From bugzilla at redhat.com Wed Dec 1 22:31:02 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Dec 2010 15:31:02 -0700 Subject: [RHSA-2010:0934-01] Critical: acroread security update Message-ID: <201012012231.oB1MV2Ll013000@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2010:0934-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0934.html Issue date: 2010-12-01 CVE Names: CVE-2010-3654 CVE-2010-4091 ===================================================================== 1. Summary: Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - x86_64 Red Hat Enterprise Linux AS version 4 Extras - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes two vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB10-28, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-3654, CVE-2010-4091) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.1, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 647525 - CVE-2010-3654 acroread/flash-plugin: critical vulnerablility (APSA10-05, APSB10-26) 651133 - CVE-2010-4091 acroread: remote DoS or possible arbitrary code execution via EScript.api plugin 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: x86_64: acroread-9.4.1-1.el4.i386.rpm Red Hat Desktop version 4 Extras: x86_64: acroread-9.4.1-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: x86_64: acroread-9.4.1-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: x86_64: acroread-9.4.1-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: acroread-9.4.1-1.el5.i386.rpm acroread-plugin-9.4.1-1.el5.i386.rpm x86_64: acroread-9.4.1-1.el5.i386.rpm acroread-plugin-9.4.1-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: acroread-9.4.1-1.el5.i386.rpm acroread-plugin-9.4.1-1.el5.i386.rpm x86_64: acroread-9.4.1-1.el5.i386.rpm acroread-plugin-9.4.1-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.1-1.el6.i686.rpm acroread-plugin-9.4.1-1.el6.i686.rpm x86_64: acroread-9.4.1-1.el6.i686.rpm acroread-plugin-9.4.1-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.1-1.el6.i686.rpm acroread-plugin-9.4.1-1.el6.i686.rpm x86_64: acroread-9.4.1-1.el6.i686.rpm acroread-plugin-9.4.1-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.1-1.el6.i686.rpm acroread-plugin-9.4.1-1.el6.i686.rpm x86_64: acroread-9.4.1-1.el6.i686.rpm acroread-plugin-9.4.1-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3654.html https://www.redhat.com/security/data/cve/CVE-2010-4091.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-28.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9syXXlSAg2UNWIIRAnloAJ9DN6v8UQKsBQ5EEfrMC4rb+zJbIwCfVyPA 3FQyYWcmbZ2ULjCk+vJnS4Y= =3cTK -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 1 22:32:05 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Dec 2010 15:32:05 -0700 Subject: [RHSA-2010:0935-01] Moderate: java-1.4.2-ibm security update Message-ID: <201012012232.oB1MW5G4022468@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.4.2-ibm security update Advisory ID: RHSA-2010:0935-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0935.html Issue date: 2010-12-01 CVE Names: CVE-2010-1321 CVE-2010-3574 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP7 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-1321, CVE-2010-3574) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP7 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.7-1jpp.3.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.7-1jpp.3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1321.html https://www.redhat.com/security/data/cve/CVE-2010-3574.html http://www.redhat.com/security/updates/classification/#moderate http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9sy5XlSAg2UNWIIRAmPeAJwI7HwOHqKc3Xv/sN7cyZVaKOmghgCfYB0N FKN60J+hwS8nAqAo2bONdL8= =YKiN -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 1 22:32:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Dec 2010 15:32:57 -0700 Subject: [RHSA-2010:0936-01] Important: kernel security and bug fix update Message-ID: <201012012232.oB1MWv2d013553@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0936-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0936.html Issue date: 2010-12-01 CVE Names: CVE-2010-3432 CVE-2010-3442 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-3442. Bug fixes: * Forward time drift was observed on virtual machines using PM timer-based kernel tick accounting and running on KVM or the Microsoft Hyper-V Server hypervisor. Virtual machines that were booted with the divider=x kernel parameter set to a value greater than 1 and that showed the following in the kernel boot messages were subject to this issue: time.c: Using PM based timekeeping Fine grained accounting for the PM timer is introduced which eliminates this issue. However, this fix uncovered a bug in the Xen hypervisor, possibly causing backward time drift. If this erratum is installed in Xen HVM guests that meet the aforementioned conditions, it is recommended that the host use kernel-xen-2.6.18-194.26.1.el5 or newer, which includes a fix (BZ#641915) for the backward time drift. (BZ#629237) * With multipath enabled, systems would occasionally halt when the do_cciss_request function was used. This was caused by wrongly-generated requests. Additional checks have been added to avoid the aforementioned issue. (BZ#640193) * A Sun X4200 system equipped with a QLogic HBA spontaneously rebooted and logged a Hyper-Transport Sync Flood Error to the system event log. A Maximum Memory Read Byte Count restriction was added to fix this bug. (BZ#640919) * For an active/backup bonding network interface with VLANs on top of it, when a link failed over, it took a minute for the multicast domain to be rejoined. This was caused by the driver not sending any IGMP join packets. The driver now sends IGMP join packets and the multicast domain is rejoined immediately. (BZ#641002) * Replacing a disk and trying to rebuild it afterwards caused the system to panic. When a domain validation request for a hot plugged drive was sent, the mptscsi driver did not validate its existence. This could result in the driver accessing random memory and causing the crash. A check has been added that describes the newly-added device and reloads the iocPg3 data from the firmware if needed. (BZ#641137) * An attempt to create a VLAN interface on a bond of two bnx2 adapters in two switch configurations resulted in a soft lockup after a few seconds. This was caused by an incorrect use of a bonding pointer. With this update, soft lockups no longer occur and creating a VLAN interface works as