE-2003-1308	Red Hat	2006-11-22	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
41	1	CVE-2004-0079	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
42	1	CVE-2004-0112	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
43	1	CVE-2004-0174	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect Linux.
44	1	CVE-2004-0175	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
45	1	CVE-2004-0230	Red Hat	2006-08-16	Mark J Cox	The DHS advisory is a good source of background information about the issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having it?s connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue.
46	1	CVE-2004-0603	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
47	1	CVE-2004-0687	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
48	1	CVE-2004-0688	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
49	1	CVE-2004-0806	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. cdrecord is not shipped setuid and does not need to be made setuid with Red Hat Enterprise Linux 2.1, 3, or 4 packages.
50	1	CVE-2004-0811	Red Hat	2006-08-31	Mark J Cox	Not Vulnerable. This issue only affected Apache 2.0.51, which was not shipped in any version of Red Hat Enterprise Linux.
51	1	CVE-2004-0829	Red Hat	2006-08-30	Mark J Cox	We do not class this as a security issue; this can only cause a denial of service for the attacker.
52	1	CVE-2004-0914	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
53	1	CVE-2004-0941	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
54	1	CVE-2004-0967	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140074 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
55	1	CVE-2004-0971	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
56	1	CVE-2004-0975	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
57	1	CVE-2004-0976	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
58	1	CVE-2004-0996	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
59	1	CVE-2004-1002	Red Hat	2006-08-30	Mark J Cox	This issue is only will only cause a denial of service on the connection the attacker is using. It therefore is not a security issue.
60	1	CVE-2004-1051	Red Hat	2006-08-30	Mark J Cox	We do not consider this to be a security issue: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
61	1	CVE-2004-1170	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
62	1	CVE-2004-1177	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x versions of mailman due to setting of STEALTH_MODE
63	1	CVE-2004-1185	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
64	1	CVE-2004-1186	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
65	1	CVE-2004-1287	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
66	1	CVE-2004-1296	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
67	1	CVE-2004-1377	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
68	1	CVE-2004-1392	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
69	1	CVE-2004-1392	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
70	1	CVE-2004-1717	Red Hat	2006-08-30	Mark J Cox	This CVE is a duplicate (rediscovery) of CVE-2002-0838
71	1	CVE-2004-1808	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157663 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
72	1	CVE-2004-1880	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. These issues did not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
73	1	CVE-2004-2300	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. We did not ship snmpd setuid root in Red Hat Enterprise Linux 2.1, 3, or 4.
74	1	CVE-2004-2343	Red Hat	2006-08-30	Mark J Cox	Red Hat does not consider this to be a security issue.
75	1	CVE-2004-2546	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 3, or 4. Red Hat Enterprise Linux 2.1 shipped with a version of Samba prior to 3.0.6, but we verified by code audit that it is not affected by this issue.
76	1	CVE-2004-2654	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Enterprise Linux.
77	1	CVE-2005-0085	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. These issues did not affect the versions of htdig as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144263
78	1	CVE-2005-0109	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
79	1	CVE-2005-0256	Red Hat	2006-10-23	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149720
80	1	CVE-2005-0373	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of Cyrus SASL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
81	1	CVE-2005-0448	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it for Red Hat Enterprise Linux 2.1 via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161054 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue was fixed in RHSA-2005:881 for Red Hat Enterprise Linux 3 This issue does not affect Red Hat Enterprise Linux 4
82	1	CVE-2005-0468	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
83	1	CVE-2005-0469	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
84	1	CVE-2005-0488	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
85	1	CVE-2005-0602	Red Hat	2006-08-30	Mark J Cox	We do not consider this a security vulnerability; this is the expected behaviour.
86	1	CVE-2005-0605	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
87	1	CVE-2005-0758	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
88	1	CVE-2005-0953	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
89	1	CVE-2005-0988	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
90	1	CVE-2005-1038	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
91	1	CVE-2005-1111	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
92	1	CVE-2005-1119	Red Hat	2006-08-30	Mark J Cox	We do not consider this a security issue, the bug can only manifest if the software is invoked on a sudoers file that is contained in a world writable directory.
93	1	CVE-2005-1194	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
94	1	CVE-2005-1228	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
95	1	CVE-2005-1229	Red Hat	2006-08-30	Mark J Cox	This is defined and documented behaviour: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156313
96	1	CVE-2005-1306	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. Adobe told us this issue did not affect the Linux version of Adobe Reader.
97	1	CVE-2005-1544	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
98	1	CVE-2005-1704	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
99	1	CVE-2005-1705	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
100	1	CVE-2005-1751	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158995 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
101	1	CVE-2005-1753	Red Hat	2006-08-30	Mark J Cox	We do not believe this is a security issue; this is a deliberate circumvention of the Javamail API. The Javamail API provides a comprehensive and secure method to retrieve mail. In this example, the author retreives the message directly from the mail directory on the filesystem. Even if the user insists on using this incorrect way of accessing mail, then the permissions set by the dovecot and tomcat packages are enough to protect against direct access to most of the files listed in the bug report.
