From bugzilla at redhat.com Thu Dec 3 11:30:36 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Dec 2009 06:30:36 -0500 Subject: [RHSA-2009:1635-01] Important: kernel-rt security, bug fix, and enhancement update Message-ID: <200912031130.nB3BUa6G031649@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2009:1635-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1635.html Issue date: 2009-12-03 CVE Names: CVE-2009-3726 CVE-2009-3889 CVE-2009-3939 ===================================================================== 1. Summary: Updated kernel-rt packages that fix security issues, two bugs, and add two enhancements are now available for Red Hat Enterprise MRG 1.2. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a NULL pointer dereference flaw was found in the NFSv4 implementation in the Linux kernel. Several of the NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local user on a system with an NFSv4 share mounted could possibly use this flaw to cause a denial of service or escalate their privileges. (CVE-2009-3726, Important) * permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The "dbg_lvl" and "poll_mode_io" files on the sysfs file system ("/sys/") had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate) These updated packages also fix the following bugs: * a problem existed with the i5000_edac driver under some topologies. In some cases, this driver failed to export memory devices via sysfs, preventing the ibm-prtm service from starting. With this update, the memory devices are accessible, allowing the ibm-prtm service to start, and therefore perform SMI remediation as expected. (BZ#527421) * the "/proc/sys/vm/mmap_min_addr" tunable helps prevent unprivileged users from creating new memory mappings below the minimum address. The sysctl value for mmap_min_addr could be changed by a process or user that has an effective user ID (euid) of 0, even if the process or user does not have the CAP_SYS_RAWIO capability. This update adds a capability check for the CAP_SYS_RAWIO capability before allowing the mmap_min_addr value to be changed. (BZ#534019) As well, these updated packages add the following enhancements: * the Intel ixgbe driver was updated to upstream version 2.0.16-k2. (BZ#537505) * the InfiniBand OFED driver was updated to upstream version 1.4.1. (BZ#537500) Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 526068 - CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs 527421 - HS21xm i5000_edac kernel topology fix 529227 - CVE-2009-3726 kernel: nfsv4: kernel panic in nfs4_proc_lock() 534019 - kernel: sysctl: require CAP_SYS_RAWIO to set mmap_min_addr [mrg-1] 537500 - Update Infiniband system to OFED 1.4.1 537505 - update Intel ixgbe driver to latest upstream version 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-139.el5rt.src.rpm i386: kernel-rt-2.6.24.7-139.el5rt.i686.rpm kernel-rt-debug-2.6.24.7-139.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.24.7-139.el5rt.i686.rpm kernel-rt-debug-devel-2.6.24.7-139.el5rt.i686.rpm kernel-rt-debuginfo-2.6.24.7-139.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.24.7-139.el5rt.i686.rpm kernel-rt-devel-2.6.24.7-139.el5rt.i686.rpm kernel-rt-trace-2.6.24.7-139.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.24.7-139.el5rt.i686.rpm kernel-rt-trace-devel-2.6.24.7-139.el5rt.i686.rpm kernel-rt-vanilla-2.6.24.7-139.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-139.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.24.7-139.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.24.7-139.el5rt.noarch.rpm x86_64: kernel-rt-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-debug-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-devel-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-trace-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-139.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.24.7-139.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLF6E1XlSAg2UNWIIRAisyAJ4uKfntAdxoAedtpw+G7Mp4Pj//EACeMvHG 6pXIaBdqaQjSrFylTNmczRs= =A2wF -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 7 19:13:53 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Dec 2009 14:13:53 -0500 Subject: [RHSA-2009:1625-01] Moderate: expat security update Message-ID: <200912071913.nB7JDr1L021008@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: expat security update Advisory ID: RHSA-2009:1625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1625.html Issue date: 2009-12-07 CVE Names: CVE-2009-3560 CVE-2009-3720 ===================================================================== 1. Summary: Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720) All expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/expat-1.95.5-6.2.src.rpm i386: expat-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-devel-1.95.5-6.2.i386.rpm ia64: expat-1.95.5-6.2.i386.rpm expat-1.95.5-6.2.ia64.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.ia64.rpm expat-devel-1.95.5-6.2.ia64.rpm ppc: expat-1.95.5-6.2.ppc.rpm expat-1.95.5-6.2.ppc64.rpm expat-debuginfo-1.95.5-6.2.ppc.rpm expat-debuginfo-1.95.5-6.2.ppc64.rpm expat-devel-1.95.5-6.2.ppc.rpm s390: expat-1.95.5-6.2.s390.rpm expat-debuginfo-1.95.5-6.2.s390.rpm expat-devel-1.95.5-6.2.s390.rpm s390x: expat-1.95.5-6.2.s390.rpm expat-1.95.5-6.2.s390x.rpm expat-debuginfo-1.95.5-6.2.s390.rpm expat-debuginfo-1.95.5-6.2.s390x.rpm expat-devel-1.95.5-6.2.s390x.rpm x86_64: expat-1.95.5-6.2.i386.rpm expat-1.95.5-6.2.x86_64.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.x86_64.rpm expat-devel-1.95.5-6.2.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/expat-1.95.5-6.2.src.rpm i386: expat-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-devel-1.95.5-6.2.i386.rpm x86_64: expat-1.95.5-6.2.i386.rpm expat-1.95.5-6.2.x86_64.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.x86_64.rpm expat-devel-1.95.5-6.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/expat-1.95.5-6.2.src.rpm i386: expat-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-devel-1.95.5-6.2.i386.rpm ia64: expat-1.95.5-6.2.i386.rpm expat-1.95.5-6.2.ia64.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.ia64.rpm expat-devel-1.95.5-6.2.ia64.rpm x86_64: expat-1.95.5-6.2.i386.rpm expat-1.95.5-6.2.x86_64.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.x86_64.rpm expat-devel-1.95.5-6.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/expat-1.95.5-6.2.src.rpm i386: expat-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-devel-1.95.5-6.2.i386.rpm ia64: expat-1.95.5-6.2.i386.rpm expat-1.95.5-6.2.ia64.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.ia64.rpm expat-devel-1.95.5-6.2.ia64.rpm x86_64: expat-1.95.5-6.2.i386.rpm expat-1.95.5-6.2.x86_64.rpm expat-debuginfo-1.95.5-6.2.i386.rpm expat-debuginfo-1.95.5-6.2.x86_64.rpm expat-devel-1.95.5-6.2.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/expat-1.95.7-4.el4_8.2.src.rpm i386: expat-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm ia64: expat-1.95.7-4.el4_8.2.i386.rpm expat-1.95.7-4.el4_8.2.ia64.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.ia64.rpm expat-devel-1.95.7-4.el4_8.2.ia64.rpm ppc: expat-1.95.7-4.el4_8.2.ppc.rpm expat-1.95.7-4.el4_8.2.ppc64.rpm expat-debuginfo-1.95.7-4.el4_8.2.ppc.rpm expat-debuginfo-1.95.7-4.el4_8.2.ppc64.rpm expat-devel-1.95.7-4.el4_8.2.ppc.rpm expat-devel-1.95.7-4.el4_8.2.ppc64.rpm s390: expat-1.95.7-4.el4_8.2.s390.rpm expat-debuginfo-1.95.7-4.el4_8.2.s390.rpm expat-devel-1.95.7-4.el4_8.2.s390.rpm s390x: expat-1.95.7-4.el4_8.2.s390.rpm expat-1.95.7-4.el4_8.2.s390x.rpm expat-debuginfo-1.95.7-4.el4_8.2.s390.rpm expat-debuginfo-1.95.7-4.el4_8.2.s390x.rpm expat-devel-1.95.7-4.el4_8.2.s390.rpm expat-devel-1.95.7-4.el4_8.2.s390x.rpm x86_64: expat-1.95.7-4.el4_8.2.i386.rpm expat-1.95.7-4.el4_8.2.x86_64.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.x86_64.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/expat-1.95.7-4.el4_8.2.src.rpm i386: expat-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm x86_64: expat-1.95.7-4.el4_8.2.i386.rpm expat-1.95.7-4.el4_8.2.x86_64.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.x86_64.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/expat-1.95.7-4.el4_8.2.src.rpm i386: expat-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm ia64: expat-1.95.7-4.el4_8.2.i386.rpm expat-1.95.7-4.el4_8.2.ia64.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.ia64.rpm expat-devel-1.95.7-4.el4_8.2.ia64.rpm x86_64: expat-1.95.7-4.el4_8.2.i386.rpm expat-1.95.7-4.el4_8.2.x86_64.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.x86_64.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/expat-1.95.7-4.el4_8.2.src.rpm i386: expat-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm ia64: expat-1.95.7-4.el4_8.2.i386.rpm expat-1.95.7-4.el4_8.2.ia64.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.ia64.rpm expat-devel-1.95.7-4.el4_8.2.ia64.rpm x86_64: expat-1.95.7-4.el4_8.2.i386.rpm expat-1.95.7-4.el4_8.2.x86_64.rpm expat-debuginfo-1.95.7-4.el4_8.2.i386.rpm expat-debuginfo-1.95.7-4.el4_8.2.x86_64.rpm expat-devel-1.95.7-4.el4_8.2.i386.rpm expat-devel-1.95.7-4.el4_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-8.3.el5_4.2.src.rpm i386: expat-1.95.8-8.3.el5_4.2.i386.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.i386.rpm x86_64: expat-1.95.8-8.3.el5_4.2.i386.rpm expat-1.95.8-8.3.el5_4.2.x86_64.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.i386.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-8.3.el5_4.2.src.rpm i386: expat-debuginfo-1.95.8-8.3.el5_4.2.i386.rpm expat-devel-1.95.8-8.3.el5_4.2.i386.rpm x86_64: expat-debuginfo-1.95.8-8.3.el5_4.2.i386.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.x86_64.rpm expat-devel-1.95.8-8.3.el5_4.2.i386.rpm expat-devel-1.95.8-8.3.el5_4.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/expat-1.95.8-8.3.el5_4.2.src.rpm i386: expat-1.95.8-8.3.el5_4.2.i386.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.i386.rpm expat-devel-1.95.8-8.3.el5_4.2.i386.rpm ia64: expat-1.95.8-8.3.el5_4.2.i386.rpm expat-1.95.8-8.3.el5_4.2.ia64.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.i386.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.ia64.rpm expat-devel-1.95.8-8.3.el5_4.2.ia64.rpm ppc: expat-1.95.8-8.3.el5_4.2.ppc.rpm expat-1.95.8-8.3.el5_4.2.ppc64.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.ppc.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.ppc64.rpm expat-devel-1.95.8-8.3.el5_4.2.ppc.rpm expat-devel-1.95.8-8.3.el5_4.2.ppc64.rpm s390x: expat-1.95.8-8.3.el5_4.2.s390.rpm expat-1.95.8-8.3.el5_4.2.s390x.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.s390.