expected. (BZ#641254) * Erroneous pointer checks could have caused a kernel panic. This was due to a critical value not being copied when a network buffer was duplicated and consumed by multiple portions of the kernel's network stack. Fixing the copy operation resolved this bug. (BZ#642746) * A typo in a variable name caused it to be dereferenced in either mkdir() or create() which could cause a kernel panic. (BZ#643342) * SCSI high level drivers can submit SCSI commands which would never be completed when the device was offline. This was caused by a missing callback for the request to complete the given command. SCSI requests are now terminated by calling their callback when a device is offline. (BZ#644816) * A kernel panic could have occurred on systems due to a recursive lock in the 3c59x driver. Recursion is now avoided and this kernel panic no longer occurs. (BZ#648407) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 629237 - time drift with VXTIME_PMTMR mode in case of early / short real ticks [rhel-4.8.z] 637675 - CVE-2010-3432 kernel: sctp: do not reset the packet during sctp_packet_config 638478 - CVE-2010-3442 kernel: prevent heap corruption in snd_ctl_new() 640193 - RHEL 4.8: With multipath enabled, system occasionally halts in do_cciss_request [rhel-4.8.z] 640919 - Work around HyperTransport Sync Flood Error on Sun X4200 with qla2xxx [rhel-4.8.z] 641002 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover [rhel-4.8.z] 641137 - mptbase: panic with domain validation while rebuilding after the disk is replaced. [rhel-4.8.z] 641254 - [RHEL4.8.z] soft lockup on vlan with bonding in balance-alb mode [rhel-4.8.z] 642746 - RHEL4.8 panic in netif_receive_skb [rhel-4.8.z] 643342 - kernel: security: testing the wrong variable in create_by_name() [rhel-4.9] [rhel-4.8.z] 644816 - scsi_do_req() submitted commands (tape) never complete when device goes offline [rhel-4.8.z] 648407 - Kernel panic due to recursive lock in 3c59x driver. [rhel-4.8.z] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm i386: kernel-2.6.9-89.33.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm kernel-devel-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm kernel-smp-2.6.9-89.33.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm ia64: kernel-2.6.9-89.33.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.ia64.rpm kernel-devel-2.6.9-89.33.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.33.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.33.1.EL.noarch.rpm ppc: kernel-2.6.9-89.33.1.EL.ppc64.rpm kernel-2.6.9-89.33.1.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.33.1.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.33.1.EL.ppc64.rpm kernel-devel-2.6.9-89.33.1.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.33.1.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.ppc64.rpm s390: kernel-2.6.9-89.33.1.EL.s390.rpm kernel-debuginfo-2.6.9-89.33.1.EL.s390.rpm kernel-devel-2.6.9-89.33.1.EL.s390.rpm s390x: kernel-2.6.9-89.33.1.EL.s390x.rpm kernel-debuginfo-2.6.9-89.33.1.EL.s390x.rpm kernel-devel-2.6.9-89.33.1.EL.s390x.rpm x86_64: kernel-2.6.9-89.33.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm i386: kernel-2.6.9-89.33.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm kernel-devel-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm kernel-smp-2.6.9-89.33.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm noarch: kernel-doc-2.6.9-89.33.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.33.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm i386: kernel-2.6.9-89.33.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm kernel-devel-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm kernel-smp-2.6.9-89.33.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm ia64: kernel-2.6.9-89.33.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.ia64.rpm kernel-devel-2.6.9-89.33.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.33.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.33.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.33.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm i386: kernel-2.6.9-89.33.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm kernel-devel-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm kernel-smp-2.6.9-89.33.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-2.6.9-89.33.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm ia64: kernel-2.6.9-89.33.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.ia64.rpm kernel-devel-2.6.9-89.33.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.33.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.33.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.33.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3432.html https://www.redhat.com/security/data/cve/CVE-2010-3442.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9sz7XlSAg2UNWIIRAlN/AKDDckY6bAV2xVqftkyW3ce3Jji7HwCfe4v/ 9igIjj4oLWSd48BT6LTuI5s= =WsSD -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 6 19:22:31 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 6 Dec 2010 12:22:31 -0700 Subject: [RHSA-2010:0898-01] Moderate: kvm security update Message-ID: <201012061922.oB6JMV0J025713@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kvm security update Advisory ID: RHSA-2010:0898-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0898.html Issue date: 2010-12-06 CVE Names: CVE-2010-3698 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to "/dev/kvm" could use this flaw to crash the host (denial of service). (CVE-2010-3698) All KVM users should upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 639879 - CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-164.el5_5.25.src.rpm x86_64: kmod-kvm-83-164.el5_5.25.x86_64.rpm kvm-83-164.el5_5.25.x86_64.rpm kvm-debuginfo-83-164.el5_5.25.x86_64.rpm kvm-qemu-img-83-164.el5_5.25.x86_64.rpm kvm-tools-83-164.el5_5.25.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-164.el5_5.25.src.rpm x86_64: kmod-kvm-83-164.el5_5.25.x86_64.rpm kvm-83-164.el5_5.25.x86_64.rpm kvm-debuginfo-83-164.el5_5.25.x86_64.rpm kvm-qemu-img-83-164.el5_5.25.x86_64.rpm kvm-tools-83-164.el5_5.25.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3698.