102	1	CVE-2005-2069	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
103	1	CVE-2005-2096	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
104	1	CVE-2005-2475	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164927 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
105	1	CVE-2005-2541	Red Hat	2006-08-30	Mark J Cox	This is the documented and expected behaviour of tar.
106	1	CVE-2005-2547	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. These issues did not affect the version of BlueZ as shipped with Red Hat Enterprise Linux 4.
107	1	CVE-2005-2642	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the Linux versions of Mutt.
108	1	CVE-2005-2666	Red Hat	2006-09-20	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162681 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
109	1	CVE-2005-2693	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
110	1	CVE-2005-2798	Red Hat	2006-11-20	Joshua Bressers	This issue does not affect Red Hat Enterprise Linux 2.1 and 3. This flaw was fixed in Red Hat Enterprise Linux 4 via errata RHSA-2005:527: http://rhn.redhat.com/errata/RHSA-2005-527.html
111	1	CVE-2005-2929	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
112	1	CVE-2005-2946	Red Hat	2006-09-20	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169803 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
113	1	CVE-2005-2959	Red Hat	2006-08-30	Mark J Cox	We do not consider this to be a security issue: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
114	1	CVE-2005-2968	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
115	1	CVE-2005-2969	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
116	1	CVE-2005-2975	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
117	1	CVE-2005-2976	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
118	1	CVE-2005-2991	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the ncompress packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
119	1	CVE-2005-3011	Red Hat	2007-03-14	Mark J Cox	Updated packages to correct this issue are available along with our advisory: http://rhn.redhat.com/errata/CVE-2005-3011.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
120	1	CVE-2005-3054	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
121	1	CVE-2005-3120	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
122	1	CVE-2005-3183	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170518 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
123	1	CVE-2005-3186	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
124	1	CVE-2005-3191	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
125	1	CVE-2005-3192	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
126	1	CVE-2005-3193	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
127	1	CVE-2005-3258	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
128	1	CVE-2005-3391	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
129	1	CVE-2005-3392	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
130	1	CVE-2005-3582	Red Hat	2006-08-16	Mark J Cox	Not vulnerable. This issue is caused by the way ImageMagick was packaged by Gentoo and does not affect Red Hat Enterprise Linux packages.
131	1	CVE-2005-3624	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
132	1	CVE-2005-3625	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
133	1	CVE-2005-3626	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
134	1	CVE-2005-3627	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
135	1	CVE-2005-3628	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
136	1	CVE-2005-3964	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
137	1	CVE-2005-4268	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172865 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
138	1	CVE-2005-4348	Red Hat	2007-01-31	Mark J Cox	The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0018.html This issue did not affect Red Hat Enterprise Linux 2.1 and 3.
139	1	CVE-2005-4442	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of OpenLDAP as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
140	1	CVE-2005-4481	Polopoly	2006-10-05	Jorgen Rydenius	1. The XSS flaw described was only part of the custom implementation of the http://www.polopoly.com/ site. It was never part of any version of any Polopoly product, nor delivered to any of Polopoly?s customers. 2. The XSS flaw that existed (the search form in the upper right corner) on the www.polopoly.com site has been fixed. 3. When www.polopoly.com had the XSS flaw it was based on Polopoly 8.6. Polopoly 9.x was never involved what so ever in this issue. And as I said earlier, the flaw was not part of Polopoly 8.6 either, it was only in custom implementation code of the www.polopoly.com site. 4. The www.polopoly.com site is not personalized nor permission controlled, so there was no information of any value to steal by exploiting the XSS flaw.
141	1	CVE-2005-4493	Speartek	2006-11-07	Jesse Heady	We are aware of numerous existing script vulnerabilities and exploits and stand by the security of our system and our ability to address these. This particular exploit is not particularly serious as no sensitive or private user information is ever held within cookies during our checkout process. All user information and client information is secure in our platform. We take all security threats quite seriously and view the efforts of the author of this particular exploit as harmful to our professional image. This is especially important to note because the particular script vulnerability that has been raised poses no real threat to the stability or security of our systems. Again, we are formally responding to this posted cross-site script vulnerability to communicate that we take all such potential security issues very seriously and this particular issue has been addressed. In version 7.0.0 of our software, we have addressed the mentioned cross site scripting vulnerabilities. On any page that a form is on, the query string is sanitized to eliminate the vectors outlined in the XSS vulnerability. Form data is handled to protect against a form post from a different site to try and initialize a cross site scripting attacking via a form post. Sensitive data is not stored in session cookies and in the event that a cookie was stolen, it would contain nothing useful for the attacker. Our software is a hosted application, which allows us to make quick remedies as new exploits are found. Also, our system is monitored consistently and alerts are sent to our administrators when any malicious attempt is seen. The details of this alert include the data sent, from what referral and if there is a specific user that is being targeted on our system.
142	1	CVE-2005-4636	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of OpenOffice.org as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
143	1	CVE-2005-4667	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
144	1	CVE-2005-4745	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
145	1	CVE-2005-4746	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
146	1	CVE-2005-4784	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the Linux glibc.
147	1	CVE-2005-4807	Red Hat	2006-08-24	Mark J Cox	gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs.