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.s390x.rpm expat-devel-1.95.8-8.3.el5_4.2.s390.rpm expat-devel-1.95.8-8.3.el5_4.2.s390x.rpm x86_64: expat-1.95.8-8.3.el5_4.2.i386.rpm expat-1.95.8-8.3.el5_4.2.x86_64.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.i386.rpm expat-debuginfo-1.95.8-8.3.el5_4.2.x86_64.rpm expat-devel-1.95.8-8.3.el5_4.2.i386.rpm expat-devel-1.95.8-8.3.el5_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLHVOoXlSAg2UNWIIRAtwBAJ9rIzZRJMIODDkto71oTqOr1Rj8QACeLfVe xVrlsoGzitM0I4Kk59cJVGk= =eezz -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 7 19:25:57 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Dec 2009 14:25:57 -0500 Subject: [RHSA-2009:1642-02] Important: acpid security update Message-ID: <200912071925.nB7JPvBY018618@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: acpid security update Advisory ID: RHSA-2009:1642-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1642.html Issue date: 2009-12-07 CVE Names: CVE-2009-4033 ===================================================================== 1. Summary: An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. It was discovered that acpid could create its log file ("/var/log/acpid") with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid or setgid bit set. (CVE-2009-4033) Please note that this flaw was due to a Red Hat-specific patch (acpid-1.0.4-fd.patch) included in the Red Hat Enterprise Linux 5 acpid package. Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 515062 - /var/log/acpid has improper permissions 542926 - CVE-2009-4033 acpid: log file created with random permissions 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/acpid-1.0.4-9.el5_4.1.src.rpm i386: acpid-1.0.4-9.el5_4.1.i386.rpm acpid-debuginfo-1.0.4-9.el5_4.1.i386.rpm x86_64: acpid-1.0.4-9.el5_4.1.x86_64.rpm acpid-debuginfo-1.0.4-9.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/acpid-1.0.4-9.el5_4.1.src.rpm i386: acpid-1.0.4-9.el5_4.1.i386.rpm acpid-debuginfo-1.0.4-9.el5_4.1.i386.rpm ia64: acpid-1.0.4-9.el5_4.1.ia64.rpm acpid-debuginfo-1.0.4-9.el5_4.1.ia64.rpm x86_64: acpid-1.0.4-9.el5_4.1.x86_64.rpm acpid-debuginfo-1.0.4-9.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4033 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLHVa6XlSAg2UNWIIRAgy1AJ4m4BDmOZBAzVEH/driGf7fEd6a1wCfSOFY GR8nSSBJMB41JNgS2R+VmbI= =Euil -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 8 02:59:18 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Dec 2009 21:59:18 -0500 Subject: [RHSA-2009:1643-01] Critical: java-1.4.2-ibm security update Message-ID: <200912080259.nB82xI8t026985@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2009:1643-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1643.html Issue date: 2009-12-07 CVE Names: CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) 530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) 530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) 530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) 530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) 532906 - CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) 533214 - CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) 533215 - CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.ppc.rpm s390: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3.s390.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 http://www.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLHcDhXlSAg2UNWIIRAtt4AKCIg4kEgvW0jX+sDFbM8IhscfL5gACgu9+k SoLgBd+xd1ESgiIWDIv6PNI= =agVn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 8 19:54:47 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Dec 2009 14:54:47 -0500 Subject: [RHSA-2009:1646-01] Moderate: libtool security update Message-ID: <200912081954.nB8JsmPm023364@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libtool security update Advisory ID: RHSA-2009:1646-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1646.html Issue date: 2009-12-08 CVE Names: CVE-2009-3736 ===================================================================== 1. Summary: Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool's libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. (CVE-2009-3736) All libtool users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications using the libltdl library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtool-1.4.3-7.src.rpm i386: libtool-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.i386.rpm ia64: libtool-1.4.3-7.ia64.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.ia64.rpm libtool-libs-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.ia64.rpm ppc: libtool-1.4.3-7.ppc.rpm libtool-debuginfo-1.4.3-7.ppc.rpm libtool-debuginfo-1.4.3-7.ppc64.rpm libtool-libs-1.4.3-7.ppc.rpm libtool-libs-1.4.3-7.ppc64.rpm s390: libtool-1.4.3-7.s390.rpm libtool-debuginfo-1.4.3-7.s390.rpm libtool-libs-1.4.3-7.s390.rpm s390x: libtool-1.4.3-7.s390x.rpm libtool-debuginfo-1.4.3-7.s390.rpm libtool-debuginfo-1.4.3-7.s390x.rpm libtool-libs-1.4.3-7.s390.rpm libtool-libs-1.4.3-7.s390x.rpm x86_64: libtool-1.4.3-7.x86_64.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.x86_64.rpm libtool-libs-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtool-1.4.3-7.src.rpm i386: libtool-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.i386.rpm x86_64: libtool-1.4.3-7.x86_64.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.x86_64.rpm libtool-libs-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtool-1.4.3-7.src.rpm i386: libtool-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.i386.rpm ia64: libtool-1.4.3-7.ia64.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.ia64.rpm libtool-libs-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.ia64.rpm x86_64: libtool-1.4.3-7.x86_64.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.x86_64.rpm libtool-libs-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtool-1.4.3-7.src.rpm i386: libtool-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.i386.rpm ia64: libtool-1.4.3-7.ia64.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.ia64.rpm libtool-libs-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.ia64.rpm x86_64: libtool-1.4.3-7.x86_64.rpm libtool-debuginfo-1.4.3-7.i386.rpm libtool-debuginfo-1.4.3-7.x86_64.rpm libtool-libs-1.4.3-7.i386.rpm libtool-libs-1.4.3-7.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtool-1.5.6-5.el4_8.src.rpm i386: libtool-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm ia64: libtool-1.5.6-5.el4_8.ia64.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.ia64.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.ia64.rpm ppc: libtool-1.5.6-5.el4_8.ppc.rpm libtool-debuginfo-1.5.6-5.el4_8.ppc.rpm libtool-debuginfo-1.5.6-5.el4_8.ppc64.rpm libtool-libs-1.5.6-5.el4_8.ppc.rpm libtool-libs-1.5.6-5.el4_8.ppc64.rpm s390: libtool-1.5.6-5.el4_8.s390.rpm libtool-debuginfo-1.5.6-5.el4_8.s390.rpm libtool-libs-1.5.6-5.el4_8.s390.rpm s390x: libtool-1.5.6-5.el4_8.s390x.rpm libtool-debuginfo-1.5.6-5.el4_8.s390.rpm libtool-debuginfo-1.5.6-5.el4_8.s390x.rpm libtool-libs-1.5.6-5.el4_8.s390.rpm libtool-libs-1.5.6-5.el4_8.s390x.rpm x86_64: libtool-1.5.6-5.el4_8.x86_64.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.x86_64.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtool-1.5.6-5.el4_8.src.rpm i386: libtool-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm x86_64: libtool-1.5.6-5.el4_8.x86_64.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.x86_64.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtool-1.5.6-5.el4_8.src.rpm i386: libtool-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm ia64: libtool-1.5.6-5.el4_8.ia64.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.ia64.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.ia64.rpm x86_64: libtool-1.5.6-5.el4_8.x86_64.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.x86_64.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtool-1.5.6-5.el4_8.src.rpm i386: libtool-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm ia64: libtool-1.5.6-5.el4_8.ia64.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.ia64.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.ia64.rpm x86_64: libtool-1.5.6-5.el4_8.x86_64.rpm libtool-debuginfo-1.5.6-5.el4_8.i386.rpm libtool-debuginfo-1.5.6-5.el4_8.x86_64.rpm libtool-libs-1.5.6-5.el4_8.i386.rpm libtool-libs-1.5.6-5.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtool-1.5.22-7.el5_4.src.rpm i386: libtool-debuginfo-1.5.22-7.el5_4.i386.rpm libtool-ltdl-1.5.22-7.el5_4.i386.rpm x86_64: libtool-debuginfo-1.5.22-7.el5_4.i386.rpm libtool-debuginfo-1.5.22-7.el5_4.x86_64.rpm libtool-ltdl-1.5.22-7.el5_4.i386.rpm libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtool-1.5.22-7.el5_4.src.rpm i386: libtool-1.5.22-7.el5_4.i386.rpm libtool-debuginfo-1.5.22-7.el5_4.i386.rpm libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm x86_64: libtool-1.5.22-7.el5_4.x86_64.rpm libtool-debuginfo-1.5.22-7.el5_4.i386.rpm libtool-debuginfo-1.5.22-7.el5_4.x86_64.rpm libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtool-1.5.22-7.el5_4.src.rpm i386: libtool-1.5.22-7.el5_4.i386.rpm libtool-debuginfo-1.5.22-7.el5_4.i386.rpm libtool-ltdl-1.5.22-7.el5_4.i386.rpm libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm ia64: libtool-1.5.22-7.el5_4.ia64.rpm libtool-debuginfo-1.5.22-7.el5_4.ia64.rpm libtool-ltdl-1.5.22-7.el5_4.ia64.rpm libtool-ltdl-devel-1.5.22-7.el5_4.ia64.rpm ppc: libtool-1.5.22-7.el5_4.ppc.rpm libtool-debuginfo-1.5.22-7.el5_4.ppc.rpm libtool-debuginfo-1.5.22-7.el5_4.ppc64.rpm libtool-ltdl-1.5.22-7.el5_4.ppc.rpm libtool-ltdl-1.5.22-7.el5_4.ppc64.rpm libtool-ltdl-devel-1.5.22-7.el5_4.ppc.rpm libtool-ltdl-devel-1.5.22-7.el5_4.ppc64.rpm s390x: libtool-1.5.22-7.el5_4.s390x.rpm libtool-debuginfo-1.5.22-7.el5_4.s390.rpm libtool-debuginfo-1.5.22-7.el5_4.s390x.rpm libtool-ltdl-1.5.22-7.el5_4.s390.rpm libtool-ltdl-1.5.22-7.el5_4.s390x.rpm libtool-ltdl-devel-1.5.22-7.el5_4.s390.rpm libtool-ltdl-devel-1.5.22-7.el5_4.s390x.rpm x86_64: libtool-1.5.22-7.el5_4.x86_64.rpm libtool-debuginfo-1.5.22-7.el5_4.i386.rpm libtool-debuginfo-1.5.22-7.el5_4.x86_64.rpm libtool-ltdl-1.5.22-7.el5_4.i386.rpm libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm libtool-ltdl-devel-1.5.22-7.el5_4.i386.rpm libtool-ltdl-devel-1.5.22-7.