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM/TfeXlSAg2UNWIIRAq/kAKCdP8/0m2O6wjNfu7GcY5RjT9OqyACgksCW DGFTL0BJqz7lhhLYNucODDA= =uxYW -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 6 19:23:58 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 6 Dec 2010 12:23:58 -0700 Subject: [RHSA-2010:0945-01] Moderate: quagga security update Message-ID: <201012061923.oB6JNx0x026027@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2010:0945-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0945.html Issue date: 2010-12-06 CVE Names: CVE-2010-2948 CVE-2010-2949 ===================================================================== 1. Summary: Updated quagga packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh (RR) messages. A configured BGP peer could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. (CVE-2010-2948) Note: On Red Hat Enterprise Linux 6 it is not possible to exploit CVE-2010-2948 to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon parsed the paths of autonomous systems (AS). A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-2949) Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 626783 - CVE-2010-2948 Quagga (bgpd): Stack buffer overflow by processing certain Route-Refresh messages 626795 - CVE-2010-2949 Quagga (bgpd): DoS (crash) while processing certain BGP update AS path messages 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-5.el6_0.1.src.rpm i386: quagga-0.99.15-5.el6_0.1.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm ppc64: quagga-0.99.15-5.el6_0.1.ppc64.rpm quagga-debuginfo-0.99.15-5.el6_0.1.ppc64.rpm s390x: quagga-0.99.15-5.el6_0.1.s390x.rpm quagga-debuginfo-0.99.15-5.el6_0.1.s390x.rpm x86_64: quagga-0.99.15-5.el6_0.1.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-5.el6_0.1.src.rpm i386: quagga-contrib-0.99.15-5.el6_0.1.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm quagga-devel-0.99.15-5.el6_0.1.i686.rpm ppc64: quagga-contrib-0.99.15-5.el6_0.1.ppc64.rpm quagga-debuginfo-0.99.15-5.el6_0.1.ppc.rpm quagga-debuginfo-0.99.15-5.el6_0.1.ppc64.rpm quagga-devel-0.99.15-5.el6_0.1.ppc.rpm quagga-devel-0.99.15-5.el6_0.1.ppc64.rpm s390x: quagga-contrib-0.99.15-5.el6_0.1.s390x.rpm quagga-debuginfo-0.99.15-5.el6_0.1.s390.rpm quagga-debuginfo-0.99.15-5.el6_0.1.s390x.rpm quagga-devel-0.99.15-5.el6_0.1.s390.rpm quagga-devel-0.99.15-5.el6_0.1.s390x.rpm x86_64: quagga-contrib-0.99.15-5.el6_0.1.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.1.x86_64.rpm quagga-devel-0.99.15-5.el6_0.1.i686.rpm quagga-devel-0.99.15-5.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-5.el6_0.1.src.rpm i386: quagga-0.99.15-5.el6_0.1.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm x86_64: quagga-0.99.15-5.el6_0.1.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-5.el6_0.1.src.rpm i386: quagga-contrib-0.99.15-5.el6_0.1.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm quagga-devel-0.99.15-5.el6_0.1.i686.rpm x86_64: quagga-contrib-0.99.15-5.el6_0.1.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.1.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.1.x86_64.rpm quagga-devel-0.99.15-5.el6_0.1.i686.rpm quagga-devel-0.99.15-5.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2948.html https://www.redhat.com/security/data/cve/CVE-2010-2949.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM/TgsXlSAg2UNWIIRAiy6AJ9aveL52mFJ4o+/pDS25NLZZMHaJACeNc9l 2KkGH/3JyLf/xQl8za3X/oc= =4KTX -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 8 00:28:20 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Dec 2010 17:28:20 -0700 Subject: [RHSA-2010:0950-01] Moderate: apr-util security update Message-ID: <201012080028.oB80SK9C009017@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: apr-util security update Advisory ID: RHSA-2010:0950-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0950.html Issue date: 2010-12-07 CVE Names: CVE-2010-1623 ===================================================================== 1. Summary: Updated apr-util packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) All apr-util users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr-util library, such as httpd, must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/apr-util-0.9.4-22.el4_8.3.src.rpm i386: apr-util-0.9.4-22.el4_8.3.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.i386.rpm apr-util-devel-0.9.4-22.el4_8.3.i386.rpm ia64: apr-util-0.9.4-22.el4_8.3.ia64.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.ia64.rpm apr-util-devel-0.9.4-22.el4_8.3.ia64.rpm ppc: apr-util-0.9.4-22.el4_8.3.ppc.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.ppc.rpm apr-util-devel-0.9.4-22.el4_8.3.ppc.rpm s390: apr-util-0.9.4-22.el4_8.3.s390.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.s390.rpm apr-util-devel-0.9.4-22.el4_8.3.s390.rpm s390x: apr-util-0.9.4-22.el4_8.3.s390x.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.s390x.rpm apr-util-devel-0.9.4-22.el4_8.3.s390x.rpm x86_64: apr-util-0.9.4-22.el4_8.3.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/apr-util-0.9.4-22.el4_8.3.src.rpm i386: apr-util-0.9.4-22.el4_8.3.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.i386.rpm apr-util-devel-0.9.4-22.el4_8.3.i386.rpm x86_64: apr-util-0.9.4-22.el4_8.3.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/apr-util-0.9.4-22.el4_8.3.src.rpm i386: apr-util-0.9.4-22.el4_8.3.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.i386.rpm apr-util-devel-0.9.4-22.el4_8.3.i386.rpm ia64: apr-util-0.9.4-22.el4_8.3.ia64.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.ia64.rpm apr-util-devel-0.9.4-22.el4_8.3.ia64.rpm x86_64: apr-util-0.9.4-22.el4_8.3.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/apr-util-0.9.4-22.el4_8.3.src.rpm i386: apr-util-0.9.4-22.el4_8.3.i386.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.i386.rpm apr-util-devel-0.9.4-22.el4_8.3.i386.rpm ia64: apr-util-0.9.4-22.el4_8.3.ia64.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.ia64.rpm apr-util-devel-0.9.4-22.el4_8.3.ia64.rpm x86_64: apr-util-0.9.4-22.el4_8.3.x86_64.rpm apr-util-debuginfo-0.9.4-22.el4_8.3.x86_64.rpm apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-util-1.2.7-11.el5_5.2.src.rpm i386: apr-util-1.2.7-11.el5_5.2.i386.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.i386.rpm apr-util-docs-1.2.7-11.el5_5.2.i386.rpm apr-util-mysql-1.2.7-11.el5_5.2.i386.rpm x86_64: apr-util-1.2.7-11.el5_5.2.i386.rpm apr-util-1.2.7-11.el5_5.2.x86_64.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.i386.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.x86_64.rpm apr-util-docs-1.2.7-11.el5_5.2.x86_64.rpm apr-util-mysql-1.2.7-11.el5_5.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-util-1.2.7-11.el5_5.2.src.rpm i386: apr-util-debuginfo-1.2.7-11.el5_5.2.i386.rpm apr-util-devel-1.2.7-11.el5_5.2.i386.rpm x86_64: apr-util-debuginfo-1.2.7-11.el5_5.2.i386.