148	1	CVE-2005-4808	Red Hat	2006-08-24	Mark J Cox	gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs.
149	1	CVE-2006-0043	Red Hat	2006-08-30	Mark J Cox	This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.
150	1	CVE-2006-0225	Red Hat	2006-09-20	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue has been fixed for Red Hat Enterprise Linux 3 in the following errata: http://rhn.redhat.com/errata/RHSA-2006-0298.html This issue has been fixed for Red Hat Enterprise Linux 4 in the following errata: http://rhn.redhat.com/errata/RHSA-2006-0044.html
151	1	CVE-2006-0236	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. We verified that this issue does not affect Linux versions of Thunderbird.
152	1	CVE-2006-0321	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of Fetchmail as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
153	1	CVE-2006-0405	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of libtiff as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
154	1	CVE-2006-0454	Red Hat	2006-09-17	Mark J Cox	Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.12 and therefore does not affect users of Red Hat Enterprise Linux 2.1, 3, or 4.
155	1	CVE-2006-0459	Red Hat	2006-08-16	Mark J Cox	This issue only affects parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages that include flex generated parsers in Red Hat Enterprise Linux (2.1, 3, and 4) and found none were vulnerable.
156	1	CVE-2006-0512	Mandriva	2006-10-04	Vincent Danen	Mandriva has patched the migrationtools since August 2005 to use mktemp so is not vulnerable to this issue.
157	1	CVE-2006-0553	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of PostgreSQL as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
158	1	CVE-2006-0576	Red Hat	2006-09-20	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207347 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue was fixed for Red Hat Enterprise Linux 4 in the following errata: http://rhn.redhat.com/errata/RHEA-2006-0355.html This issue does not affect Red Hat Enterprise Linux 2
159	1	CVE-2006-0670	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187945 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
160	1	CVE-2006-0730	Red Hat	2006-08-16	Mark J Cox	This issue only affected Dovecot versions 1.0beta1 and 1.0beta2. Red Hat Enterprise Linux 4 shipped with an earlier version of Dovecot and is therefore not vulnerable to this issue.
161	1	CVE-2006-0743	Red Hat	2006-11-22	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include log4net.
162	1	CVE-2006-0883	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
163	1	CVE-2006-0903	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1 and 3: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194613 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue has been fixed for Red Hat Enterprise Linux 4 in RHSA-2006:0544.
164	1	CVE-2006-1014	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
165	1	CVE-2006-1015	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
166	1	CVE-2006-1050	Kwik-Pay	2007-02-19	Alastair Robertson	The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. The file is open for view by any user by design. We do not consider it to be a security vulnerability.
167	1	CVE-2006-1057	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 and 3.
168	1	CVE-2006-1058	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187385 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
169	1	CVE-2006-1095	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of mod_python as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
170	1	CVE-2006-1168	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
171	1	CVE-2006-1174	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193053 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
172	1	CVE-2006-1251	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. greylistclean.cron is not supplied in the exim packages as distributed with Red Hat Enterprise Linux.
173	1	CVE-2006-1372	Benson Solutions	2007-01-03	Greg Benson	WebCalendar v4 has been updated to include fixes that filter the url numeric and date variables in question and prevent non-numeric and non-date values from being passed to the SQL queries. This fixes the problems with the pages in question. http://www.bensonitsolutions.com/Calendar/v4/
174	1	CVE-2006-1494	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
175	1	CVE-2006-1542	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187900 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
176	1	CVE-2006-1608	Red Hat	2006-08-30	Mark J Cox	We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
177	1	CVE-2006-1624	Mandriva	2006-07-20	Vincent Danen	Mandriva does not enable the -r option in syslogd per default, which prevents syslogd from listening for remote events. The -x option is also described in /etc/sysconfig/syslog for those who wish to enable the -r option.
178	1	CVE-2006-1624	Red Hat	2006-12-06	Joshua Bressers	Red Hat does not consider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconfig/syslog configuration file.
179	1	CVE-2006-2073	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192192 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
180	1	CVE-2006-2083	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue does not affect the versions of rsync distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
181	1	CVE-2006-2193	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194362 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 and 3 Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
182	1	CVE-2006-2194	Red Hat	2006-08-16	Mark J Cox	Not vulnerable. The winbind plugin is not shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
183	1	CVE-2006-2369	Red Hat	2006-08-16	Mark J Cox	This issue only affected version 4.1.1 and not the versions distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
184	1	CVE-2006-2414	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux.
185	1	CVE-2006-2440	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192278 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
186	1	CVE-2006-2450	Red Hat	2006-08-24	Mark J Cox	Not vulnerable. This issue does not affect the versions of LibVNCServer as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
187	1	CVE-2006-2502	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue does not affect the versions of cyrus-imapd distributed with Red Hat Enterprise Linux.