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLHq7cXlSAg2UNWIIRAh5JAJ49Nw79sizzhPugH6GiMk+4ordV+ACgunom aqUO/iHgSo+r1/vLSDPJXck= =NrRz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 8 19:55:34 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Dec 2009 14:55:34 -0500 Subject: [RHSA-2009:1647-01] Critical: java-1.5.0-ibm security update Message-ID: <200912081955.nB8JtY1V030104@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2009:1647-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1647.html Issue date: 2009-12-08 CVE Names: CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR11 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) 530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) 530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) 530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) 530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) 532906 - CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) 533214 - CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) 533215 - CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.ppc64.rpm s390: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 http://www.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLHq8SXlSAg2UNWIIRAuGRAKCY40u6cNtmvYpCPSWUBKVByUJatACeIOJb L5DpO1wgLBYFJ9nf+FuuHT8= =NwnV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 8 19:56:16 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Dec 2009 14:56:16 -0500 Subject: [RHSA-2009:1648-01] Moderate: ntp security update Message-ID: <200912081956.nB8JuG9t014463@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2009:1648-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1648.html Issue date: 2009-12-08 CVE Names: CVE-2009-3563 ===================================================================== 1. Summary: An updated ntp package that fixes a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. (CVE-2009-3563) All ntp users are advised to upgrade to this updated package, which contains a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 531213 - CVE-2009-3563 ntpd: DoS with mode 7 packets (VU#568372) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ntp-4.2.0.a.20040617-8.el4_8.1.src.rpm i386: ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.ia64.rpm ppc: ntp-4.2.0.a.20040617-8.el4_8.1.ppc.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.ppc.rpm s390: ntp-4.2.0.a.20040617-8.el4_8.1.s390.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.s390.rpm s390x: ntp-4.2.0.a.20040617-8.el4_8.1.s390x.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.s390x.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ntp-4.2.0.a.20040617-8.el4_8.1.src.rpm i386: ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.i386.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ntp-4.2.0.a.20040617-8.el4_8.1.src.rpm i386: ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.ia64.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ntp-4.2.0.a.20040617-8.el4_8.1.src.rpm i386: ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.ia64.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ntp-4.2.2p1-9.el5_4.1.src.rpm i386: ntp-4.2.2p1-9.el5_4.1.i386.rpm ntp-debuginfo-4.2.2p1-9.el5_4.1.i386.rpm x86_64: ntp-4.2.2p1-9.el5_4.1.x86_64.rpm ntp-debuginfo-4.2.2p1-9.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ntp-4.2.2p1-9.el5_4.1.src.rpm i386: ntp-4.2.2p1-9.el5_4.1.i386.rpm ntp-debuginfo-4.2.2p1-9.el5_4.1.i386.rpm ia64: ntp-4.2.2p1-9.el5_4.1.ia64.rpm ntp-debuginfo-4.2.2p1-9.el5_4.1.ia64.rpm ppc: ntp-4.2.2p1-9.el5_4.1.ppc.rpm ntp-debuginfo-4.2.2p1-9.el5_4.1.ppc.rpm s390x: ntp-4.2.2p1-9.el5_4.1.s390x.rpm ntp-debuginfo-4.2.2p1-9.el5_4.1.s390x.rpm x86_64: ntp-4.2.2p1-9.el5_4.1.x86_64.rpm ntp-debuginfo-4.2.2p1-9.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLHq8+XlSAg2UNWIIRAjyLAJ40LPEaDUByROyycqY+l76o2x4Q0gCcD6r3 Gk0LKJree2YiG7UyJiADO+E= =a/y+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 8 19:57:30 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Dec 2009 14:57:30 -0500 Subject: [RHSA-2009:1651-01] Moderate: ntp security update Message-ID: <200912081957.nB8JvUx7014702@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2009:1651-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1651.html Issue date: 2009-12-08 CVE Names: CVE-2009-0159 CVE-2009-3563 ===================================================================== 1. Summary: An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. (CVE-2009-3563) A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. (CVE-2009-0159) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 490617 - CVE-2009-0159 ntp: buffer overflow in ntpq 531213 - CVE-2009-3563 ntpd: DoS with mode 7 packets (VU#568372) 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ntp-4.1.2-6.el3.src.rpm i386: ntp-4.1.2-6.el3.i386.rpm ntp-debuginfo-4.1.2-6.el3.i386.rpm ia64: ntp-4.1.2-6.el3.ia64.rpm ntp-debuginfo-4.1.2-6.el3.ia64.rpm ppc: ntp-4.1.2-6.el3.ppc.rpm ntp-debuginfo-4.1.2-6.el3.ppc.rpm s390: ntp-4.1.2-6.el3.s390.rpm ntp-debuginfo-4.1.2-6.el3.s390.rpm s390x: ntp-4.1.2-6.el3.s390x.rpm ntp-debuginfo-4.1.2-6.el3.s390x.rpm x86_64: ntp-4.1.2-6.el3.x86_64.rpm ntp-debuginfo-4.1.2-6.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ntp-4.1.2-6.el3.src.rpm i386: ntp-4.1.2-6.el3.i386.rpm ntp-debuginfo-4.1.2-6.el3.i386.rpm x86_64: ntp-4.1.2-6.el3.x86_64.rpm ntp-debuginfo-4.1.2-6.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ntp-4.1.2-6.el3.src.rpm i386: ntp-4.1.2-6.el3.i386.rpm ntp-debuginfo-4.1.2-6.el3.i386.rpm ia64: ntp-4.1.2-6.el3.ia64.rpm ntp-debuginfo-4.1.2-6.el3.ia64.rpm x86_64: ntp-4.1.2-6.el3.x86_64.rpm ntp-debuginfo-4.1.2-6.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ntp-4.1.2-6.el3.src.rpm i386: ntp-4.1.2-6.el3.i386.rpm ntp-debuginfo-4.1.2-6.el3.i386.rpm ia64: ntp-4.1.2-6.el3.ia64.rpm ntp-debuginfo-4.1.2-6.el3.ia64.rpm x86_64: ntp-4.1.2-6.el3.x86_64.rpm ntp-debuginfo-4.1.2-6.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLHq9yXlSAg2UNWIIRAt5bAJ9HWVHeNioR/OXgl2CJ7Z+SyHrH0ACgwoA7 YhoWPoVwCPb7Eag+AQ31KQM= =lpWc -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 9 16:31:53 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Dec 2009 11:31:53 -0500 Subject: [RHSA-2009:1657-01] Critical: flash-plugin security update Message-ID: <200912091631.nB9GVsbc009475@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2009:1657-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1657.html Issue date: 2009-12-09 CVE Names: CVE-2009-3794 CVE-2009-3796 CVE-2009-3797 CVE-2009-3798 CVE-2009-3799 CVE-2009-3800 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.0.42.34. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 543857 - flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) 6. Package List: RHEL Desktop Supplementary (v. 5 client): i386: flash-plugin-10.0.42.34-1.el5.i386.rpm x86_64: flash-plugin-10.0.42.34-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: flash-plugin-10.0.42.34-1.el5.i386.rpm x86_64: flash-plugin-10.0.42.34-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800 http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb09-19.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLH9DpXlSAg2UNWIIRAsQkAKCFZm4pGqEI5SItuhVarIiwnjUevACgiwuC TW3M79YeyspEscv8LFIugHE= =6u/d -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 9 16:32:13 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Dec 2009 11:32:13 -0500 Subject: [RHSA-2009:1658-01] Critical: flash-plugin security update Message-ID: <200912091632.nB9GWEov031338@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2009:1658-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1658.html Issue date: 2009-12-09 CVE Names: CVE-2009-3794 CVE-2009-3796 CVE-2009-3798 CVE-2009-3799 CVE-2009-3800 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 Extras and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.260.0. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 543857 - flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800) 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm Red Hat Desktop version 3 Extras: i386: flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: flash-plugin-9.0.260.0-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: flash-plugin-9.0.260.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: flash-plugin-9.0.260.0-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: flash-plugin-9.0.260.0-1.el4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800 http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb09-19.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLH9D/XlSAg2UNWIIRAlb5AKC4DVISiRXmGH36zVo/HAmYIVGZFQCdGen1 YbCE13nSy+uAopAemET0yvM= =SHt6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 9 16:33:01 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Dec 2009 11:33:01 -0500 Subject: [RHSA-2009:1659-01] Moderate: kvm security and bug fix update Message-ID: <200912091633.nB9GX1xq032330@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kvm security and bug fix update Advisory ID: RHSA-2009:1659-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1659.html Issue date: 2009-12-09 CVE Names: CVE-2009-4031 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. On x86 platforms, the do_insn_fetch() function did not limit the amount of instruction bytes fetched per instruction. Users in guest operating systems could leverage this flaw to cause large latencies on SMP hosts that could lead to a local denial of service on the host operating system. This update fixes this issue by imposing the architecturally-defined 15 byte length limit for instructions. (CVE-2009-4031) This update also fixes the following bugs: * performance problems occurred when using the qcow2 image format with the qemu-kvm -drive "cache=none" option (the default setting when not specified otherwise). This could cause guest operating system installations to take hours. With this update, performance patches have been backported so that using the qcow2 image format with the "cache=none" option no longer causes performance issues. (BZ#520693) * when using the virtual vm8086 mode, bugs in the emulated hardware task switching implementation may have, in some situations, caused older guest operating systems to malfunction. (BZ#532031) * Windows Server 2003 guests (32-bit) with more than 4GB of memory may have crashed during reboot when using the default qemu-kvm CPU settings. (BZ#532043) * with Red Hat Enterprise Virtualization, guests continued to run after encountering disk read errors. This could have led to their file systems becoming corrupted (but not the host's), notably in environments that use networked storage. With this update, the qemu-kvm -drive "werror=stop" option now applies not only to write errors but also to read errors: When using this option, guests will pause on disk read and write errors. By default, guests managed by Red Hat Enterprise Virtualization use the "werror=stop" option. This option is not used by default for guests managed by libvirt. (BZ#537334, BZ#540406) * the para-virtualized block driver (virtio-blk) silently ignored read errors when accessing disk images. With this update, the driver correctly signals the read error to the guest. (BZ#537334) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 532031 - KVM does not implement proper support for hardware task linking when using vm8086 mode 532043 - qemu aborted when restart 32bitwin23k with more than 4G mem in intel host. 537334 - O/S Filesystem Corruption with RHEL-5.4 on a RHEV Guest 540406 - RHEL5.4 VM image corruption with an IDE v-disk 541160 - CVE-2009-4031 kernel: KVM: x86 emulator: limit instructions to 15 bytes 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-105.el5_4.13.src.rpm x86_64: kmod-kvm-83-105.el5_4.13.x86_64.rpm kvm-83-105.el5_4.13.x86_64.rpm kvm-debuginfo-83-105.el5_4.13.x86_64.rpm kvm-qemu-img-83-105.el5_4.13.x86_64.rpm kvm-tools-83-105.el5_4.13.