From bugzilla at redhat.com Wed Mar 9 18:52:08 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2011 11:52:08 -0700 Subject: [RHSA-2011:0333-01] Important: JBoss Enterprise SOA Platform 4.3.CP04 and 5.0.2 security update Message-ID: <201103091852.p29Iq8XI020312@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise SOA Platform 4.3.CP04 and 5.0.2 security update Advisory ID: RHSA-2011:0333-01 Product: JBoss Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0333.html Issue date: 2011-03-09 CVE Names: CVE-2010-4476 ===================================================================== 1. Summary: Updated jbossweb-2.0.0.jar and jbossweb-2.1.10.jar files for JBoss Enterprise SOA Platform 4.3.CP04 and 5.0.2 that fix one security issue are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and CEP) integration methodologies to dramatically improve business process execution speed and quality. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause JBoss Web Server to hang via a specially-crafted HTTP request. (CVE-2010-4476) All users of JBoss Enterprise SOA Platform 4.3.CP04 and 5.0.2 as provided from the Red Hat Customer Portal are advised to install this update. Refer to the Solution section of this erratum for update instructions. 3. Solution: Updated jbossweb-2.0.0.jar (for 4.3.CP04) and jbossweb-2.1.10.jar (for 5.0.2) files that fix CVE-2010-4476 for JBoss Enterprise SOA Platform 4.3.CP04 and 5.0.2 are available from the Red Hat Customer Portal. To download and install the updated files: 1) Log into the Customer Portal: https://access.redhat.com/login 2) Navigate to https://access.redhat.com/jbossnetwork/restricted/listSoftware.html 3) On the left-hand side menu, under "JBoss Enterprise Platforms" click "SOA Platform". Then, using the "Version:" drop down menu, select the SOA Platform version you are using, such as "4.3.0.GA_CP04" or "5.0.2 GA". 4) From the "Security Advisories" tab, click the "CVE-2010-4476 JBossweb update fixing JDK double bug..." link in the "Download File" column. The "Software Details" page is displayed, where you can download the update and view installation instructions. 5) Backup your existing jbossweb.jar file (refer to the "Software Details" page, from step 4, for the location of this file). 6) After downloading the update, ensure you backed up your existing jbossweb.jar file as per step 5, and then follow the manual installation step on the "Software Details" page. Note that it is recommended to halt the JBoss Enterprise SOA Platform server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the JBoss Enterprise SOA Platform server by starting the JBoss Application Server process. 4. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 5. References: https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNd8xJXlSAg2UNWIIRAmYSAKCpxwgBz8N1y48HHRcZm1WgITSXcQCfcW2B 7djxaB2eVIzFMv7ZL+6puvU= =SvR1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 18:52:26 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2011 11:52:26 -0700 Subject: [RHSA-2011:0334-01] Important: JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.0 security update Message-ID: <201103091852.p29IqRgK022371@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.0 security update Advisory ID: RHSA-2011:0334-01 Product: JBoss Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0334.html Issue date: 2011-03-09 CVE Names: CVE-2010-4476 ===================================================================== 1. Summary: Updated jbossweb-2.0.0.jar and jbossweb-2.1.10.jar files for JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.0 that fix one security issue are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause JBoss Web Server to hang via a specially-crafted HTTP request. (CVE-2010-4476) All users of JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.0 as provided from the Red Hat Customer Portal are advised to install this update. Refer to the Solution section of this erratum for update instructions. 3. Solution: Updated jbossweb-2.0.0.jar (for 4.3.CP06) and jbossweb-2.1.10.jar (for 5.1.0) files that fix CVE-2010-4476 for JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.0 are available from the Red Hat Customer Portal. To download and install the updated files: 1) Log into the Customer Portal: https://access.redhat.com/login 2) Navigate to https://access.redhat.com/jbossnetwork/restricted/listSoftware.html 3) On the left-hand side menu, under "JBoss Enterprise Platforms" click "Portal Platform". Then, using the "Version:" drop down menu, select the Portal Platform version you are using, such as "4.3 CP06" or "5.1.0". 4) From the "Security Advisories" tab, click the "CVE-2010-4476 JBossweb update fixing JDK double bug..." link in the "Download File" column. The "Software Details" page is displayed, where you can download the update and view installation instructions. 5) Backup your existing jbossweb.jar file (refer to the "Software Details" page, from step 4, for the location of this file). 6) After downloading the update, ensure you backed up your existing jbossweb.jar file as per step 5, and then follow the manual installation step on the "Software Details" page. After installing the update, the JBoss server process must be restarted for the update to take effect. 4. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 5. References: https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNd8xgXlSAg2UNWIIRAkdNAJ0eNQgkzirlBS96ib6BQdAAaRctiACgp3+E m50w1bwvbnGwVE/cFdccDa8= =Yujf -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 11 01:14:04 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2011 18:14:04 -0700 Subject: [RHSA-2011:0348-01] Important: tomcat6 security update Message-ID: <201103110114.p2B1E5fq021650@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security update Advisory ID: RHSA-2011:0348-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0348.html Issue date: 2011-03-10 CVE Names: CVE-2010-4476 CVE-2011-0534 ===================================================================== 1. Summary: Updated tomcat6 packages that fix two security issues are now available for JBoss Enterprise Web Server 1.