188	1	CVE-2006-2563	Red Hat	2006-09-20	Mark J Cox	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
189	1	CVE-2006-2607	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
190	1	CVE-2006-2656	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193166 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
191	1	CVE-2006-2660	Red Hat	2006-08-30	Mark J Cox	This is not an issue that affects users of Red Hat Enterprise Linux. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196255
192	1	CVE-2006-2754	Red Hat	2006-08-16	Mark J Cox	This issue is not exploitable as the status file is only written to and read by the slurpd process. Therefore this is not a vulnerability that affects Red Hat Enterprise Linux 2.1, 3, or 4.
193	1	CVE-2006-2789	Red Hat	2006-08-30	Mark J Cox	Not vulnerable. This issue does not affect the versions of Evolution as distributed with Red Hat Enterprise Linux.
194	1	CVE-2006-2906	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
195	1	CVE-2006-2916	Red Hat	2006-08-16	Mark J Cox	Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4.
196	1	CVE-2006-2937	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
197	1	CVE-2006-2940	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
198	1	CVE-2006-3005	Red Hat	2006-08-24	Mark J Cox	Red Hat does not consider this a security issue. It is expected behavior that a large input file will cause the processing program to use a large amount of memory.
199	1	CVE-2006-3011	Red Hat	2006-09-20	Mark J Cox	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
200	1	CVE-2006-3018	Red Hat	2006-09-20	Mark J Cox	Unknown: CVE-2006-3018 has been assigned to an issue in PHP where the cause and fix are unknown, and the impact cannot be verified. The source of the CVE assignment was a single line statement in the PHP 5.1.3 release announcement, http://www.php.net/release_5_1_3.php, reading: "Fixed a heap corruption inside the session extension." Of the changes made to the session extension between releases 5.1.2 and 5.1.3, none would fix a bug matching this description by our analysis.
201	1	CVE-2006-3083	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
202	1	CVE-2006-3093	Red Hat	2006-08-16	Mark J Cox	Not vulnerable. Adobe told us that this issue does not affect the Linux versions of Adobe Acrobat Reader.
203	1	CVE-2006-3145	Red Hat	2006-08-30	Mark J Cox	This issue did not affect the versions of NetPBM distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
204	1	CVE-2006-3174	Red Hat	2006-08-30	Mark J Cox	This issue has not been able to be reproduced by upstream or after a Red Hat code review. We therefore do not believe this is a security vulnerability.
205	1	CVE-2006-3334	Red Hat	2006-08-16	Mark J Cox	On Red Hat Enterprise Linux 2.1, 3, and 4 this is a two-byte overflow into the middle of the stack and is not exploitable.
206	1	CVE-2006-3376	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
207	1	CVE-2006-3378	Red Hat	2006-08-16	Mark J Cox	This issue affects the version of the passwd command from the shadow-utils package. Red Hat Enterprise Linux 2.1, 3, and 4 are not vulnerable to this issue.
208	1	CVE-2006-3459	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
209	1	CVE-2006-3460	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
210	1	CVE-2006-3461	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
211	1	CVE-2006-3462	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
212	1	CVE-2006-3463	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
213	1	CVE-2006-3464	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
214	1	CVE-2006-3465	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
215	1	CVE-2006-3467	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
216	1	CVE-2006-3469	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
217	1	CVE-2006-3486	Red Hat	2006-07-19	Mark J Cox	We do not consider this issue to have security implications, and therefore have no plans to issue MySQL updates for Red Hat Enterprise Linux 2.1, 3, or 4 to correct this issue.
218	1	CVE-2006-3587	Red Hat	2006-08-16	Mark J Cox	Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.
219	1	CVE-2006-3588	Red Hat	2006-08-16	Mark J Cox	Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.
220	1	CVE-2006-3619	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198912 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
221	1	CVE-2006-3626	Red Hat	2006-07-19	Mark J Cox	This vulnerability does not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels. The exploit relies on the kernel supporting the a.out binary format. Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a.out binary format, causing the exploit to fail. We are not currently aware of any way to exploit this vulnerability if a.out binary format is not enabled. In addition, a default installation of these OS enables SELinux in enforcing mode. SELinux also completely blocks attempts to exploit this issue. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973#c10
222	1	CVE-2006-3672	Red Hat	2006-08-30	Mark J Cox	We do not consider a crash of a client application such as Konqueror to be a security issue.
223	1	CVE-2006-3731	Red Hat	2006-08-30	Mark J Cox	We do not consider a user-assisted crash of a client application such as Firefox to be a security issue.
224	1	CVE-2006-3738	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
225	1	CVE-2006-3742	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
226	1	CVE-2006-3743	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
227	1	CVE-2006-3744	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
228	1	CVE-2006-3747	Red Hat	2006-07-31	Mark J Cox	The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1
229	1	CVE-2006-3835	Red Hat	2006-08-24	Mark J Cox	This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled. Details on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing
230	1	CVE-2006-3879	Red Hat	2006-08-16	Mark J Cox	This issue does not affect versions of Mikmod 3.2.0-beta2 or prior. Versions of Mikmod distributed with Red Hat Enterprise Linux 2.1, 3, and 4 are based on version 3.1.11 and are therefore not vulnerable to this issue.
231	1	CVE-2006-4031	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202246 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3
232	1	CVE-2006-4095	Red Hat	2006-09-06	Mark J Cox	Not Vulnerable. The version of BIND that ships with Red Hat Enterprise Linux is not vulnerable to this issue as it does not handle signed RR records.
