From bugzilla at redhat.com Tue Jan 21 17:42:09 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Jan 2014 17:42:09 +0000 Subject: [RHSA-2014:0037-01] Moderate: jasperreports-server-pro security, bug fix, and enhancement update Message-ID: <201401211742.s0LHg9Zf004583@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: jasperreports-server-pro security, bug fix, and enhancement update Advisory ID: RHSA-2014:0037-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0037.html Issue date: 2014-01-21 CVE Names: CVE-2012-5784 CVE-2013-2192 ===================================================================== 1. Summary: An updated jasperreports-server-pro package that fixes two security issues, several bugs, and adds various enhancements is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV-M 3.3 - noarch 3. Description: The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784) A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affects users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192) This update fixes several bugs and adds multiple enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All jasperreports-server-pro users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 873252 - CVE-2012-5784 axis: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate 967349 - PRD33 - rebase jasper server to 5.x 977642 - [PENDING JASPER] - [rhevm-reports_33] - Reports - IC window is empty and any button causes Reports to logout 988210 - [PENDING JASPER] - [rhevm-reports_33] - Webadmin - Dashboards are not available via webadmin 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1020340 - [PENDING JASPER] Report page not loading 1033090 - When webadmin redirects to reports the browser shows resend confirmation dialog 6. Package List: RHEV-M 3.3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/jasperreports-server-pro-5.5.0-4.el6ev.src.rpm noarch: jasperreports-server-pro-5.5.0-4.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5784.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html/Technical_Notes/chap-RHSA-20140037_-_jasperreports.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS3rFOXlSAg2UNWIIRAvSwAKCyv/gkkAtFFEZfTLqaie/L1qeIbQCfUBCs Z8l6hXx8bv1bIJF7MiPf1LU= =5fUh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 21 17:43:11 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Jan 2014 17:43:11 +0000 Subject: [RHSA-2014:0038-01] Important: Red Hat Enterprise Virtualization Manager 3.3.0 update Message-ID: <201401211743.s0LHhBQn004824@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Virtualization Manager 3.3.0 update Advisory ID: RHSA-2014:0038-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0038.html Issue date: 2014-01-21 CVE Names: CVE-2013-6434 ===================================================================== 1. Summary: Red Hat Enterprise Virtualization Manager 3.3 is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV-M 3.3 - noarch 3. Description: Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Virtualization Manager relayed SPICE connection information to remote-viewer when a native SPICE client invocation method was used. As a result, remote-viewer attempted an insecure connection first and only switched to a secure connection when requested by the SPICE server. An attacker able to intercept the SPICE connection could use this flaw to conduct man-in-the-middle attacks. (CVE-2013-6434) Red Hat would like to thank Michael Samuel of Amcom for reporting this issue. This update also fixes several bugs and adds various enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 787578 - PRD33 - RFE: add support for multiple monitors on QXL device (single device with more RAM) 825801 - PRD33 - [webadmin] RFE: Improve bonding logic 829672 - [RFE] RESTAPI: vm/template Import candidates should have /disks sub-collection 835543 - PRD33 - RFE: Allow to edit file (nfs/posix/local) domain connections (incl. advanced options) 838456 - PRD33 - [RFE] Localization of landing / welcome / splash page 838527 - [rhevm] unable to start ovirt-engine if service crash and pid is left 853739 - [RFE] RESTAPI: On action api returns parameters in response body instead of actual action result 859727 - [RFE] There is no way to distinguish between user and group in search 863211 - PRD33 - predictable host timeouts for ha/fencing (backend - vdsNotResponding takes too long before fence host) 867642 - PRD33 - add spm priority