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-105.el5_4.13.src.rpm x86_64: kmod-kvm-83-105.el5_4.13.x86_64.rpm kvm-83-105.el5_4.13.x86_64.rpm kvm-debuginfo-83-105.el5_4.13.x86_64.rpm kvm-qemu-img-83-105.el5_4.13.x86_64.rpm kvm-tools-83-105.el5_4.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4031 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLH9EXXlSAg2UNWIIRAv8oAJ9Q0eSSPCDZPXVjH6R4lwDjJGM/NwCfe126 QRjKPSU1gAQ8mEBAN03qm70= =Y+Un -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 15 17:39:03 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Dec 2009 12:39:03 -0500 Subject: [RHSA-2009:1670-01] Important: kernel security and bug fix update Message-ID: <200912151739.nBFHd3lq017679@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1670-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1670.html Issue date: 2009-12-15 CVE Names: CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * NULL pointer dereference flaws in the r128 driver. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important) * a NULL pointer dereference flaw in the NFSv4 implementation. Several NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local user on a system with an NFSv4 share mounted could possibly use this flaw to cause a denial of service or escalate their privileges. (CVE-2009-3726, Important) * a flaw in tcf_fill_node(). A certain data structure in this function was not initialized properly before being copied to user-space. This could lead to an information leak. (CVE-2009-3612, Moderate) * unix_stream_connect() did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate) Knowledgebase DOC-20536 has steps to mitigate NULL pointer dereference flaws. Bug fixes: * frequently changing a CPU between online and offline caused a kernel panic on some systems. (BZ#545583) * for the LSI Logic LSI53C1030 Ultra320 SCSI controller, read commands sent could receive incorrect data, preventing correct data transfer. (BZ#529308) * pciehp could not detect PCI Express hot plug slots on some systems. (BZ#530383) * soft lockups: inotify race and contention on dcache_lock. (BZ#533822, BZ#537019) * priority ordered lists are now used for threads waiting for a given mutex. (BZ#533858) * a deadlock in DLM could cause GFS2 file systems to lock up. (BZ#533859) * use-after-free bug in the audit subsystem crashed certain systems when running usermod. (BZ#533861) * on certain hardware configurations, a kernel panic when the Broadcom iSCSI offload driver (bnx2i.ko and cnic.ko) was loaded. (BZ#537014) * qla2xxx: Enabled MSI-X, and correctly handle the module parameter to control it. This improves performance for certain systems. (BZ#537020) * system crash when reading the cpuaffinity file on a system. (BZ#537346) * suspend-resume problems on systems with lots of logical CPUs, e.g. BX-EX. (BZ#539674) * off-by-one error in the legacy PCI bus check. (BZ#539675) * TSC was not made available on systems with multi-clustered APICs. This could cause slow performance for time-sensitive applications. (BZ#539676) * ACPI: ARB_DISABLE now disabled on platforms that do not need it. (BZ#539677) * fix node to core and power-aware scheduling issues, and a kernel panic during boot on certain AMD Opteron processors. (BZ#539678, BZ#540469, BZ#539680, BZ#539682) * APIC timer interrupt issues on some AMD Opteron systems prevented achieving full power savings. (BZ#539681) * general OProfile support for some newer Intel processors. (BZ#539683) * system crash during boot when NUMA is enabled on systems using MC and kernel-xen. (BZ#539684) * on some larger systems, performance issues due to a spinlock. (BZ#539685) * APIC errors when IOMMU is enabled on some AMD Opteron systems. (BZ#539687) * on some AMD Opteron systems, repeatedly taking a CPU offline then online caused a system hang. (BZ#539688) * I/O page fault errors on some systems. (BZ#539689) * certain memory configurations could cause the kernel-xen kernel to fail to boot on some AMD Opteron systems. (BZ#539690) * NMI watchdog is now disabled for offline CPUs. (BZ#539691) * duplicate directories in /proc/acpi/processor/ on BX-EX systems. (BZ#539692) * links did not come up when using bnx2x with certain Broadcom devices. (BZ#540381) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 528868 - CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 529227 - CVE-2009-3726 kernel: nfsv4: kernel panic in nfs4_proc_lock() 529308 - [5.4]The errata 28 fix on LSI53C1030 hasn't been included yet. [rhel-5.4.z] 529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised 529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket 530383 - [5.3] PCIe hotplug slot detection failure [rhel-5.4.z] 533822 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.4.z] 533858 - threads on pthread_mutex_lock wake in fifo order, but posix specifies by priority [rhel-5.4.z] 533859 - dlm_recv deadlock under memory pressure while processing GFP_KERNEL locks. [rhel-5.4.z] 533861 - system crashes in audit_update_watch() [rhel-5.4.z] 537014 - Panic on boot when loading iscsid with broadcom NIC [rhel-5.4.z] 537019 - kernel: BUG: soft lockup with dcache_lock [rhel-5.4.z] 537020 - [QLogic 5.4.z bug] qla2xxx - enable MSI-X and correct/cleanup irq request code [rhel-5.4.z] 537346 - kernel: NULL pointer dereference in pci_bus_show_cpuaffinity() [rhel-5.4.z] 539675 - [Intel 5.5 FEAT] Add ability to access Nehalem uncore config space [rhel-5.4.z] 539676 - [Intel 5.5 FEAT] Support Intel multi-APIC-cluster systems [rhel-5.4.z] 539677 - [Intel 5.5 FEAT] ACPI: Disable ARB_DISABLE on platforms where it is not needed [rhel-5.4.z] 539678 - Fix node to core association [rhel-5.4.z] 539680 - Fix Power-aware scheduling [rhel-5.4.z] 539681 - Fix AMD erratum - server C1E [rhel-5.4.z] 539682 - Fix kernel panic while booting RHEL5 32-bit kernel [rhel-5.4.z] 539683 - [Intel 5.5 FEAT] Oprofile: Add support for arch perfmon - kernel component [rhel-5.4.z] 539684 - EXPERIMENTAL EX/MC: Fix Xen NUMA [rhel-5.4.z] 539685 - [Intel 5.5 FEAT] Fix spinlock issue which causes performance impact on large systems [rhel-5.4.z] 539687 - EXPERIMENTAL MC/EX: Fix APIC error IOMMU issues [rhel-5.4.z] 539688 - EXPERIMENTAL MC/EX: Issue when bringing CPU offline and online with 32-bit kernel [rhel-5.4.z] 539689 - EXPERIMENTAL EX/MC: AMD IOMMU Linux driver with latest BIOS has IO PAGE FAULTS [rhel-5.4.z] 539690 - EXPERIMENTAL MC/EX: Incorrect memory setup can cause Xen crash [rhel-5.4.z] 539691 - [Intel 5.5 BUG] NMI and Watchdog are not disabled on CPU when CPU is off-lined [rhel-5.4.z] 540381 - Broadcom Everest Dual port 10Gb with SFP+ (57711) NIC fails with no link [rhel-5.4.z] 540469 - EXPERIMENTAL EX/MC: Fix node to core issue [rhel-5.4.z] 545583 - kernel panic when doing cpu offline/online frequently on hp-dl785g5-01.rhts.eng.bos.redhat.com [rhel-5.4.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.9.1.el5.src.rpm i386: kernel-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debug-2.6.18-164.9.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.i686.rpm kernel-devel-2.6.18-164.9.1.el5.i686.rpm kernel-headers-2.6.18-164.9.1.el5.i386.rpm kernel-xen-2.6.18-164.9.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.9.1.el5.i686.rpm noarch: kernel-doc-2.6.18-164.9.1.el5.noarch.rpm x86_64: kernel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.x86_64.rpm kernel-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-headers-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.9.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.9.1.el5.src.rpm i386: kernel-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debug-2.6.18-164.9.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.i686.rpm kernel-devel-2.6.18-164.9.1.el5.i686.rpm kernel-headers-2.6.18-164.9.1.el5.i386.rpm kernel-xen-2.6.18-164.9.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.9.1.el5.i686.rpm ia64: kernel-2.6.18-164.9.1.el5.ia64.rpm kernel-debug-2.6.18-164.9.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.ia64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.ia64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.ia64.rpm kernel-devel-2.6.18-164.9.1.el5.ia64.rpm kernel-headers-2.6.18-164.9.1.el5.ia64.rpm kernel-xen-2.6.18-164.9.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.ia64.rpm kernel-xen-devel-2.6.18-164.9.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.9.1.el5.noarch.rpm ppc: kernel-2.6.18-164.9.1.el5.ppc64.rpm kernel-debug-2.6.18-164.9.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.ppc64.rpm kernel-devel-2.6.18-164.9.1.el5.ppc64.rpm kernel-headers-2.6.18-164.9.1.el5.ppc.rpm kernel-headers-2.6.18-164.9.1.el5.ppc64.rpm kernel-kdump-2.6.18-164.9.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.9.1.el5.ppc64.rpm s390x: kernel-2.6.18-164.9.1.el5.s390x.rpm kernel-debug-2.6.18-164.9.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.s390x.rpm kernel-debug-devel-2.6.18-164.9.1.el5.s390x.rpm kernel-debuginfo-2.6.18-164.9.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.s390x.rpm kernel-devel-2.6.18-164.9.1.el5.s390x.rpm kernel-headers-2.6.18-164.9.1.el5.s390x.rpm kernel-kdump-2.6.18-164.9.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.9.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.9.1.el5.s390x.rpm x86_64: kernel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.x86_64.rpm kernel-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-headers-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.9.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3612.html https://www.redhat.com/security/data/cve/CVE-2009-3620.html https://www.redhat.com/security/data/cve/CVE-2009-3621.html https://www.redhat.com/security/data/cve/CVE-2009-3726.