233	1	CVE-2006-4096	Red Hat	2006-09-08	Mark J Cox	Not Vulnerable. This issue was found and fixed as part of Red Hat Enterprise Linux 4 update 4: http://rhn.redhat.com/errata/RHBA-2006-0288.html and Red Hat Enterprise Linux 3 update 8: http://rhn.redhat.com/errata/RHBA-2006-0287.html This issue does not affect Red Hat Enterprise Linux 2.1
234	1	CVE-2006-4124	Red Hat	2006-08-16	Mark J Cox	LessTif is shipped with Red Hat Enterprise Linux 2.1 but not 3 or 4. On Enterprise Linux 2.1 we build LessTif with debugging disabled, so the DEBUG_FILE environment variable is ignored and this issue cannot be exploited.
235	1	CVE-2006-4144	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
236	1	CVE-2006-4146	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
237	1	CVE-2006-4181	Red Hat	2006-12-04	Joshua Bressers	Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.
238	1	CVE-2006-4192	Red Hat	2007-01-26	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 3 and 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224032 This issue did not affect Red Hat Enterprise Linux 2.1 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
239	1	CVE-2006-4206	ASPPlayground.NET	2006-12-20	Samuel Chou	The issue has been fixed in the latest round of patch released on Oct 15, 2006.
240	1	CVE-2006-4226	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3
241	1	CVE-2006-4227	Red Hat	2006-08-24	Mark J Cox	Not vulnerable. These issues do not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
242	1	CVE-2006-4262	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
243	1	CVE-2006-4310	Red Hat	2006-09-21	Joshua Bressers	Red Hat does not consider this flaw a security issue. This flaw is the result of a NULL pointer dereference, which is not exploitable and can only cause a client crash.
244	1	CVE-2006-4334	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
245	1	CVE-2006-4335	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
246	1	CVE-2006-4336	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
247	1	CVE-2006-4337	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
248	1	CVE-2006-4338	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
249	1	CVE-2006-4339	Red Hat	2007-03-14	Mark J Cox	Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below. http://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
250	1	CVE-2006-4343	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
251	1	CVE-2006-4434	Red Hat	2006-08-30	Mark J Cox	This flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue.
252	1	CVE-2006-4447	Red Hat	2006-09-12	Mark J Cox	Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555
253	1	CVE-2006-4481	Red Hat	2006-09-20	Mark J Cox	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
254	1	CVE-2006-4513	Red Hat	2007-02-09	Mark J Cox	Not vulnerable. This issue did not affect versions of wvWare library included in koffice packages as shipped with Red Hat Enterprise Linux 2.1
255	1	CVE-2006-4514	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
256	1	CVE-2006-4572	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
257	1	CVE-2006-4600	Red Hat	2006-09-20	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
258	1	CVE-2006-4623	Red Hat	2006-09-21	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204912 This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
259	1	CVE-2006-4624	Red Hat	2006-09-19	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205651 The Red Hat Security Response Team has rated this issue as having low security impact and expects to release a future update to address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
260	1	CVE-2006-4625	Red Hat	2006-09-20	Mark J Cox	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
261	1	CVE-2006-4759	PunBB	2006-09-28	Rickard Andersson	PunBB 1.2.13 has been released to fix this vulnerability. The updated version is available at http://punbb.org/downloads.php.
262	1	CVE-2006-4790	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
263	1	CVE-2006-4806	Red Hat	2006-11-22	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
264	1	CVE-2006-4807	Red Hat	2006-11-22	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
265	1	CVE-2006-4808	Red Hat	2006-11-22	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
266	1	CVE-2006-4809	Red Hat	2006-11-22	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
267	1	CVE-2006-4810	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
268	1	CVE-2006-4811	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
269	1	CVE-2006-4812	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
270	1	CVE-2006-4814	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
271	1	CVE-2006-4842	Red Hat	2007-01-11	Mark J Cox	This issue also affects other OS that use NSPR. However, Red Hat does not ship any application linked setuid or setgid against NSPR and therefore is not vulnerable to this issue.
272	1	CVE-2006-4924	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
273	1	CVE-2006-4925	Red Hat	2006-10-31	Joshua Bressers	Red Hat does not consider this flaw a security issue. This flaw can cause an OpenSSH client to crash when connecting to a malicious server, which does not result in a denial of service condition.
274	1	CVE-2006-4980	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
275	1	CVE-2006-5051	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
276	1	CVE-2006-5052	Red Hat	2006-10-31	Joshua Bressers	Not Vulnerable. After extensive research and numerous upstream queries regarding this issue, Red Hat does not believe it exists. There is no evidence to suggest this issue existed or was fixed in any version of portable OpenSSH.
277	1	CVE-2006-5158	Red Hat	2006-10-16	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210128 This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
278	1	CVE-2006-5159	Red Hat	2006-10-16	Joshua Bressers	Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future.
279	1	CVE-2006-5160	Red Hat	2006-10-16	Joshua Bressers	Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future.