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.x86_64.rpm apr-util-devel-1.2.7-11.el5_5.2.i386.rpm apr-util-devel-1.2.7-11.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/apr-util-1.2.7-11.el5_5.2.src.rpm i386: apr-util-1.2.7-11.el5_5.2.i386.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.i386.rpm apr-util-devel-1.2.7-11.el5_5.2.i386.rpm apr-util-docs-1.2.7-11.el5_5.2.i386.rpm apr-util-mysql-1.2.7-11.el5_5.2.i386.rpm ia64: apr-util-1.2.7-11.el5_5.2.ia64.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.ia64.rpm apr-util-devel-1.2.7-11.el5_5.2.ia64.rpm apr-util-docs-1.2.7-11.el5_5.2.ia64.rpm apr-util-mysql-1.2.7-11.el5_5.2.ia64.rpm ppc: apr-util-1.2.7-11.el5_5.2.ppc.rpm apr-util-1.2.7-11.el5_5.2.ppc64.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.ppc.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.ppc64.rpm apr-util-devel-1.2.7-11.el5_5.2.ppc.rpm apr-util-devel-1.2.7-11.el5_5.2.ppc64.rpm apr-util-docs-1.2.7-11.el5_5.2.ppc.rpm apr-util-mysql-1.2.7-11.el5_5.2.ppc.rpm s390x: apr-util-1.2.7-11.el5_5.2.s390.rpm apr-util-1.2.7-11.el5_5.2.s390x.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.s390.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.s390x.rpm apr-util-devel-1.2.7-11.el5_5.2.s390.rpm apr-util-devel-1.2.7-11.el5_5.2.s390x.rpm apr-util-docs-1.2.7-11.el5_5.2.s390x.rpm apr-util-mysql-1.2.7-11.el5_5.2.s390x.rpm x86_64: apr-util-1.2.7-11.el5_5.2.i386.rpm apr-util-1.2.7-11.el5_5.2.x86_64.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.i386.rpm apr-util-debuginfo-1.2.7-11.el5_5.2.x86_64.rpm apr-util-devel-1.2.7-11.el5_5.2.i386.rpm apr-util-devel-1.2.7-11.el5_5.2.x86_64.rpm apr-util-docs-1.2.7-11.el5_5.2.x86_64.rpm apr-util-mysql-1.2.7-11.el5_5.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm i386: apr-util-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-ldap-1.3.9-3.el6_0.1.i686.rpm x86_64: apr-util-1.3.9-3.el6_0.1.i686.rpm apr-util-1.3.9-3.el6_0.1.x86_64.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm i386: apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-devel-1.3.9-3.el6_0.1.i686.rpm apr-util-mysql-1.3.9-3.el6_0.1.i686.rpm apr-util-odbc-1.3.9-3.el6_0.1.i686.rpm apr-util-pgsql-1.3.9-3.el6_0.1.i686.rpm apr-util-sqlite-1.3.9-3.el6_0.1.i686.rpm x86_64: apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-devel-1.3.9-3.el6_0.1.i686.rpm apr-util-devel-1.3.9-3.el6_0.1.x86_64.rpm apr-util-mysql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-odbc-1.3.9-3.el6_0.1.x86_64.rpm apr-util-pgsql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-sqlite-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm x86_64: apr-util-1.3.9-3.el6_0.1.i686.rpm apr-util-1.3.9-3.el6_0.1.x86_64.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm x86_64: apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-devel-1.3.9-3.el6_0.1.i686.rpm apr-util-devel-1.3.9-3.el6_0.1.x86_64.rpm apr-util-mysql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-odbc-1.3.9-3.el6_0.1.x86_64.rpm apr-util-pgsql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-sqlite-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm i386: apr-util-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-devel-1.3.9-3.el6_0.1.i686.rpm apr-util-ldap-1.3.9-3.el6_0.1.i686.rpm ppc64: apr-util-1.3.9-3.el6_0.1.ppc.rpm apr-util-1.3.9-3.el6_0.1.ppc64.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.ppc.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.ppc64.rpm apr-util-devel-1.3.9-3.el6_0.1.ppc.rpm apr-util-devel-1.3.9-3.el6_0.1.ppc64.rpm apr-util-ldap-1.3.9-3.el6_0.1.ppc64.rpm s390x: apr-util-1.3.9-3.el6_0.1.s390.rpm apr-util-1.3.9-3.el6_0.1.s390x.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.s390.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.s390x.rpm apr-util-devel-1.3.9-3.el6_0.1.s390.rpm apr-util-devel-1.3.9-3.el6_0.1.s390x.rpm apr-util-ldap-1.3.9-3.el6_0.1.s390x.rpm x86_64: apr-util-1.3.9-3.el6_0.1.i686.rpm apr-util-1.3.9-3.el6_0.1.x86_64.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-devel-1.3.9-3.el6_0.1.i686.rpm apr-util-devel-1.3.9-3.el6_0.1.x86_64.rpm apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm i386: apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-mysql-1.3.9-3.el6_0.1.i686.rpm apr-util-odbc-1.3.9-3.el6_0.1.i686.rpm apr-util-pgsql-1.3.9-3.el6_0.1.i686.rpm apr-util-sqlite-1.3.9-3.el6_0.1.i686.rpm ppc64: apr-util-debuginfo-1.3.9-3.el6_0.1.ppc64.rpm apr-util-mysql-1.3.9-3.el6_0.1.ppc64.rpm apr-util-odbc-1.3.9-3.el6_0.1.ppc64.rpm apr-util-pgsql-1.3.9-3.el6_0.1.ppc64.rpm apr-util-sqlite-1.3.9-3.el6_0.1.ppc64.rpm s390x: apr-util-debuginfo-1.3.9-3.el6_0.1.s390x.rpm apr-util-mysql-1.3.9-3.el6_0.1.s390x.rpm apr-util-odbc-1.3.9-3.el6_0.1.s390x.rpm apr-util-pgsql-1.3.9-3.el6_0.1.s390x.rpm apr-util-sqlite-1.3.9-3.el6_0.1.s390x.rpm x86_64: apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-mysql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-odbc-1.3.9-3.el6_0.1.x86_64.rpm apr-util-pgsql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-sqlite-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm i386: apr-util-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-devel-1.3.9-3.el6_0.1.i686.rpm apr-util-ldap-1.3.9-3.el6_0.1.i686.rpm x86_64: apr-util-1.3.9-3.el6_0.1.i686.rpm apr-util-1.3.9-3.el6_0.1.x86_64.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-devel-1.3.9-3.el6_0.1.i686.rpm apr-util-devel-1.3.9-3.el6_0.1.x86_64.rpm apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/apr-util-1.3.9-3.el6_0.1.src.rpm i386: apr-util-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-util-mysql-1.3.9-3.el6_0.1.i686.rpm apr-util-odbc-1.3.9-3.el6_0.1.i686.rpm apr-util-pgsql-1.3.9-3.el6_0.1.i686.rpm apr-util-sqlite-1.3.9-3.el6_0.1.i686.rpm x86_64: apr-util-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-util-mysql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-odbc-1.3.9-3.el6_0.1.x86_64.rpm apr-util-pgsql-1.3.9-3.el6_0.1.x86_64.rpm apr-util-sqlite-1.3.9-3.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1623.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM/tD3XlSAg2UNWIIRAmLuAKClJgb+0TDvoIzV3K+mK3tflsjUJwCgirbI NgcJAEY/NNZtYwWVPevUhw4= =zfsU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 8 19:56:50 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 8 Dec 2010 12:56:50 -0700 Subject: [RHSA-2010:0958-01] Important: kernel-rt security and bug fix update Message-ID: <201012081956.oB8Juo4N030949@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2010:0958-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0958.html Issue date: 2010-12-08 CVE Names: CVE-2010-2962 CVE-2010-3432 CVE-2010-3442 CVE-2010-3705 CVE-2010-3858 CVE-2010-3861 CVE-2010-3874 CVE-2010-3876 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073 CVE-2010-4074 CVE-2010-4075 CVE-2010-4077 CVE-2010-4079 CVE-2010-4080 CVE-2010-4082 CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4169 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise MRG 1.