to host general subtab 872719 - PRD33 - [RFE] Add support for adding and managing external tasks 873795 - PRD33 - Default time zone in New VM dialog 879904 - engine: engine fails to connect to DB and cannot be started with NPE 880773 - [RFE] [rhevm-upgrade] during upgrade rhev-guest-tools-iso is not updated to latest version and remains with old version 885135 - [RFE] provide a more informative message in event when a VM started in Paused Mode 886840 - [RFE] RSDL : Add the option to set custom ticket to a VM 889271 - PRD33 - [RFE] RHEV should log and keep track of the versions installed and upgraded 890568 - PRD33 - [RFE] Branding as external package 891056 - PRD33 - [RFE] Normalized ovirtmgmt Initialization - provision mgmt network post bootstrap 892642 - Disk permission don't disappear after disk is deleted(is shown as 'null(Disk)'). 902353 - PRD33 - Web Admin: There is no way to define VM default host using RunOnce [RFE] 907491 - [Admin Portal] improve/fix grid/tab content loading animation 908327 - Trying to import a template again after a previously failed import attempt results in 'Error while executing action: Cannot copy Template. The Storage Domain already contains the target disk(s)' 908656 - PRD33 - [RFE] Add VDSM hook for hotplug disk 908835 - [RFE] [Admin Portal] Copying a quota drops consumers and permissions 909270 - [RFE] [User Portal] RDP console opened from User Portal does not pass clipboard 909930 - PRD33 - Add 'Create Snapshot' as an action on a VM 912076 - PRD33 - Implement a plug-in scheduler implementation that interfaces to external scheduler via scheduling API and SDK 912258 - [RFE] [Admin Portal] "No $objects to display" text missing in some sub-tabs 915778 - [RFE][RHEVM] [webadmin] Network Interfaces statistics are not shown for VM unless VNIC is selected 915904 - [RFE] Improve performance for General sub-tabs 916832 - [RFE] Allow to set VncKeyboardLayout via REST API per VM 916866 - PRD33 - Allow to set VncKeyboardLayout in GUI 917586 - [RFE] Use /etc/ovirt-engine/engine.conf for local configuration instead of /etc/sysconfig/ovirt-engine 918890 - PRD33 - Allow non plugin automatic invocation of RDP session (basic - no cd, disconnect reason, etc.) 920694 - engine: deactivating the master domain and concurrently putting all hosts in maintenance leaves hosts non-op upon activation 921544 - PRD33 - LUNs 'In Use' field is confusing 922475 - PRD33 - [RFE] Backup and Restore API for Independent Software Vendors 922504 - PRD33 - ovirt-engine-backend: Distinguish between regular and force removal of data center events 922609 - Cannot edit description field of running VMs - Need to stop and restart the guest for a new description to be effected. 926928 - [RFE] RHEVM-API: Add /applications sub-collection under vm 947977 - PRD33 - [RFE] Support a watchdog VM device in the engine 948481 - use logrotate instead of proprietary solution to handle log rotation 948744 - Some java exceptions are not logged to the log file 949281 - Hibernate VM was started for a VM that has already Hibernate VM run for. 949484 - Underscores in tag names break tags 950768 - Windows XP guest fails to start when enabling native USB support. 952107 - Under certain circumstances live storage migration failure leaves images split among old and new storage as well as tasks running in database 952297 - PRD33 - ovirt-engine service re-work 953614 - Automatic logout does not always happen as per UserSessionTimeOutInterval value 953989 - PRD33 - Events main tab / sub-tabs Must Support the UI Plug-in Model 955498 - Desktop VM from RHEV 3.0 does not have any sound device after importing to RHEV 3.1 957703 - engine: can't live migrate vm's disk after a failure because image already exists in the target 957729 - [RFE] Expose VM Limit config values to rhevm-config 959879 - [REST-API] Update of power management by sending entire host representation is ignored 960931 - PRD33 - RFE: live snapshot with cpu/memory/disk status 961645 - PRD33 - [RHEVM-RHS] Bootstrapping should set iptables rules, allowing gluster process on RHS Nodes 962162 - PRD33 - [RFE] [host-deploy] support ssh public key authentication 962177 - [rhevm-dwh] - ETL Reports error when a Single Host in setup is Non-Responsive ("ETL service sampling has encountered an error") 965179 - [RFE] Add delete-this-file feature support to the engine 966003 - Changing vmpool's quota is ignored. 