280	1	CVE-2006-5173	Red Hat	2006-11-03	Joshua Bressers	Not Vulnerable. This flaw only affects kernel versions 2.6.14 to 2.6.18. Red Hat Enterprise Linux 2.1, 3, and 4 does not ship with a vulnerable kernel version.
281	1	CVE-2006-5178	Red Hat	2006-12-04	Joshua Bressers	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
282	1	CVE-2006-5214	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
283	1	CVE-2006-5215	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
284	1	CVE-2006-5229	Red Hat	2006-10-11	Joshua Bressers	Red Hat has been unable to reproduce this flaw and believes that the reporter was experiencing behavior specific to his environment. We will not be releasing update to address this issue.
285	1	CVE-2006-5297	Red Hat	2007-03-14	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
286	1	CVE-2006-5298	Red Hat	2007-03-14	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
287	1	CVE-2006-5397	Red Hat	2007-03-14	Mark J Cox	Not vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
288	1	CVE-2006-5456	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
289	1	CVE-2006-5465	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
290	1	CVE-2006-5466	Red Hat	2007-03-14	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213515 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
291	1	CVE-2006-5467	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
292	1	CVE-2006-5619	Red Hat	2006-11-07	Joshua Bressers	Red Hat is aware of this issue and are tracking it via bug 213214 for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213214 This issue does not affect Red Hat Enterprise Linux 2.1 or 3
293	1	CVE-2006-5621	Rave	2006-12-12	Peter Graham	Ask_rave 0.9b has been released for immediate download and versions 0.9PR and below have been rendered obsolete. All users using versions 0.9PR and prior are recommended to upgrade their versions immediately. Users can use the following URI to download this new version: http://rave.jk-digital.com/site/scripts/ask.php
294	1	CVE-2006-5633	Red Hat	2006-11-07	Joshua Bressers	Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.
295	1	CVE-2006-5701	Red Hat	2007-03-14	Joshua Bressers	Not Vulnerable. The squashfs module is not distributed as part of Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
296	1	CVE-2006-5706	Red Hat	2006-11-10	Mark J Cox	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
297	1	CVE-2006-5749	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
298	1	CVE-2006-5751	Red Hat	2006-12-12	Joshua Bressers	This flaw does not affect the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3. This flaw affects the Linux kernel shipped with Red Hat Enterprise Linux 4. We are tracking this flaw via bug 216452: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216452
299	1	CVE-2006-5753	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
300	1	CVE-2006-5757	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
301	1	CVE-2006-5767	Drake CMS	2006-12-20	Daniele C.	The Drake Team has published an apposite news about the vulnerability: http://sourceforge.net/forum/forum.php?forum_id=636860. It is important to specify that this is an alpha product because it is intended for testers and we already disclaim its usage in production websites through an install notice; we will conduct deep security tests during the beta stage of our development chain. We discontinue the download of each alpha release when a new one is available, so the up-to-date release available at http://sourceforge.net/projects/drakecms is already fixed for the vulnerability.
302	1	CVE-2006-5779	Red Hat	2007-03-14	Joshua Bressers	Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
303	1	CVE-2006-5794	Red Hat	2007-03-14	Joshua Bressers	Red Hat is aware of this issue and is tracking it via bug 214640: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214640 for Red hat Enterprise Linux 3 and 4. This issue does not affect Red Hat Enterprise Linux 2.1 The Red Hat Security Response Team has rated this issue as having low security impact, a future update will address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
304	1	CVE-2006-5823	Red Hat	2007-03-14	Joshua Bressers	The CVE-2006-5823 is about a corrupted cramfs (MOKB-07-11-2006) that can cause a memory corruption and so crash the machine. For Red Hat Enterpise Linux 3 this issue is tracked via Bugzilla #216960 and for Red Hat Enterprise Linux 4 it is tracked via Bugzilla #216958. Red Hat Enterprise Linux 2.1 is not vulnerable to this issue. This issue has been rated as having low impact, because root privileges or physical access to the machine are needed to mount a corrupted filesystem and crash the machine. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
305	1	CVE-2006-5840	abarcar Software	2006-12-20	Helmut Fleischhauer	The version 5.1.5 of the abarcar Realty Portal has been discontinued 2003. The version 6.xx has been discontinued beginning 2006. A fix for above versions has been available since that time. As of version 7.0 static pages are created - a parameter for cat.php is no longer used - the routine for news has been dropped and a different routine creating static pages is used - slistl.php never existed in the Realty Portal
306	1	CVE-2006-5864	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1. This issue did not affect Red Hat Enterprise Linux 3 or 4. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215593 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
307	1	CVE-2006-5868	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
308	1	CVE-2006-5870	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
309	1	CVE-2006-5876	Red Hat	2007-03-14	Mark J Cox	Not vulnerable. The vulnerable code is not used by any application likned with libsoup shipped with Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
310	1	CVE-2006-5969	Red Hat	2006-11-22	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
311	1	CVE-2006-5974	Red Hat	2007-01-11	Mark J Cox	Not vulnerable. This issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
312	1	CVE-2006-5989	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
313	1	CVE-2006-6015	Red Hat	2006-12-04	Joshua Bressers	Red Hat does not consider unexploitable client application crashes to be security flaws. This bug causes a stack recursion crash which is not exploitable.