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: JBoss Enterprise Web Server 1.0 for RHEL 4 AS - noarch JBoss Enterprise Web Server 1.0 for RHEL 4 ES - noarch JBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially-crafted request containing a large NIO buffer size request value. (CVE-2011-0534) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 675338 - CVE-2011-0534 tomcat: remote DoS via NIO connector 6. Package List: JBoss Enterprise Web Server 1.0 for RHEL 4 AS: Source: tomcat6-6.0.24-11.patch_03.ep5.el4.src.rpm noarch: tomcat6-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-admin-webapps-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-docs-webapp-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-el-1.0-api-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-javadoc-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-lib-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-log4j-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-webapps-6.0.24-11.patch_03.ep5.el4.noarch.rpm JBoss Enterprise Web Server 1.0 for RHEL 4 ES: Source: tomcat6-6.0.24-11.patch_03.ep5.el4.src.rpm noarch: tomcat6-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-admin-webapps-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-docs-webapp-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-el-1.0-api-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-javadoc-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-lib-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-log4j-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-11.patch_03.ep5.el4.noarch.rpm tomcat6-webapps-6.0.24-11.patch_03.ep5.el4.noarch.rpm JBoss Enterprise Web Server 1.0 for RHEL 5 Server: Source: tomcat6-6.0.24-11.patch_03.ep5.el5.src.rpm noarch: tomcat6-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-admin-webapps-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-docs-webapp-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-el-1.0-api-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-javadoc-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-lib-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-log4j-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-11.patch_03.ep5.el5.noarch.rpm tomcat6-webapps-6.0.24-11.patch_03.ep5.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://www.redhat.com/security/data/cve/CVE-2011-0534.html https://access.redhat.com/security/updates/classification/#important http://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNeXdHXlSAg2UNWIIRAko1AJ4n4iaH50STly5LxpMpGmwCKRx02ACffU7n WMpMP2m0Kw+9i2ZEO1XHRyY= =RHBx -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 11 01:14:36 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2011 18:14:36 -0700 Subject: [RHSA-2011:0349-01] Important: tomcat5 security update Message-ID: <201103110114.p2B1EakL023408@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat5 security update Advisory ID: RHSA-2011:0349-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0349.html Issue date: 2011-03-10 CVE Names: CVE-2010-4476 ===================================================================== 1. Summary: Updated tomcat5 packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: JBoss Enterprise Web Server 1.0 for RHEL 4 AS - noarch JBoss Enterprise Web Server 1.0 for RHEL 4 ES - noarch JBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 6. Package List: JBoss Enterprise Web Server 1.0 for RHEL 4 AS: Source: tomcat5-5.5.28-18_patch_03.ep5.el4.src.rpm noarch: tomcat5-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-admin-webapps-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-common-lib-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jasper-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jasper-eclipse-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jasper-javadoc-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-parent-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-server-lib-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-webapps-5.5.28-18_patch_03.ep5.el4.noarch.rpm JBoss Enterprise Web Server 1.0 for RHEL 4 ES: Source: tomcat5-5.5.28-18_patch_03.ep5.el4.src.rpm noarch: tomcat5-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-admin-webapps-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-common-lib-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jasper-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jasper-eclipse-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jasper-javadoc-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-parent-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-server-lib-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.28-18_patch_03.ep5.el4.noarch.rpm tomcat5-webapps-5.5.28-18_patch_03.ep5.el4.noarch.rpm JBoss Enterprise Web Server 1.0 for RHEL 5 Server: Source: tomcat5-5.5.28-12_patch_03.ep5.el5.src.rpm noarch: tomcat5-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-admin-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-common-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-jasper-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-jasper-eclipse-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-jasper-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-parent-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-server-lib-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.28-12_patch_03.ep5.el5.noarch.rpm tomcat5-webapps-5.5.28-12_patch_03.ep5.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://access.redhat.com/security/updates/classification/#important http://tomcat.apache.org/security-5.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNeXdrXlSAg2UNWIIRAm4OAJ9SOesbQZZkzULLdrrk9cr/TvcLcwCgrkuP PmYfCp/KkKcMWJz6RiQofSU= =LWUN -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 11 01:15:14 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2011 18:15:14 -0700 Subject: [RHSA-2011:0350-01] Important: tomcat5 and tomcat6 security update Message-ID: <201103110115.p2B1FENV019582@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat5 and tomcat6 security update Advisory ID: RHSA-2011:0350-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0350.html Issue date: 2011-03-10 CVE Names: CVE-2010-4476 CVE-2011-0534 ===================================================================== 1. Summary: A patch for JBoss Enterprise Web Server 1.0.1 that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat 5 or 6 to hang via a specially-crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat 6 NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially-crafted request containing a large NIO buffer size request value. (CVE-2011-0534) All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat Customer Portal are advised to apply this patch. 3. Solution: The References section of this erratum contains a patch download link (you must log in to download the patch). Before applying the patch, backup your existing JBoss Enterprise Web Server installation (including all applications and configuration files). After applying the patch, the JBoss server process must be restarted for the update to take effect. 4. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 675338 - CVE-2011-0534 tomcat: remote DoS via NIO connector 5. References: https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://www.redhat.com/security/data/cve/CVE-2011-0534.html https://access.redhat.com/security/updates/classification/#important http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=1.0.1 6. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNeXeIXlSAg2UNWIIRApUWAJ9FTdnhK1CwkYVFcnD+vo4epFXaywCfSxwU Hocwo6gY/eTOoNZESlxf5Ks= =PtTv -----END PGP SIGNATURE-----