966192 - PRD33 - AuditLogDirector.log(*) methods should also update engine.log 966198 - PRD33 - Add new column to audit_log SQL table for stack trace 966980 - backup.sh return code always 0 even on error 967268 - boot order has been changed after unexpected reboot 967278 - PRD33 - [RFE] Foreman as host provider 967327 - PRD33 - Add support for OpenLDAP as domain provider 967328 - PRD33 - add soft fencing over SSH (restart VDSM) as a preliminary step before fencing a None-Responsive host 967353 - PRD33 - force Apache proxy on upgrade and clean install 967516 - PRD33 - Tech Preview - Add support for Neutron based networks 967541 - PRD33 - custom properties per vnic / device 967572 - PRD33 - mom integration - balloon to try and get memory up to guaranteed memory 967573 - PRD33 - alert on VMs not respecting balloon 967574 - PRD33 - engine monitoring/balancing VMs not getting guaranteed memory 967604 - engine: AutoRecovery of host fails and host is set as NonOperational when export domain continues to be reported with error code 358 967987 - Provide additional logging at JndiAction level that would show credentials chosen for manage-domains authentication 968178 - [RHEVM-RHS] Should check for gluster capabilities when moving host from virt to gluster cluster 968499 - PRD33 - upgrade gwt framework to 2.5 970046 - PRD33 - gluster - Supporting RHS hooks through RHEV-M 970195 - webadmin portal only reports VMs in "Up" status in the "Load" column 970948 - PRD33 - Quota support 971237 - RHEVM slow due to stored procedure getdisksvmguid() consuming most CPU 971346 - Rhevm-setup misguides user with regards to steps for rhevm-reports upgrade 971695 - webadmin: Events main tab: When applying an Events search filter (which results in few items) by hitting "Enter" - duplicate entries are shown. 972455 - PRD33 - Select SPM as default host for new storage dialog 973383 - Upgrade from RHEV-M 3.1 to 3.2 failed with 'GroupsError: No Groups Available in any repository' 974066 - PRD33 - externalize vm level configuration values to a property file 974148 - RHEV-M AD authentication does not work if one of the DCs is defunct. 974982 - make rhevm-config to set TZ 975097 - PRD33 - glance import/export templates and raw floating disks 976671 - Recreate trust store when upgrading 977322 - rest-api: Missing node in /api/capabilities 977689 - After enable concurrent option under host power management fencing begin failed 978268 - Unable to put a host into maintenance because VMs previously managed by vdsm are running on the host 979763 - [engine-setup] setup fails when selinux is disabled 980486 - Attaching a network to a host's nic inherits the host nic's IP to the new network 980926 - Upgrade from 3.2.0-11.30 to 3.2.0-11.37 fails during 'Preparing CA' stage. 982050 - VM UUID is not shown prominently in Web UI 982527 - Disk entries remain in database after deleting the datacenter 982636 - Cloning VM from snapshot of another VM results in corruption of original VM 983120 - PRD33 - Provide MoTD on logon screen 983295 - Unable to bypass FQDN requirement for rhevm-setup 985635 - Changing email address for event notification results in error "User is already subscribed to this event with the same Notification method" 986700 - [user portal] RHEVM slow due to stored procedure getdisksvmguid() consuming most CPU 986979 - It is not possible to assign any network to an cluster in WebAdmin portal. 987783 - Live Storage Migration attempted on an unplugged disk of a running VM (instead of a simple cold move) 988259 - [Admin Portal] Cannot update VM properties - Field timeZone can not be updated when status is Up 989041 - Unable to detach VMs from a pool if pool contains more than 100 VMs 993123 - REST-API doesn't return statistics for VLAN tagged interfaces 994218 - Rhev-m admin GUI logs actions done by in the Events tab 994463 - Failed attached Export Storage Domain - Could not obtain lock 995501 - [host-deploy] block concurrent installation for same host 996816 - Unable to create a windows 2012 ( 64bit ) VM with 32GB memory 999812 - RestAPI URI template style query for 'users' and 'disks' resources do not work. 1000789 - Failed to create VM from template without any image disks 1002401 - [RFE] backup/restore: support restoring to different database location 1002664 - Failures to remove images from an import domain result in imported images on data domains being marked as illegal. 