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-20536 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLJ8maXlSAg2UNWIIRAspdAJ9snL9coMoBs6EsIPtbeGSFN1rkVwCfZoZ4 GF10zDJTMEN78Yztkoy4UAU= =vFYn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 15 17:39:22 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Dec 2009 12:39:22 -0500 Subject: [RHSA-2009:1671-01] Important: kernel security and bug fix update Message-ID: <200912151739.nBFHdM36017760@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1671-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1671.html Issue date: 2009-12-15 CVE Names: CVE-2009-2910 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could trigger this flaw by using jumbo frames for large amounts of network traffic. (CVE-2009-3613, Important) * NULL pointer dereference flaws were found in the r128 driver in the Linux kernel. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important) * an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate) * the unix_stream_connect() function in the Linux kernel did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate) This update also fixes the following bugs: * an iptables rule with the recent module and a hit count value greater than the ip_pkt_list_tot parameter (the default is 20), did not have any effect over packets, as the hit count could not be reached. (BZ#529306) * in environments that use dual-controller storage devices with the cciss driver, Device-Mapper Multipath maps could not be detected and configured, due to the cciss driver not exporting the bus attribute via sysfs. This attribute is now exported. (BZ#529309) * the kernel crashed with a divide error when a certain joystick was attached. (BZ#532027) * a bug in the mptctl_do_mpt_command() function in the mpt driver may have resulted in crashes during boot on i386 systems with certain adapters using the mpt driver, and also running the hugemem kernel. (BZ#533798) * on certain hardware, the igb driver was unable to detect link statuses correctly. This may have caused problems for network bonding, such as failover not occurring. (BZ#534105) * the RHSA-2009:1024 update introduced a regression. After updating to Red Hat Enterprise Linux 4.8 and rebooting, network links often failed to be brought up for interfaces using the forcedeth driver. "no link during initialization" messages may have been logged. (BZ#534112) * the RHSA-2009:1024 update introduced a second regression. On certain systems, PS/2 keyboards failed to work. (BZ#537344) * a bug in checksum offload calculations could have crashed the bnx2x firmware when the iptable_nat module was loaded, causing network traffic to stop. (BZ#537013) * a check has been added to the IPv4 code to make sure that the routing table data structure, rt, is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#537016) * possible kernel pointer dereferences on systems with several NFS mounts (a mixture of "-o lock" and "-o nolock"), which in rare cases may have caused a system crash, have been resolved. (BZ#537017) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 526788 - CVE-2009-2910 kernel: x86_64 32 bit process register leak 529137 - CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500 529306 - kernel: ipt_recent: sanity check hit count [rhel-4.9] [rhel-4.8.z] 529309 - CCISS device-mapper-multipath support: missing sysfs attributes [rhel-4.8.z] 529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised 529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket 532027 - kernel hid-input.c divide error crash [rhel-4.8.z] 533798 - [Cisco/LSI 4.8.z bug] mptctl module dereferences a userspace address, triggering a crash [rhel-4.8.z] 534105 - EL4.8: igb driver fails to detect link status change on SERDES interface [rhel-4.8.z] 534112 - Upgrade from RHEL4U7 to U8 fails to bring up networking with forcedeth driver. [simple patch] [rhel-4.8.z] 537013 - bnx2x fails when iptables is on [rhel-4.8.z] 537016 - kernel: ipv4: make ip_append_data() handle NULL routing table [rhel-4.8.z] 537017 - NLM: Fix Oops in nlmclnt_mark_reclaim() [rhel-4.8.z] 537344 - RHEL4.8 regression: PS/2 keyboard doesn't work on PRIMERGY TX120S1 [rhel-4.8.z] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm ia64: kernel-2.6.9-89.0.18.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm kernel-devel-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm ppc: kernel-2.6.9-89.0.18.EL.ppc64.rpm kernel-2.6.9-89.0.18.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.0.18.EL.ppc64.rpm kernel-devel-2.6.9-89.0.18.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.0.18.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ppc64.rpm s390: kernel-2.6.9-89.0.18.EL.s390.rpm kernel-debuginfo-2.6.9-89.0.18.EL.s390.rpm kernel-devel-2.6.9-89.0.18.EL.s390.rpm s390x: kernel-2.6.9-89.0.18.EL.s390x.rpm kernel-debuginfo-2.6.9-89.0.18.EL.s390x.rpm kernel-devel-2.6.9-89.0.18.EL.s390x.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm ia64: kernel-2.6.9-89.0.18.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm kernel-devel-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm ia64: kernel-2.6.9-89.0.18.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm kernel-devel-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2910.html https://www.redhat.com/security/data/cve/CVE-2009-3613.html https://www.redhat.com/security/data/cve/CVE-2009-3620.html https://www.redhat.com/security/data/cve/CVE-2009-3621.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLJ8m7XlSAg2UNWIIRAsWJAJ4mEMYJQj0Ip6III9iOvjX2Sy8IUwCfQn4X Fcu+dr6IYIeh7sWonyPng2A= =Sw46 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 15 17:39:46 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Dec 2009 12:39:46 -0500 Subject: [RHSA-2009:1672-01] Important: kernel security and bug fix update Message-ID: <200912151739.nBFHdk4D016243@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1672-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1672.html Issue date: 2009-12-15 CVE Names: CVE-2009-2695 CVE-2009-3547 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.2.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important) * a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important) This update also fixes the following bug: * a bug in the IPv6 implementation in the Linux kernel could have caused an unbalanced reference count. When using network bonding, this bug may have caused a hang when shutting the system down via "shutdown -h", or prevented the network service from being stopped via "service network stop". (BZ#538409) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 517830 - CVE-2009-2695 kernel: SELinux and mmap_min_addr 530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference 538409 - Unbalance reference count in ndisc_recv_ns [rhel-5.2.z] 6. Package List: Red Hat Enterprise Linux (v. 5.2.z server): Source: kernel-2.6.18-92.1.32.el5.src.rpm i386: kernel-2.6.18-92.1.32.el5.i686.rpm kernel-PAE-2.6.18-92.1.32.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.32.el5.i686.rpm kernel-debug-2.6.18-92.1.32.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.32.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.i686.rpm kernel-devel-2.6.18-92.1.32.el5.i686.rpm kernel-headers-2.6.18-92.1.32.el5.i386.rpm kernel-xen-2.6.18-92.1.32.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.32.el5.i686.rpm ia64: kernel-2.6.18-92.1.32.el5.ia64.rpm kernel-debug-2.6.18-92.1.32.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.32.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.32.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.ia64.rpm kernel-devel-2.6.18-92.1.32.el5.ia64.rpm kernel-headers-2.6.18-92.1.32.el5.ia64.rpm kernel-xen-2.6.18-92.1.32.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.32.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.32.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.32.el5.noarch.rpm ppc: kernel-2.6.18-92.1.32.el5.ppc64.rpm kernel-debug-2.6.18-92.1.32.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.32.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.ppc64.rpm kernel-devel-2.6.18-92.1.32.el5.ppc64.rpm kernel-headers-2.6.18-92.1.32.el5.ppc.rpm kernel-headers-2.6.18-92.1.32.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.32.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.32.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.32.el5.s390x.rpm kernel-debug-2.6.18-92.1.32.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.32.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.32.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.s390x.rpm kernel-devel-2.6.18-92.1.32.el5.s390x.rpm kernel-headers-2.6.18-92.1.32.el5.s390x.rpm kernel-kdump-2.6.18-92.1.32.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.32.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.32.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.32.el5.x86_64.rpm kernel-debug-2.6.18-92.1.32.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.32.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.x86_64.rpm kernel-devel-2.6.18-92.1.32.el5.x86_64.rpm kernel-headers-2.6.18-92.1.32.el5.x86_64.rpm kernel-xen-2.6.18-92.1.32.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.32.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2695.html https://www.redhat.com/security/data/cve/CVE-2009-3547.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-20481 http://kbase.redhat.com/faq/docs/DOC-18042 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLJ8nSXlSAg2UNWIIRAuGnAJ9efdo7qm9BIyy6BShaIuL/xM/gYQCgmi+Q lJzYPF4hmKplmx4ibhEhB4Y= =Q//E -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 16 05:06:56 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Dec 2009 00:06:56 -0500 Subject: [RHSA-2009:1673-01] Critical: seamonkey security update Message-ID: <200912160506.nBG56uSs028977@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2009:1673-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1673.html Issue date: 2009-12-15 CVE Names: CVE-2009-3979 CVE-2009-3983 CVE-2009-3984 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983) A flaw was found in the way SeaMonkey displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. (CVE-2009-3984) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 546694 - CVE-2009-3979 Mozilla crash with evidence of memory corruption 546720 - CVE-2009-3983 Mozilla NTLM reflection vulnerability 546722 - CVE-2009-3984 Mozilla SSL spoofing with document.location and empty SSL response page 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.48.el3.src.rpm i386: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-chat-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-devel-1.0.9-0.48.