314	1	CVE-2006-6027	Red Hat	2006-11-23	Mark J Cox	Not vulnerable. This issue did not affect Linux versions of Adobe Reader.
315	1	CVE-2006-6053	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
316	1	CVE-2006-6054	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
317	1	CVE-2006-6056	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
318	1	CVE-2006-6057	Red Hat	2007-03-14	Joshua Bressers	Not Vulnerable. The kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 do not contain gfs2 filesystem support. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
319	1	CVE-2006-6097	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
320	1	CVE-2006-6101	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
321	1	CVE-2006-6102	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
322	1	CVE-2006-6103	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
323	1	CVE-2006-6105	Red Hat	2007-03-14	Mark J Cox	Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
324	1	CVE-2006-6106	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it for Red Hat Enterprise Linux 4 via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602 This issue does not affect the version of the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
325	1	CVE-2006-6107	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
326	1	CVE-2006-6142	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
327	1	CVE-2006-6143	Red Hat	2007-03-14	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
328	1	CVE-2006-6144	Mandriva	2007-01-19	Vincent Danen	Not vulnerable. Mandriva 2007.0 and earlier ship with Kerberos 5 version 1.4.x and as a result are not vulnerable to these issues.
329	1	CVE-2006-6144	Red Hat	2007-03-14	Mark J Cox	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
330	1	CVE-2006-6169	Red Hat	2007-03-14	Joshua Bressers	Red Hat does not consider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario. Red Hat Enterprise Linux 5 contains a backported patch to address this issue.
331	1	CVE-2006-6235	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
332	1	CVE-2006-6236	Red Hat	2006-12-19	Mark J Cox	Not vulnerable. This issue does not affect the Linux version of Adobe Reader.
333	1	CVE-2006-6297	Red Hat	2006-12-19	Mark J Cox	We do not consider a crash of a client application such as Konqueror or other KFile users to be a security issue.
334	1	CVE-2006-6303	Red Hat	2007-03-14	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
335	1	CVE-2006-6305	Red Hat	2007-03-14	Joshua Bressers	Not vulnerable. This issue does not affect the versions of net-smtp as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
336	1	CVE-2006-6383	Red Hat	2006-12-19	Mark J Cox	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
337	1	CVE-2006-6385	Red Hat	2006-12-08	Joshua Bressers	Not Vulnerable. eEye Research advisory AD20061207 (Intel Network Adapter Driver Local Privilege Escalation) describes a flaw in the Linux Kernel drivers for the e100, e1000, and ixgb Intel network cards. The flaw affects the NDIS miniport drivers and its OID support. The Linux Kernel drivers do not support the NDIS API and the OID concept from Microsoft Windows.
338	1	CVE-2006-6493	Red Hat	2006-12-19	Mark J Cox	Not vulnerable. OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 does not support the LDAP_AUTH_KRBV41 authentication method.
339	1	CVE-2006-6628	Red Hat	2007-01-15	Joshua Bressers	Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org and presents no possibility for arbitrary code execution.
340	1	CVE-2006-6660	Red Hat	2007-02-02	Mark J Cox	Not vulnerable. This issue did not affect the versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
341	1	CVE-2006-6698	Red Hat	2007-01-11	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
342	1	CVE-2006-6719	Red Hat	2007-03-14	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221459 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
343	1	CVE-2006-6772	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
344	1	CVE-2006-6811	Red Hat	2007-01-18	Mark J Cox	We do not consider a crash of a client application such as KsIRC to be a security issue.
345	1	CVE-2006-6939	Red Hat	2007-01-18	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223072 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
346	1	CVE-2006-7051	Red Hat	2007-03-14	Mark J Cox	This issue can only be exploited if pending signals (ulimit -i) is set to "unlimited". In case of Red Hat Enterprise Linux version 2.1, 3 and 4 this is not the case and therefore they are not vulnerable to this issue.
347	1	CVE-2006-7098	Red Hat	2007-03-05	Mark J Cox	Not vulnerable. This issue was specific to a Debian patch to Apache HTTP Server.
348	1	CVE-2006-7108	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
349	1	CVE-2006-7139	Red Hat	2007-03-08	Mark J Cox	Not vulnerable. Our testing found that this issue did not affect the versions of Kmail as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
350	1	CVE-2007-0003	Red Hat	2007-01-24	Mark J Cox	Not vulnerable. These issues did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
351	1	CVE-2007-0010	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
352	1	CVE-2007-0059	Apple	2007-03-19	Ron Dumont	This issue is addressed in QuickTime 7.1.5, which was released on March 5. Information on the security fixes provided in QuickTime 7.1.5, and links to obtain the update are provided in: http://docs.info.apple.com/article.html?artnum=305149
353	1	CVE-2007-0080	Red Hat	2007-01-05	Mark J Cox	Not vulnerable. The affected code is in an optional module that is not shipped in Red Hat Enterprise Linux 2.1, 3, or 4.