1003117 - Make UseSecureConnectionWithServers config option availabe via rhevm-config 1004066 - Host: Exit message: internal error No more available PCI addresses 1005256 - When deleting snapshots created for Live Storage Migration, RHEV removes the source disk rather than the snapshot 1006659 - prestarted VMs in a pool do not use sysprep file 1012798 - [RFE] [webadmin] pin left pane to dialog window in New logical network dialog 1013860 - "Resources" tab on the Power User Portal unable to display all virtual machine disks 1015148 - [RFE] Ability to see additional detail on Storage summary in the RHEV-M environment 1015638 - VmPoolMonitor throws a NullPointerException while starting a guest that in turn remains down with its images locked. 1018201 - CPU pinning option is not available for the VMs running on "Local on Host" type DataCenter. 1021326 - Max Memory Over Commitment's units should use percentage and not "MB" 1023131 - DestroyVDSCommand called after CancelMigrateVDSCommand failure when attempting to cancel multiple live migrations at a time 1023952 - [RFE] [RHEVM][webadmin] vNIC profile screens are missing features 1028966 - require openjdk version which solves the memory leak in RHEV-M: service ovirt-engine gets OOM killed after few days of uptime 1029106 - getallfromvmtemplates stored in procedure execution takes long time making VM creation take long time when having more than 80 templates 1029177 - taskcleaner.sh '-l' option does not produce logfile 1032807 - TryBackToAllSnapshotsOfVm threw NullPointerException during snapshot-preview because of random disk attached to VM 1037894 - rhevm-manage-domains fails to update ldapServers entries when using action=edit 1039839 - CVE-2013-6434 rhev: remote-viewer spice tls-stripping issue 6. Package List: RHEV-M 3.3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-3.3.0-0.45.el6ev.src.rpm noarch: rhevm-3.3.0-0.45.el6ev.noarch.rpm rhevm-backend-3.3.0-0.45.el6ev.noarch.rpm rhevm-dbscripts-3.3.0-0.45.el6ev.noarch.rpm rhevm-lib-3.3.0-0.45.el6ev.noarch.rpm rhevm-restapi-3.3.0-0.45.el6ev.noarch.rpm rhevm-setup-3.3.0-0.45.el6ev.noarch.rpm rhevm-setup-plugin-allinone-3.3.0-0.45.el6ev.noarch.rpm rhevm-tools-3.3.0-0.45.el6ev.noarch.rpm rhevm-userportal-3.3.0-0.45.el6ev.noarch.rpm rhevm-webadmin-portal-3.3.0-0.45.el6ev.noarch.rpm rhevm-websocket-proxy-3.3.0-0.45.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6434.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html/Technical_Notes/chap-RHSA-20140038_-_rhevm.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS3rGCXlSAg2UNWIIRAsxHAKCEp/vpH2VAe8BbfOxzeFMTdYBmfgCgvs35 Xjv/Ou6YWLD6+l66AjiIJkc= =smJ/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 21 17:46:39 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Jan 2014 17:46:39 +0000 Subject: [RHSA-2014:0041-01] Important: rhev-hypervisor6 security update Message-ID: <201401211746.s0LHkeCp031611@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-hypervisor6 security update Advisory ID: RHSA-2014:0041-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0041.html Issue date: 2014-01-21 CVE Names: CVE-2013-4353 CVE-2013-5605 CVE-2013-5606 CVE-2013-6449 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-5606. Upstream acknowledges Camilo Viecco as the original reporter of CVE-2013-5606. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers: CVE-2013-6462 (libXfont issue) CVE-2013-6629, and CVE-2013-6630 (libjpeg-turbo issues) CVE-2013-1739, CVE-2013-1741, and CVE-2013-5607 (nss, nspr issues) CVE-2013-6450 (openssl issue) CVE-2013-6425 (pixman issue) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1005766 - [rhev-hypervisor6] Build rhev-hypervisor6 for 3.3 release 1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) 1031457 - CVE-2013-5606 nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103) 1045363 - CVE-2013-6449 openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm 1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets 6. Package List: RHEV Hypervisor for RHEL-6: noarch: rhev-hypervisor6-6.5-20140112.0.el6ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4353.html https://www.redhat.com/security/data/cve/CVE-2013-5605.html https://www.redhat.com/security/data/cve/CVE-2013-5606.html https://www.redhat.com/security/data/cve/CVE-2013-6449.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS3rJKXlSAg2UNWIIRAuUAAJwIFL3R5UsTxzSVnfbR1w4btwffKwCcCPes ioQmf/6xVM83BwwFEwBENpg= =QMJK -----END PGP SIGNATURE-----