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.48.el3.i386.rpm seamonkey-mail-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.48.el3.i386.rpm ia64: seamonkey-1.0.9-0.48.el3.ia64.rpm seamonkey-chat-1.0.9-0.48.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.ia64.rpm seamonkey-devel-1.0.9-0.48.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.48.el3.ia64.rpm seamonkey-mail-1.0.9-0.48.el3.ia64.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.ia64.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.48.el3.ia64.rpm ppc: seamonkey-1.0.9-0.48.el3.ppc.rpm seamonkey-chat-1.0.9-0.48.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.48.el3.ppc.rpm seamonkey-devel-1.0.9-0.48.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.48.el3.ppc.rpm seamonkey-mail-1.0.9-0.48.el3.ppc.rpm seamonkey-nspr-1.0.9-0.48.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.ppc.rpm seamonkey-nss-1.0.9-0.48.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.48.el3.ppc.rpm s390: seamonkey-1.0.9-0.48.el3.s390.rpm seamonkey-chat-1.0.9-0.48.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.48.el3.s390.rpm seamonkey-devel-1.0.9-0.48.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.48.el3.s390.rpm seamonkey-mail-1.0.9-0.48.el3.s390.rpm seamonkey-nspr-1.0.9-0.48.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.s390.rpm seamonkey-nss-1.0.9-0.48.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.48.el3.s390.rpm s390x: seamonkey-1.0.9-0.48.el3.s390x.rpm seamonkey-chat-1.0.9-0.48.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.48.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.48.el3.s390x.rpm seamonkey-devel-1.0.9-0.48.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.48.el3.s390x.rpm seamonkey-mail-1.0.9-0.48.el3.s390x.rpm seamonkey-nspr-1.0.9-0.48.el3.s390.rpm seamonkey-nspr-1.0.9-0.48.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.s390x.rpm seamonkey-nss-1.0.9-0.48.el3.s390.rpm seamonkey-nss-1.0.9-0.48.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.48.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-1.0.9-0.48.el3.x86_64.rpm seamonkey-chat-1.0.9-0.48.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.x86_64.rpm seamonkey-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.48.el3.x86_64.rpm seamonkey-mail-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.48.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.48.el3.src.rpm i386: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-chat-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-devel-1.0.9-0.48.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.48.el3.i386.rpm seamonkey-mail-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.48.el3.i386.rpm x86_64: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-1.0.9-0.48.el3.x86_64.rpm seamonkey-chat-1.0.9-0.48.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.x86_64.rpm seamonkey-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.48.el3.x86_64.rpm seamonkey-mail-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.48.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.48.el3.src.rpm i386: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-chat-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-devel-1.0.9-0.48.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.48.el3.i386.rpm seamonkey-mail-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.48.el3.i386.rpm ia64: seamonkey-1.0.9-0.48.el3.ia64.rpm seamonkey-chat-1.0.9-0.48.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.ia64.rpm seamonkey-devel-1.0.9-0.48.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.48.el3.ia64.rpm seamonkey-mail-1.0.9-0.48.el3.ia64.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.ia64.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.48.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-1.0.9-0.48.el3.x86_64.rpm seamonkey-chat-1.0.9-0.48.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.x86_64.rpm seamonkey-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.48.el3.x86_64.rpm seamonkey-mail-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.48.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.48.el3.src.rpm i386: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-chat-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-devel-1.0.9-0.48.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.48.el3.i386.rpm seamonkey-mail-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.48.el3.i386.rpm ia64: seamonkey-1.0.9-0.48.el3.ia64.rpm seamonkey-chat-1.0.9-0.48.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.ia64.rpm seamonkey-devel-1.0.9-0.48.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.48.el3.ia64.rpm seamonkey-mail-1.0.9-0.48.el3.ia64.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.ia64.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.48.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.48.el3.i386.rpm seamonkey-1.0.9-0.48.el3.x86_64.rpm seamonkey-chat-1.0.9-0.48.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.48.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.48.el3.x86_64.rpm seamonkey-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.48.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.48.el3.x86_64.rpm seamonkey-mail-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.48.el3.i386.rpm seamonkey-nspr-1.0.9-0.48.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-1.0.9-0.48.el3.i386.rpm seamonkey-nss-1.0.9-0.48.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.48.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-51.el4_8.src.rpm i386: seamonkey-1.0.9-51.el4_8.i386.rpm seamonkey-chat-1.0.9-51.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-51.el4_8.i386.rpm seamonkey-devel-1.0.9-51.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-51.el4_8.i386.rpm seamonkey-mail-1.0.9-51.el4_8.i386.rpm ia64: seamonkey-1.0.9-51.el4_8.ia64.rpm seamonkey-chat-1.0.9-51.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-51.el4_8.ia64.rpm seamonkey-devel-1.0.9-51.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-51.el4_8.ia64.rpm seamonkey-mail-1.0.9-51.el4_8.ia64.rpm ppc: seamonkey-1.0.9-51.el4_8.ppc.rpm seamonkey-chat-1.0.9-51.el4_8.ppc.rpm seamonkey-debuginfo-1.0.9-51.el4_8.ppc.rpm seamonkey-devel-1.0.9-51.el4_8.ppc.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.ppc.rpm seamonkey-js-debugger-1.0.9-51.el4_8.ppc.rpm seamonkey-mail-1.0.9-51.el4_8.ppc.rpm s390: seamonkey-1.0.9-51.el4_8.s390.rpm seamonkey-chat-1.0.9-51.el4_8.s390.rpm seamonkey-debuginfo-1.0.9-51.el4_8.s390.rpm seamonkey-devel-1.0.9-51.el4_8.s390.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.s390.rpm seamonkey-js-debugger-1.0.9-51.el4_8.s390.rpm seamonkey-mail-1.0.9-51.el4_8.s390.rpm s390x: seamonkey-1.0.9-51.el4_8.s390x.rpm seamonkey-chat-1.0.9-51.el4_8.s390x.rpm seamonkey-debuginfo-1.0.9-51.el4_8.s390x.rpm seamonkey-devel-1.0.9-51.el4_8.s390x.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.s390x.rpm seamonkey-js-debugger-1.0.9-51.el4_8.s390x.rpm seamonkey-mail-1.0.9-51.el4_8.s390x.rpm x86_64: seamonkey-1.0.9-51.el4_8.x86_64.rpm seamonkey-chat-1.0.9-51.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-51.el4_8.x86_64.rpm seamonkey-devel-1.0.9-51.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-51.el4_8.x86_64.rpm seamonkey-mail-1.0.9-51.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-51.el4_8.src.rpm i386: seamonkey-1.0.9-51.el4_8.i386.rpm seamonkey-chat-1.0.9-51.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-51.el4_8.i386.rpm seamonkey-devel-1.0.9-51.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-51.el4_8.i386.rpm seamonkey-mail-1.0.9-51.el4_8.i386.rpm x86_64: seamonkey-1.0.9-51.el4_8.x86_64.rpm seamonkey-chat-1.0.9-51.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-51.el4_8.x86_64.rpm seamonkey-devel-1.0.9-51.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-51.el4_8.x86_64.rpm seamonkey-mail-1.0.9-51.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-51.el4_8.src.rpm i386: seamonkey-1.0.9-51.el4_8.i386.rpm seamonkey-chat-1.0.9-51.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-51.el4_8.i386.rpm seamonkey-devel-1.0.9-51.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-51.el4_8.i386.rpm seamonkey-mail-1.0.9-51.el4_8.i386.rpm ia64: seamonkey-1.0.9-51.el4_8.ia64.rpm seamonkey-chat-1.0.9-51.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-51.el4_8.ia64.rpm seamonkey-devel-1.0.9-51.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-51.el4_8.ia64.rpm seamonkey-mail-1.0.9-51.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-51.el4_8.x86_64.rpm seamonkey-chat-1.0.9-51.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-51.el4_8.x86_64.rpm seamonkey-devel-1.0.9-51.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-51.el4_8.x86_64.rpm seamonkey-mail-1.0.9-51.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-51.el4_8.src.rpm i386: seamonkey-1.0.9-51.el4_8.i386.rpm seamonkey-chat-1.0.9-51.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-51.el4_8.i386.rpm seamonkey-devel-1.0.9-51.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-51.el4_8.i386.rpm seamonkey-mail-1.0.9-51.el4_8.i386.rpm ia64: seamonkey-1.0.9-51.el4_8.ia64.rpm seamonkey-chat-1.0.9-51.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-51.el4_8.ia64.rpm seamonkey-devel-1.0.9-51.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-51.el4_8.ia64.rpm seamonkey-mail-1.0.9-51.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-51.el4_8.x86_64.rpm seamonkey-chat-1.0.9-51.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-51.el4_8.x86_64.rpm seamonkey-devel-1.0.9-51.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-51.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-51.el4_8.x86_64.rpm seamonkey-mail-1.0.9-51.el4_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3979.html https://www.redhat.com/security/data/cve/CVE-2009-3983.html https://www.redhat.com/security/data/cve/CVE-2009-3984.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFLKGrYXlSAg2UNWIIRAgmJAJjPESfhEqGQrR3YruSRBcyM8oHfAKCIdmSf ZhGjLFUfwWos9+zIqsQ5Qg== =XIt9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 16 05:07:42 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Dec 2009 00:07:42 -0500 Subject: [RHSA-2009:1674-01] Critical: firefox security update Message-ID: <200912160507.nBG57gGD015441@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2009:1674-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1674.html Issue date: 2009-12-16 CVE Names: CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983) A flaw was found in the way Firefox displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. (CVE-2009-3984) A flaw was found in the way Firefox displayed blank pages after a user navigates to an invalid address. If a user visits an attacker-controlled web page that results in a blank page, the attacker could inject content into that blank page, possibly tricking the user into believing they are viewing a legitimate page. (CVE-2009-3985) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.16. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.16, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 546694 - CVE-2009-3979 Mozilla crash with evidence of memory corruption 546713 - CVE-2009-3981 Mozilla crashes with evidence of memory corruption 546720 - CVE-2009-3983 Mozilla NTLM reflection vulnerability 546722 - CVE-2009-3984 Mozilla SSL spoofing with document.location and empty SSL response page 546724 - CVE-2009-3986 Mozilla Chrome privilege escalation via window.opener 546726 - CVE-2009-3985 Mozilla URL spoofing via invalid document.location 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.16-4.el4.src.rpm i386: firefox-3.0.16-4.el4.i386.rpm firefox-debuginfo-3.0.16-4.el4.i386.rpm ia64: firefox-3.0.16-4.el4.ia64.rpm firefox-debuginfo-3.0.16-4.el4.ia64.rpm ppc: firefox-3.0.16-4.el4.ppc.rpm firefox-debuginfo-3.0.16-4.el4.ppc.rpm s390: firefox-3.0.16-4.el4.s390.rpm firefox-debuginfo-3.0.16-4.el4.s390.rpm s390x: firefox-3.0.16-4.el4.s390x.rpm firefox-debuginfo-3.0.16-4.el4.s390x.rpm x86_64: firefox-3.0.16-4.el4.x86_64.rpm firefox-debuginfo-3.0.16-4.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.16-4.el4.src.rpm i386: firefox-3.0.16-4.el4.i386.rpm firefox-debuginfo-3.0.16-4.el4.i386.rpm x86_64: firefox-3.0.16-4.el4.x86_64.rpm firefox-debuginfo-3.0.16-4.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.16-4.el4.src.rpm i386: firefox-3.0.16-4.el4.i386.rpm firefox-debuginfo-3.0.16-4.el4.i386.rpm ia64: firefox-3.0.16-4.el4.ia64.rpm firefox-debuginfo-3.0.16-4.el4.ia64.rpm x86_64: firefox-3.0.16-4.el4.x86_64.rpm firefox-debuginfo-3.0.16-4.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.16-4.el4.src.rpm i386: firefox-3.0.16-4.el4.i386.rpm firefox-debuginfo-3.0.16-4.el4.i386.rpm ia64: firefox-3.0.16-4.el4.ia64.rpm firefox-debuginfo-3.0.16-4.el4.ia64.rpm x86_64: firefox-3.0.16-4.el4.x86_64.rpm firefox-debuginfo-3.0.16-4.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.16-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.16-2.el5_4.src.rpm i386: firefox-3.0.16-1.el5_4.i386.rpm firefox-debuginfo-3.0.16-1.el5_4.i386.rpm xulrunner-1.9.0.16-2.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.i386.rpm x86_64: firefox-3.0.16-1.el5_4.i386.rpm firefox-3.0.16-1.el5_4.x86_64.rpm firefox-debuginfo-3.0.16-1.el5_4.i386.rpm firefox-debuginfo-3.0.16-1.el5_4.x86_64.rpm xulrunner-1.9.0.16-2.el5_4.i386.rpm xulrunner-1.9.0.16-2.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.16-2.el5_4.src.rpm i386: xulrunner-debuginfo-1.9.0.16-2.el5_4.i386.rpm xulrunner-devel-1.9.0.16-2.el5_4.i386.rpm xulrunner-devel-unstable-1.9.0.16-2.el5_4.i386.rpm x86_64: xulrunner-debuginfo-1.9.0.16-2.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.x86_64.rpm xulrunner-devel-1.9.0.16-2.el5_4.i386.rpm xulrunner-devel-1.9.0.16-2.el5_4.x86_64.rpm xulrunner-devel-unstable-1.9.0.16-2.el5_4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.16-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.16-2.el5_4.src.rpm i386: firefox-3.0.16-1.el5_4.i386.rpm firefox-debuginfo-3.0.16-1.el5_4.i386.rpm xulrunner-1.9.0.16-2.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.i386.rpm xulrunner-devel-1.9.0.16-2.el5_4.i386.rpm xulrunner-devel-unstable-1.9.0.16-2.el5_4.i386.rpm ia64: firefox-3.0.16-1.el5_4.ia64.rpm firefox-debuginfo-3.0.16-1.el5_4.ia64.rpm xulrunner-1.9.0.16-2.el5_4.ia64.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.ia64.rpm xulrunner-devel-1.9.0.16-2.el5_4.ia64.rpm xulrunner-devel-unstable-1.9.0.16-2.el5_4.ia64.rpm ppc: firefox-3.0.16-1.el5_4.ppc.rpm firefox-debuginfo-3.0.16-1.el5_4.ppc.rpm xulrunner-1.9.0.16-2.el5_4.ppc.rpm xulrunner-1.9.0.16-2.el5_4.ppc64.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.ppc.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.ppc64.rpm xulrunner-devel-1.9.0.16-2.el5_4.ppc.rpm xulrunner-devel-1.9.0.16-2.el5_4.ppc64.rpm xulrunner-devel-unstable-1.9.0.16-2.el5_4.ppc.rpm s390x: firefox-3.0.16-1.el5_4.s390.rpm firefox-3.0.16-1.el5_4.s390x.rpm firefox-debuginfo-3.0.16-1.el5_4.s390.rpm firefox-debuginfo-3.0.16-1.el5_4.s390x.rpm xulrunner-1.9.0.16-2.el5_4.s390.rpm xulrunner-1.9.0.16-2.el5_4.s390x.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.s390.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.s390x.rpm xulrunner-devel-1.9.0.16-2.el5_4.s390.rpm xulrunner-devel-1.9.0.16-2.el5_4.s390x.rpm xulrunner-devel-unstable-1.9.0.16-2.el5_4.s390x.rpm x86_64: firefox-3.0.16-1.el5_4.i386.rpm firefox-3.0.16-1.el5_4.x86_64.rpm firefox-debuginfo-3.0.16-1.el5_4.i386.rpm firefox-debuginfo-3.0.16-1.el5_4.x86_64.rpm xulrunner-1.9.0.16-2.el5_4.i386.rpm xulrunner-1.9.0.16-2.el5_4.x86_64.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.i386.rpm xulrunner-debuginfo-1.9.0.16-2.el5_4.x86_64.rpm xulrunner-devel-1.9.0.16-2.el5_4.i386.rpm xulrunner-devel-1.9.0.16-2.el5_4.x86_64.rpm xulrunner-devel-unstable-1.9.0.16-2.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3979.html https://www.redhat.com/security/data/cve/CVE-2009-3981.html https://www.redhat.com/security/data/cve/CVE-2009-3983.html https://www.redhat.com/security/data/cve/CVE-2009-3984.html https://www.redhat.com/security/data/cve/CVE-2009-3985.html https://www.redhat.com/security/data/cve/CVE-2009-3986.html http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.16 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLKGr1XlSAg2UNWIIRAthSAKCFn0uibSkx6OM1uMNlV3Urhe5qzACgrIaY fmEkzfywNb8lkrj9MixyWsU= =2qQs -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 16 10:58:31 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Dec 2009 05:58:31 -0500 Subject: [RHSA-2009:1680-01] Important: xpdf security update Message-ID: <200912161058.nBGAwVRk026544@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xpdf security update Advisory ID: RHSA-2009:1680-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1680.html Issue date: 2009-12-16 CVE Names: CVE-2009-4035 ===================================================================== 1. Summary: An updated xpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in Xpdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause Xpdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-23.el4_8.1.src.rpm i386: xpdf-3.00-23.el4_8.1.i386.rpm xpdf-debuginfo-3.00-23.el4_8.1.i386.rpm ia64: xpdf-3.00-23.el4_8.1.ia64.rpm xpdf-debuginfo-3.00-23.el4_8.1.ia64.rpm ppc: xpdf-3.00-23.el4_8.1.ppc.rpm xpdf-debuginfo-3.00-23.el4_8.1.ppc.rpm s390: xpdf-3.00-23.el4_8.1.s390.rpm xpdf-debuginfo-3.00-23.el4_8.1.s390.rpm s390x: xpdf-3.00-23.el4_8.1.s390x.rpm xpdf-debuginfo-3.00-23.el4_8.1.s390x.rpm x86_64: xpdf-3.00-23.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-23.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-23.el4_8.1.src.rpm i386: xpdf-3.00-23.el4_8.1.i386.rpm xpdf-debuginfo-3.00-23.el4_8.1.i386.rpm x86_64: xpdf-3.00-23.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-23.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-23.el4_8.1.src.rpm i386: xpdf-3.00-23.el4_8.1.i386.rpm xpdf-debuginfo-3.00-23.el4_8.1.i386.rpm ia64: xpdf-3.00-23.el4_8.1.ia64.rpm xpdf-debuginfo-3.00-23.el4_8.1.ia64.rpm x86_64: xpdf-3.00-23.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-23.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-23.el4_8.1.src.rpm i386: xpdf-3.00-23.el4_8.1.i386.rpm xpdf-debuginfo-3.00-23.el4_8.1.i386.rpm ia64: xpdf-3.00-23.el4_8.1.ia64.rpm xpdf-debuginfo-3.00-23.el4_8.1.ia64.rpm x86_64: xpdf-3.00-23.el4_8.1.x86_64.rpm xpdf-debuginfo-3.00-23.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4035.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLKL0/XlSAg2UNWIIRAi4qAJ9G3GwPGe/Q70CarwQcr1JmTn2sJACfTj1Y jYJGNmq7+zhqqFjIOXMJsKU= =mL96 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 16 10:58:54 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Dec 2009 05:58:54 -0500 Subject: [RHSA-2009:1681-01] Important: gpdf security update Message-ID: <200912161058.nBGAwsMV012383@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2009:1681-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1681.html Issue date: 2009-12-16 CVE Names: CVE-2009-4035 ===================================================================== 1. Summary: An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GPdf is a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.6.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm ppc: gpdf-2.8.2-7.7.2.el4_8.6.ppc.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ppc.rpm s390: gpdf-2.8.2-7.7.2.el4_8.6.s390.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390.rpm s390x: gpdf-2.8.2-7.7.2.el4_8.6.s390x.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.s390x.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.6.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.6.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-7.7.2.el4_8.6.src.rpm i386: gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.i386.rpm ia64: gpdf-2.8.2-7.7.2.el4_8.6.ia64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.ia64.rpm x86_64: gpdf-2.8.2-7.7.2.el4_8.6.x86_64.rpm gpdf-debuginfo-2.8.2-7.7.2.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4035.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLKL1cXlSAg2UNWIIRApANAJ411H/LXKL/TTaoGQv2EzoU7rS/EQCgoDHj 7dNHUtI2KUlKcN9TG/Hbi5E= =9A3E -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 16 10:59:16 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Dec 2009 05:59:16 -0500 Subject: [RHSA-2009:1682-01] Important: kdegraphics security update Message-ID: <200912161059.nBGAxGxu028408@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2009:1682-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1682.html Issue date: 2009-12-16 CVE Names: CVE-2009-4035 ===================================================================== 1. Summary: Updated kdegraphics packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in KPDF's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause KPDF to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 541614 - CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-17.el4_8.1.src.rpm i386: kdegraphics-3.3.1-17.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-17.el4_8.1.i386.rpm ia64: kdegraphics-3.3.1-17.el4_8.1.ia64.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.ia64.rpm kdegraphics-devel-3.3.1-17.el4_8.1.ia64.rpm ppc: kdegraphics-3.3.1-17.el4_8.1.ppc.