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. (CVE-2010-2962, Important) * A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) * A flaw in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP implementation. When iterating through the hmac_ids array, it did not reset the last id element if it was out of range. This could allow a remote attacker to cause a denial of service. (CVE-2010-3705, Important) * Missing sanity checks in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate) * A flaw in ethtool_get_rxnfc() in the Linux kernel's ethtool IOCTL handler. When it is called with a large info.rule_cnt, it could allow a local user to cause an information leak. (CVE-2010-3861, Moderate) * A flaw in bcm_connect() in the Linux kernel's Controller Area Network (CAN) Broadcast Manager. On 64-bit systems, writing the socket address may overflow the procname character array. (CVE-2010-3874, Moderate) * A flaw in inet_csk_diag_dump() in the Linux kernel's module for monitoring the sockets of INET transport protocols. By sending a netlink message with certain bytecode, a local, unprivileged user could cause a denial of service. (CVE-2010-3880, Moderate) * Missing sanity checks in gdth_ioctl_alloc() in the gdth driver in the Linux kernel, could allow a local user with access to "/dev/gdth" on a 64-bit system to cause a denial of service or escalate their privileges. (CVE-2010-4157, Moderate) * A use-after-free flaw in the mprotect() system call could allow a local, unprivileged user to cause a local denial of service. (CVE-2010-4169, Moderate) * Missing initialization flaws in the Linux kernel could lead to information leaks. (CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low) Red Hat would like to thank Kees Cook for reporting CVE-2010-2962, CVE-2010-3861, and CVE-2010-4072; Dan Rosenberg for reporting CVE-2010-3442, CVE-2010-3705, CVE-2010-3874, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4082, CVE-2010-4083, and CVE-2010-4158; Brad Spengler for reporting CVE-2010-3858; Nelson Elhage for reporting CVE-2010-3880; and Vasiliy Kulikov for reporting CVE-2010-3876. Bug fixes: * A vulnerability in the 32-bit compatibility code for the VIDIOCSMICROCODE IOCTL in the Video4Linux implementation. It does not affect Red Hat Enterprise MRG, but as a preventive measure, this update removes the code. Red Hat would like to thank Kees Cook for reporting this vulnerability. (BZ#642469) * The kernel-rt spec file was missing the crypto, drm, generated, and trace header directories when generating the kernel-rt-devel package, resulting in out-of-tree modules failing to build. (BZ#608784) * On computers without a supported Performance Monitoring Unit, a crash would occur when running the "perf top" command, and occasionally other perf commands. perf software events are now marked as IRQ safe to avoid this crash. (BZ#647434) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 608784 - cannot build third-party modules based upon 2.6.33.5-rt* packages 637675 - CVE-2010-3432 kernel: sctp: do not reset the packet during sctp_packet_config 637688 - CVE-2010-2962 kernel: arbitrary kernel memory write via i915 GEM ioctl 638478 - CVE-2010-3442 kernel: prevent heap corruption in snd_ctl_new() 640036 - CVE-2010-3705 kernel: sctp memory corruption in HMAC handling 642469 - CVE-2010-2963 kernel: v4l: VIDIOCSMICROCODE arbitrary write [mrg-1.3] 645222 - CVE-2010-3858 kernel: setup_arg_pages: diagnose excessive argument size 646725 - CVE-2010-3861 kernel: heap contents leak from ETHTOOL_GRXCLSRLALL 647434 - perf: Mark software events as irqsafe 648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory 648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory 648659 - CVE-2010-4074 kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory 648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory 648663 - CVE-2010-4077 kernel: drivers/char/nozomi.c: reading uninitialized stack memory 648666 - CVE-2010-4079 kernel: drivers/video/ivtv/ivtvfb.c: reading uninitialized stack memory 648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory 648671 - CVE-2010-4082 kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory 648673 - CVE-2010-4083 kernel: ipc/sem.c: reading uninitialized stack memory 649695 - CVE-2010-3874 kernel: CAN info leak/minor heap overflow 649715 - CVE-2010-3876 kernel: net/packet/af_packet.c: reading uninitialized stack memory 651147 - CVE-2010-4157 kernel: gdth: integer overflow in ioc_general() 651264 - CVE-2010-3880 kernel: logic error in INET_DIAG bytecode auditing 651671 - CVE-2010-4169 kernel: perf bug 651698 - CVE-2010-4158 kernel: socket filters infoleak 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.33.7-rt29.47.el5rt.src.rpm i386: kernel-rt-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-debug-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-debug-devel-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-devel-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-trace-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-trace-devel-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-vanilla-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.33.7-rt29.47.el5rt.i686.rpm perf-2.6.33.7-rt29.47.el5rt.i686.rpm perf-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.33.7-rt29.47.el5rt.noarch.rpm x86_64: kernel-rt-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-debug-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-trace-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm perf-2.6.33.7-rt29.47.el5rt.x86_64.rpm perf-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2962.html https://www.redhat.com/security/data/cve/CVE-2010-3432.html https://www.redhat.com/security/data/cve/CVE-2010-3442.html https://www.redhat.com/security/data/cve/CVE-2010-3705.html https://www.redhat.com/security/data/cve/CVE-2010-3858.html https://www.redhat.com/security/data/cve/CVE-2010-3861.html https://www.redhat.com/security/data/cve/CVE-2010-3874.html https://www.redhat.com/security/data/cve/CVE-2010-3876.html https://www.redhat.com/security/data/cve/CVE-2010-3880.html https://www.redhat.com/security/data/cve/CVE-2010-4072.html https://www.redhat.com/security/data/cve/CVE-2010-4073.html https://www.redhat.com/security/data/cve/CVE-2010-4074.html https://www.redhat.com/security/data/cve/CVE-2010-4075.html https://www.redhat.com/security/data/cve/CVE-2010-4077.html https://www.redhat.com/security/data/cve/CVE-2010-4079.html https://www.redhat.com/security/data/cve/CVE-2010-4080.html https://www.redhat.com/security/data/cve/CVE-2010-4082.html https://www.redhat.com/security/data/cve/CVE-2010-4083.html https://www.redhat.com/security/data/cve/CVE-2010-4157.html https://www.redhat.com/security/data/cve/CVE-2010-4158.html https://www.redhat.com/security/data/cve/CVE-2010-4169.