354	1	CVE-2007-0086	Red Hat	2007-01-11	Mark J Cox	Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default.
355	1	CVE-2007-0104	Red Hat	2007-01-15	Joshua Bressers	Not Vulnerable. This flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution.
356	1	CVE-2007-0120	Acunetix Limited	2007-01-31	Kevin J. Vella	Information about HTTP Sniffer: The HTTP Sniffer is an in-build proxy server in Acunetix WVS which purpose is to analyse web traffic between a web client (browser) and a web server. By default this tool is not enabled and when enabled it accepts traffic only from the same computer running Acunetix WVS (Localhost). The default TCP port used in 8080. This means that when the HTTP Sniffer is enabled, it is only enabled on the local network interface and no one from the network can access the HTTP Sniffer port. How the exploit works: The exploit works by sending a specially crafted packet containing an invalid Content-Length field in the HTTP header to the TCP port on which the HTTP Sniffer is listening. This causes the application to crash (Denial of Service). Since the HTTP Sniffer component by default is enabled only on the local network interface, it is not possible to take advantage of this exploit remotely. The user has to manually change the listening interface from within the application?s configuration to make the HTTP Sniffer available on the network for this exploit to work remotely. Solution: Upgrade to the latest version of Acunetix WVS (v4.0 build 20060717 or later)
357	1	CVE-2007-0157	Red Hat	2007-01-15	Mark J Cox	Not vulnerable. This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the older versions of neon included in the cadaver package.
358	1	CVE-2007-0227	Mandriva	2007-01-19	Vincent Danen	Not vulnerable. This issue does not affect the versions of slocate as shipped with Mandriva Linux 2007.0 or earlier.
359	1	CVE-2007-0227	Red Hat	2007-01-18	Mark J Cox	Not vulnerable. This issue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
360	1	CVE-2007-0235	Red Hat	2007-03-14	Joshua Bressers	Not vulnerable. This issue did not affect the versions of libgtop as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
361	1	CVE-2007-0247	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
362	1	CVE-2007-0248	Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
363	1	CVE-2007-0453	Red Hat	2007-02-13	Mark J Cox	Not vulnerable. These issues did not affect the Linux versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
364	1	CVE-2007-0454	Red Hat	2007-02-13	Mark J Cox	Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, or 4.
365	1	CVE-2007-0493	Red Hat	2007-01-29	Joshua Bressers	Not vulnerable. This issue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
366	1	CVE-2007-0537	Red Hat	2007-02-15	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225414 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
367	1	CVE-2007-0650	Red Hat	2007-02-13	Mark J Cox	Red Hat does not consider this issue to be a security vulnerability. The user would have to voluntarily interact with the attack mechanism to exploit the flaw, and the result would be the ability to run code as themselves.
368	1	CVE-2007-0770	Red Hat	2007-02-14	Mark J Cox	Not vulnerable. Red Hat did not ship the incomplete patch for CVE-2006-5456 and is therefore not affected by this issue.
369	1	CVE-2007-0822	Red Hat	2007-02-09	Mark J Cox	Red Hat does not consider this issue to be a security vulnerability. On Red Hat Enterprise Linux processes that change their effective UID do not dump core by default when they receive a fatal signal. Therefore the NULL pointer dereference does not lead to an information leak.
370	1	CVE-2007-0823	Red Hat	2007-02-09	Mark J Cox	Red Hat does not consider this issue to be a security vulnerability. It is correct and expected behavior for xterm not to zero-fill its scrollback buffer upon reception of terminal clear excape sequence.
371	1	CVE-2007-0879	SmidgeonSoft	2007-02-19	Russell Osterlund	Unusually large strings would crash the display. The bug has been fixed in the following releases: PEBrowse Professional - v8.2.3 PEBrowse Professional Interactive - v8.2.4 PEBrowse Crash-Dump Analyzer - v2.6.8
372	1	CVE-2007-0911	Red Hat	2007-02-16	Mark J Cox	Not vulnerable. This flaw is a regression of the fix for CVE-2007-0906 affecting PHP version 5.2.1 only which results in any use of str_replace() causing a crash regardless of user input. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
373	1	CVE-2007-1396	Red Hat	2007-03-19	Mark J Cox	Red Hat does not consider this to be a security vulnerability. Using import_request_variables() is generally a discouraged practice and it is improper use that can lead to security problems, not flaw of PHP itself.
374	1	CVE-2007-1401	Red Hat	2007-03-19	Mark J Cox	Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include Cracklib support.
375	1	CVE-2007-1411	Red Hat	2007-03-19	Mark J Cox	Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include mssql support.
376	1	CVE-2007-1412	Red Hat	2007-03-19	Mark J Cox	Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ClibPDF support.
377	1	CVE-2007-1413	Red Hat	2007-03-19	Mark J Cox	Not vulnerable. The php-snmp package as shipped with Red Hat Enterprise Linux 4 and 5 use net-snmp which is not vulnerable to this issue.
378	1	CVE-2007-1420	Red Hat	2007-03-23	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232603 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1, 3, or 4.
379	1	CVE-2007-1564	Red Hat	2007-03-23	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233592 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/