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.ppc.rpm kdegraphics-devel-3.3.1-17.el4_8.1.ppc.rpm s390: kdegraphics-3.3.1-17.el4_8.1.s390.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.s390.rpm kdegraphics-devel-3.3.1-17.el4_8.1.s390.rpm s390x: kdegraphics-3.3.1-17.el4_8.1.s390x.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.s390x.rpm kdegraphics-devel-3.3.1-17.el4_8.1.s390x.rpm x86_64: kdegraphics-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-17.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-17.el4_8.1.src.rpm i386: kdegraphics-3.3.1-17.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-17.el4_8.1.i386.rpm x86_64: kdegraphics-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-17.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-17.el4_8.1.src.rpm i386: kdegraphics-3.3.1-17.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-17.el4_8.1.i386.rpm ia64: kdegraphics-3.3.1-17.el4_8.1.ia64.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.ia64.rpm kdegraphics-devel-3.3.1-17.el4_8.1.ia64.rpm x86_64: kdegraphics-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-17.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-17.el4_8.1.src.rpm i386: kdegraphics-3.3.1-17.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-17.el4_8.1.i386.rpm ia64: kdegraphics-3.3.1-17.el4_8.1.ia64.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.ia64.rpm kdegraphics-devel-3.3.1-17.el4_8.1.ia64.rpm x86_64: kdegraphics-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-17.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-17.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4035.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLKL1yXlSAg2UNWIIRAmJPAJ9k+u08GsYMCoBLH7pTo/zPdd+NTwCfZ91i UK+AP2K8HSHWAC1hcai7pUI= =zHfz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 22 01:31:24 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Dec 2009 20:31:24 -0500 Subject: [RHSA-2009:1688-01] Moderate: condor security update Message-ID: <200912220131.nBM1VOdc031261@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: condor security update Advisory ID: RHSA-2009:1688-01 Product: Red Hat Enterprise MRG for RHEL-4 Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1688.html Issue date: 2009-12-21 CVE Names: CVE-2009-4133 ===================================================================== 1. Summary: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 1.2 for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat MRG Grid Execute Node for RHEL-4 AS - i386, x86_64 Red Hat MRG Grid Execute Node for RHEL-4 ES - i386, x86_64 Red Hat MRG Grid for RHEL-4 AS - i386, x86_64 Red Hat MRG Grid for RHEL-4 ES - i386, x86_64 3. Description: Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor managed jobs. This could allow a user that is authorized to submit jobs into Condor to queue a job as if it were submitted by a different local user, potentially leading to unauthorized access to that user's account. (CVE-2009-4133) Note: Condor will not run jobs as root; therefore, this flaw cannot lead to a compromise of the root user account. All Red Hat Enterprise MRG 1.2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Condor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 544371 - CVE-2009-4133 Condor: queue super user cannot drop privs 6. Package List: Red Hat MRG Grid for RHEL-4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/condor-7.4.1-0.7.1.el4.src.rpm i386: condor-7.4.1-0.7.1.el4.i386.rpm condor-debuginfo-7.4.1-0.7.1.el4.i386.rpm condor-kbdd-7.4.1-0.7.1.el4.i386.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.i386.rpm x86_64: condor-7.4.1-0.7.1.el4.x86_64.rpm condor-debuginfo-7.4.1-0.7.1.el4.x86_64.rpm condor-kbdd-7.4.1-0.7.1.el4.x86_64.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.x86_64.rpm Red Hat MRG Grid Execute Node for RHEL-4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/condor-7.4.1-0.7.1.el4.src.rpm i386: condor-7.4.1-0.7.1.el4.i386.rpm condor-debuginfo-7.4.1-0.7.1.el4.i386.rpm condor-kbdd-7.4.1-0.7.1.el4.i386.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.i386.rpm x86_64: condor-7.4.1-0.7.1.el4.x86_64.rpm condor-debuginfo-7.4.1-0.7.1.el4.x86_64.rpm condor-kbdd-7.4.1-0.7.1.el4.x86_64.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.x86_64.rpm Red Hat MRG Grid for RHEL-4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/condor-7.4.1-0.7.1.el4.src.rpm i386: condor-7.4.1-0.7.1.el4.i386.rpm condor-debuginfo-7.4.1-0.7.1.el4.i386.rpm condor-kbdd-7.4.1-0.7.1.el4.i386.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.i386.rpm x86_64: condor-7.4.1-0.7.1.el4.x86_64.rpm condor-debuginfo-7.4.1-0.7.1.el4.x86_64.rpm condor-kbdd-7.4.1-0.7.1.el4.x86_64.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.x86_64.rpm Red Hat MRG Grid Execute Node for RHEL-4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/condor-7.4.1-0.7.1.el4.src.rpm i386: condor-7.4.1-0.7.1.el4.i386.rpm condor-debuginfo-7.4.1-0.7.1.el4.i386.rpm condor-kbdd-7.4.1-0.7.1.el4.i386.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.i386.rpm x86_64: condor-7.4.1-0.7.1.el4.x86_64.rpm condor-debuginfo-7.4.1-0.7.1.el4.x86_64.rpm condor-kbdd-7.4.1-0.7.1.el4.x86_64.rpm condor-qmf-plugins-7.4.1-0.7.1.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4133.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLMCFfXlSAg2UNWIIRAuwDAKCe2OOpYcfYIfTfh9uNfUEVyrTsqwCfVTQr WTzzlp7oRJS2O1/1OKdBGKI= =omZK -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 22 01:31:58 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Dec 2009 20:31:58 -0500 Subject: [RHSA-2009:1689-01] Moderate: condor security update Message-ID: <200912220131.nBM1Vw7Y031324@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: condor security update Advisory ID: RHSA-2009:1689-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1689.html Issue date: 2009-12-21 CVE Names: CVE-2009-4133 ===================================================================== 1. Summary: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 1.2 for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server - i386, x86_64 MRG Grid for RHEL 5 Server - i386, x86_64 3. Description: Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor managed jobs. This could allow a user that is authorized to submit jobs into Condor to queue a job as if it were submitted by a different local user, potentially leading to unauthorized access to that user's account. (CVE-2009-4133) Note: Condor will not run jobs as root; therefore, this flaw cannot lead to a compromise of the root user account. All Red Hat Enterprise MRG 1.2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Condor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 544371 - CVE-2009-4133 Condor: queue super user cannot drop privs 6. Package List: MRG Grid for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.4.1-0.7.1.el5.src.rpm i386: condor-7.4.1-0.7.1.el5.i386.rpm condor-debuginfo-7.4.1-0.7.1.el5.i386.rpm condor-kbdd-7.4.1-0.7.1.el5.i386.rpm condor-qmf-plugins-7.4.1-0.7.1.el5.i386.rpm condor-vm-gahp-7.4.1-0.7.1.el5.i386.rpm x86_64: condor-7.4.1-0.7.1.el5.x86_64.rpm condor-debuginfo-7.4.1-0.7.1.el5.x86_64.rpm condor-kbdd-7.4.1-0.7.1.el5.x86_64.rpm condor-qmf-plugins-7.4.1-0.7.1.el5.x86_64.rpm condor-vm-gahp-7.4.1-0.7.1.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.4.1-0.7.1.el5.src.rpm i386: condor-7.4.1-0.7.1.el5.i386.rpm condor-debuginfo-7.4.1-0.7.1.el5.i386.rpm condor-kbdd-7.4.1-0.7.1.el5.i386.rpm condor-qmf-plugins-7.4.1-0.7.1.el5.i386.rpm condor-vm-gahp-7.4.1-0.7.1.el5.i386.rpm x86_64: condor-7.4.1-0.7.1.el5.x86_64.rpm condor-debuginfo-7.4.1-0.7.1.el5.x86_64.rpm condor-kbdd-7.4.1-0.7.1.el5.x86_64.rpm condor-qmf-plugins-7.4.1-0.7.1.el5.x86_64.rpm condor-vm-gahp-7.4.1-0.7.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4133.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLMCFwXlSAg2UNWIIRApA3AJ9tWkB/2a6JwDHAQI/aNlH2Lo7wIQCfUC8r 0+i6toDToRs1G8tJh+9bQbM= =myIi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 23 17:39:07 2009 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Dec 2009 12:39:07 -0500 Subject: [RHSA-2009:1694-01] Critical: java-1.6.0-ibm security update Message-ID: <200912231739.nBNHd7d1024366@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2009:1694-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1694.html Issue date: 2009-12-23 CVE Names: CVE-2009-0217 CVE-2009-3865 CVE-2009-3866 CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR7 Java release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 511915 - CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass 530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) 530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) 530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) 530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) 530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) 532906 - CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) 533211 - CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752) 533212 - CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824) 533214 - CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) 533215 - CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.i386.rpm ppc: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.ppc64.rpm s390: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.s390.rpm s390x: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.3.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.s390.rpm java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.7-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.7-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.7-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-0217.html https://www.redhat.com/security/data/cve/CVE-2009-3865.html https://www.redhat.com/security/data/cve/CVE-2009-3866.html https://www.redhat.com/security/data/cve/CVE-2009-3867.html https://www.redhat.com/security/data/cve/CVE-2009-3868.html https://www.redhat.com/security/data/cve/CVE-2009-3869.html https://www.redhat.com/security/data/cve/CVE-2009-3871.html https://www.redhat.com/security/data/cve/CVE-2009-3872.html https://www.redhat.com/security/data/cve/CVE-2009-3873.html https://www.redhat.com/security/data/cve/CVE-2009-3874.html https://www.redhat.com/security/data/cve/CVE-2009-3875.html https://www.redhat.com/security/data/cve/CVE-2009-3876.html https://www.redhat.com/security/data/cve/CVE-2009-3877.html http://www.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLMlWtXlSAg2UNWIIRAjRCAJ9ClrIZ6SzHiKuWeHRwSjDPZ4NlNgCeJIZx cOw7Er8VmTl5FL2PBh2SflM= =1lNP -----END PGP SIGNATURE-----