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM/+LlXlSAg2UNWIIRAn8PAJ4xFBVdWI5Eh9ZBCaBs2vpEQpLU0wCfdg3g a0MdrCyeuuzqS7ocPAJ4oLE= =MLpI -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 10 00:07:39 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 9 Dec 2010 17:07:39 -0700 Subject: [RHSA-2010:0966-01] Critical: firefox security update Message-ID: <201012100007.oBA07ebT008986@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0966-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0966.html Issue date: 2010-12-09 CVE Names: CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3774 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776, CVE-2010-3777) A flaw was found in the way Firefox handled malformed JavaScript. A website with an object containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2010-3771) This update adds support for the Sanitiser for OpenType (OTS) library to Firefox. This library helps prevent potential exploits in malformed OpenType fonts by verifying the font file prior to use. (CVE-2010-3768) A flaw was found in the way Firefox loaded Java LiveConnect scripts. Malicious web content could load a Java LiveConnect script in a way that would result in the plug-in object having elevated privileges, allowing it to execute Java code with the privileges of the user running Firefox. (CVE-2010-3775) It was found that the fix for CVE-2010-0179 was incomplete when the Firebug add-on was used. If a user visited a website containing malicious JavaScript while the Firebug add-on was enabled, it could cause Firefox to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-3773) A flaw was found in the way Firefox presented the location bar to users. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-3774) A cross-site scripting (XSS) flaw was found in the Firefox x-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were converted to angle brackets when displayed. If server-side script filtering missed these cases, it could result in Firefox executing JavaScript code with the permissions of a different website. (CVE-2010-3770) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.13. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.13, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 660408 - CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74) 660415 - CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74) 660417 - CVE-2010-3771 Mozilla Chrome privilege escalation with window.open and element (MFSA 2010-76) 660419 - CVE-2010-3772 Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77) 660420 - CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78) 660422 - CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79) 660429 - CVE-2010-3766 Mozilla use-after-free error with nsDOMAttribute MutationObserver (MFSA 2010-80) 660431 - CVE-2010-3767 Mozilla integer overflow vulnerability in NewIdArray (MFSA 2010-81) 660435 - CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82) 660438 - CVE-2010-3774 Mozilla location bar SSL spoofing using network error page (MFSA 2010-83) 660439 - CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm i386: firefox-3.6.13-3.el4.i386.rpm firefox-debuginfo-3.6.13-3.el4.i386.rpm ia64: firefox-3.6.13-3.el4.ia64.rpm firefox-debuginfo-3.6.13-3.el4.ia64.rpm ppc: firefox-3.6.13-3.el4.ppc.rpm firefox-debuginfo-3.6.13-3.el4.ppc.rpm s390: firefox-3.6.13-3.el4.s390.rpm firefox-debuginfo-3.6.13-3.el4.s390.rpm s390x: firefox-3.6.13-3.el4.s390x.rpm firefox-debuginfo-3.6.13-3.el4.s390x.rpm x86_64: firefox-3.6.13-3.el4.x86_64.rpm firefox-debuginfo-3.6.13-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm i386: firefox-3.6.13-3.el4.i386.rpm firefox-debuginfo-3.6.13-3.el4.i386.rpm x86_64: firefox-3.6.13-3.el4.x86_64.rpm firefox-debuginfo-3.6.13-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm i386: firefox-3.6.13-3.el4.i386.rpm firefox-debuginfo-3.6.13-3.el4.i386.rpm ia64: firefox-3.6.13-3.el4.ia64.rpm firefox-debuginfo-3.6.13-3.el4.ia64.rpm x86_64: firefox-3.6.13-3.el4.x86_64.rpm firefox-debuginfo-3.6.13-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.13-3.el4.src.rpm i386: firefox-3.6.13-3.el4.i386.rpm firefox-debuginfo-3.6.13-3.el4.i386.rpm ia64: firefox-3.6.13-3.el4.ia64.rpm firefox-debuginfo-3.6.13-3.el4.ia64.rpm x86_64: firefox-3.6.13-3.el4.x86_64.rpm firefox-debuginfo-3.6.13-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.13-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el5.src.rpm i386: firefox-3.6.13-2.el5.i386.rpm firefox-debuginfo-3.6.13-2.el5.i386.rpm xulrunner-1.9.2.13-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm x86_64: firefox-3.6.13-2.el5.i386.rpm firefox-3.6.13-2.el5.x86_64.rpm firefox-debuginfo-3.6.13-2.el5.i386.rpm firefox-debuginfo-3.6.13-2.el5.x86_64.rpm xulrunner-1.9.2.13-3.el5.i386.rpm xulrunner-1.9.2.13-3.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.13-3.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el5.src.rpm i386: xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm xulrunner-devel-1.9.2.13-3.el5.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.13-3.el5.x86_64.rpm xulrunner-devel-1.9.2.13-3.el5.i386.rpm xulrunner-devel-1.9.2.13-3.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.13-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.13-3.el5.src.rpm i386: firefox-3.6.13-2.el5.i386.rpm firefox-debuginfo-3.6.13-2.el5.i386.rpm xulrunner-1.9.2.13-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm xulrunner-devel-1.9.2.13-3.el5.i386.rpm ia64: firefox-3.6.13-2.el5.ia64.rpm firefox-debuginfo-3.6.13-2.el5.ia64.rpm xulrunner-1.9.2.13-3.el5.ia64.rpm xulrunner-debuginfo-1.9.2.13-3.el5.ia64.rpm xulrunner-devel-1.9.2.13-3.el5.ia64.rpm ppc: firefox-3.6.13-2.el5.ppc.rpm firefox-debuginfo-3.6.13-2.el5.ppc.rpm xulrunner-1.9.2.13-3.el5.ppc.rpm xulrunner-1.9.2.13-3.el5.ppc64.rpm xulrunner-debuginfo-1.9.2.13-3.el5.ppc.rpm xulrunner-debuginfo-1.9.2.13-3.el5.ppc64.rpm xulrunner-devel-1.9.2.13-3.el5.ppc.rpm xulrunner-devel-1.9.2.13-3.el5.ppc64.rpm s390x: firefox-3.6.13-2.el5.s390.rpm firefox-3.6.13-2.el5.s390x.rpm firefox-debuginfo-3.6.13-2.el5.s390.rpm firefox-debuginfo-3.6.13-2.el5.s390x.rpm xulrunner-1.9.2.13-3.el5.s390.rpm xulrunner-1.9.2.13-3.el5.s390x.rpm xulrunner-debuginfo-1.9.2.13-3.el5.s390.rpm xulrunner-debuginfo-1.9.2.13-3.el5.s390x.rpm xulrunner-devel-1.9.2.13-3.el5.s390.rpm xulrunner-devel-1.9.2.13-3.el5.s390x.rpm x86_64: firefox-3.6.13-2.el5.i386.rpm firefox-3.6.13-2.el5.x86_64.rpm firefox-debuginfo-3.6.13-2.el5.i386.rpm firefox-debuginfo-3.6.13-2.el5.x86_64.rpm xulrunner-1.9.2.13-3.el5.i386.rpm xulrunner-1.9.2.13-3.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.13-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.13-3.el5.x86_64.rpm xulrunner-devel-1.9.2.13-3.el5.i386.rpm xulrunner-devel-1.9.2.13-3.el5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm i386: firefox-3.6.13-2.el6_0.i686.rpm firefox-debuginfo-3.6.13-2.el6_0.i686.rpm xulrunner-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm x86_64: firefox-3.6.13-2.el6_0.x86_64.rpm firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm xulrunner-1.9.2.13-3.el6_0.i686.rpm xulrunner-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm x86_64: firefox-3.6.13-2.el6_0.x86_64.rpm firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm xulrunner-1.9.2.13-3.el6_0.i686.rpm xulrunner-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm i386: firefox-3.6.13-2.el6_0.i686.rpm firefox-debuginfo-3.6.13-2.el6_0.i686.rpm xulrunner-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm ppc64: firefox-3.6.13-2.el6_0.ppc64.rpm firefox-debuginfo-3.6.13-2.el6_0.ppc64.rpm xulrunner-1.9.2.13-3.el6_0.ppc.rpm xulrunner-1.9.2.13-3.el6_0.ppc64.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc64.rpm s390x: firefox-3.6.13-2.el6_0.s390x.rpm firefox-debuginfo-3.6.13-2.el6_0.s390x.rpm xulrunner-1.9.2.13-3.el6_0.s390.rpm xulrunner-1.9.2.13-3.el6_0.s390x.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.s390x.rpm x86_64: firefox-3.6.13-2.el6_0.x86_64.rpm firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm xulrunner-1.9.2.13-3.el6_0.i686.rpm xulrunner-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.ppc64.rpm xulrunner-devel-1.9.2.13-3.el6_0.ppc.rpm xulrunner-devel-1.9.2.13-3.el6_0.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.13-3.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.s390x.rpm xulrunner-devel-1.9.2.13-3.el6_0.s390.rpm xulrunner-devel-1.9.2.13-3.el6_0.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.13-2.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm i386: firefox-3.6.13-2.el6_0.i686.rpm firefox-debuginfo-3.6.13-2.el6_0.i686.rpm xulrunner-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm x86_64: firefox-3.6.13-2.el6_0.x86_64.rpm firefox-debuginfo-3.6.13-2.el6_0.x86_64.rpm xulrunner-1.9.2.13-3.el6_0.i686.rpm xulrunner-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.13-3.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.13-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.13-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.13-3.el6_0.i686.rpm xulrunner-devel-1.9.2.13-3.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3766.html https://www.redhat.com/security/data/cve/CVE-2010-3767.html https://www.redhat.com/security/data/cve/CVE-2010-3768.html https://www.redhat.com/security/data/cve/CVE-2010-3770.html https://www.redhat.com/security/data/cve/CVE-2010-3771.html https://www.redhat.com/security/data/cve/CVE-2010-3772.html https://www.redhat.com/security/data/cve/CVE-2010-3773.html https://www.redhat.com/security/data/cve/CVE-2010-3774.html https://www.redhat.com/security/data/cve/CVE-2010-3775.html https://www.redhat.com/security/data/cve/CVE-2010-3776.html https://www.redhat.com/security/data/cve/CVE-2010-3777.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13 http://code.google.com/p/ots/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNAW8sXlSAg2UNWIIRAljXAJ48fvxnCtsScCN93q2naEDuowzMlQCePaBQ GH301bbX+epcQXMvu1n9Ccc= =KnKv -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 10 00:08:14 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 9 Dec 2010 17:08:14 -0700 Subject: [RHSA-2010:0967-01] Critical: seamonkey security update Message-ID: <201012100008.oBA08EGI024218@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2010:0967-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0967.html Issue date: 2010-12-09 CVE Names: CVE-2010-3767 CVE-2010-3772 CVE-2010-3775 CVE-2010-3776 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3767, CVE-2010-3772, CVE-2010-3776) A flaw was found in the way SeaMonkey loaded Java LiveConnect scripts. Malicious web content could load a Java LiveConnect script in a way that would result in the plug-in object having elevated privileges, allowing it to execute Java code with the privileges of the user running SeaMonkey. (CVE-2010-3775) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 660408 - CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74) 660419 - CVE-2010-3772 Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77) 660422 - CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79) 660431 - CVE-2010-3767 Mozilla integer overflow vulnerability in NewIdArray (MFSA 2010-81) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-66.el4_8.src.rpm i386: seamonkey-1.0.9-66.el4_8.i386.rpm seamonkey-chat-1.0.9-66.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-66.el4_8.i386.rpm seamonkey-devel-1.0.9-66.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-66.el4_8.i386.rpm seamonkey-mail-1.0.9-66.el4_8.i386.rpm ia64: seamonkey-1.0.9-66.el4_8.ia64.rpm seamonkey-chat-1.0.9-66.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-66.el4_8.ia64.rpm seamonkey-devel-1.0.9-66.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-66.el4_8.ia64.rpm seamonkey-mail-1.0.9-66.el4_8.ia64.rpm ppc: seamonkey-1.0.9-66.el4_8.ppc.rpm seamonkey-chat-1.0.9-66.el4_8.ppc.rpm seamonkey-debuginfo-1.0.9-66.el4_8.ppc.rpm seamonkey-devel-1.0.9-66.el4_8.ppc.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.ppc.rpm seamonkey-js-debugger-1.0.9-66.el4_8.ppc.rpm seamonkey-mail-1.0.9-66.el4_8.ppc.rpm s390: seamonkey-1.0.9-66.el4_8.s390.rpm seamonkey-chat-1.0.9-66.el4_8.s390.rpm seamonkey-debuginfo-1.0.9-66.el4_8.s390.rpm seamonkey-devel-1.0.9-66.el4_8.s390.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.s390.rpm seamonkey-js-debugger-1.0.9-66.el4_8.s390.rpm seamonkey-mail-1.0.9-66.el4_8.s390.rpm s390x: seamonkey-1.0.9-66.el4_8.s390x.rpm seamonkey-chat-1.0.9-66.el4_8.s390x.rpm seamonkey-debuginfo-1.0.9-66.el4_8.s390x.rpm seamonkey-devel-1.0.9-66.el4_8.s390x.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.s390x.rpm seamonkey-js-debugger-1.0.9-66.el4_8.s390x.rpm seamonkey-mail-1.0.9-66.el4_8.s390x.rpm x86_64: seamonkey-1.0.9-66.el4_8.x86_64.rpm seamonkey-chat-1.0.9-66.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-66.el4_8.x86_64.rpm seamonkey-devel-1.0.9-66.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-66.el4_8.x86_64.rpm seamonkey-mail-1.0.9-66.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-66.el4_8.src.rpm i386: seamonkey-1.0.9-66.el4_8.i386.rpm seamonkey-chat-1.0.9-66.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-66.el4_8.i386.rpm seamonkey-devel-1.0.9-66.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-66.el4_8.i386.rpm seamonkey-mail-1.0.9-66.el4_8.i386.rpm x86_64: seamonkey-1.0.9-66.el4_8.x86_64.rpm seamonkey-chat-1.0.9-66.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-66.el4_8.x86_64.rpm seamonkey-devel-1.0.9-66.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-66.el4_8.x86_64.rpm seamonkey-mail-1.0.9-66.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-66.el4_8.src.rpm i386: seamonkey-1.0.9-66.el4_8.i386.rpm seamonkey-chat-1.0.9-66.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-66.el4_8.i386.rpm seamonkey-devel-1.0.9-66.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-66.el4_8.i386.rpm seamonkey-mail-1.0.9-66.el4_8.i386.rpm ia64: seamonkey-1.0.9-66.el4_8.ia64.rpm seamonkey-chat-1.0.9-66.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-66.el4_8.ia64.rpm seamonkey-devel-1.0.9-66.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-66.el4_8.ia64.rpm seamonkey-mail-1.0.9-66.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-66.el4_8.x86_64.rpm seamonkey-chat-1.0.9-66.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-66.el4_8.x86_64.rpm seamonkey-devel-1.0.9-66.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-66.el4_8.x86_64.rpm seamonkey-mail-1.0.9-66.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-66.el4_8.src.rpm i386: seamonkey-1.0.9-66.el4_8.i386.rpm seamonkey-chat-1.0.9-66.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-66.el4_8.i386.rpm seamonkey-devel-1.0.9-66.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-66.el4_8.i386.rpm seamonkey-mail-1.0.9-66.el4_8.i386.rpm ia64: seamonkey-1.0.9-66.el4_8.ia64.rpm seamonkey-chat-1.0.9-66.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-66.el4_8.ia64.rpm seamonkey-devel-1.0.9-66.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-66.el4_8.ia64.rpm seamonkey-mail-1.0.9-66.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-66.el4_8.x86_64.rpm seamonkey-chat-1.0.9-66.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-66.el4_8.x86_64.rpm seamonkey-devel-1.0.9-66.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-66.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-66.el4_8.x86_64.rpm seamonkey-mail-1.0.9-66.el4_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3767.html https://www.redhat.com/security/data/cve/CVE-2010-3772.html https://www.redhat.com/security/data/cve/CVE-2010-3775.html https://www.redhat.com/security/data/cve/CVE-2010-3776.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNAW9bXlSAg2UNWIIRAvPmAJ9yZiQxQ+n8p3wBa/CBjiLbDw9fSwCfcUXS CXwq2gG6YJ8KVulRjJH6nnU= =XCbs -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 10 00:08:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 9 Dec 2010 17:08:57 -0700 Subject: [RHSA-2010:0968-01] Moderate: thunderbird security update Message-ID: <201012100008.oBA08vGA009134@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0968-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0968.html Issue date: 2010-12-09 CVE Names: CVE-2010-3767 CVE-2010-3772 CVE-2010-3776 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. HTML containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3767, CVE-2010-3772, CVE-2010-3776) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 660408 - CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74) 660419 - CVE-2010-3772 Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77) 660431 - CVE-2010-3767 Mozilla integer overflow vulnerability in NewIdArray (MFSA 2010-81) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-34.el4.src.rpm i386: thunderbird-1.5.0.12-34.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-34.el4.i386.rpm ia64: thunderbird-1.5.0.12-34.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-34.el4.ia64.rpm ppc: thunderbird-1.5.0.12-34.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-34.el4.ppc.rpm s390: thunderbird-1.5.0.12-34.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-34.el4.s390.rpm s390x: thunderbird-1.5.0.12-34.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-34.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-34.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-34.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-34.el4.src.rpm i386: thunderbird-1.5.0.12-34.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-34.el4.i386.rpm x86_64: thunderbird-1.5.0.12-34.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-34.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-34.el4.src.rpm i386: thunderbird-1.5.0.12-34.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-34.el4.i386.rpm ia64: thunderbird-1.5.0.12-34.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-34.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-34.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-34.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-34.el4.src.rpm i386: thunderbird-1.5.0.12-34.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-34.el4.i386.rpm ia64: thunderbird-1.5.0.12-34.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-34.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-34.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-34.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-13.el5_5.src.rpm i386: thunderbird-2.0.0.24-13.el5_5.i386.rpm thunderbird-debuginfo-2.0.0.24-13.el5_5.i386.rpm x86_64: thunderbird-2.0.0.24-13.el5_5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-13.el5_5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-13.el5_5.src.rpm i386: thunderbird-2.0.0.24-13.el5_5.i386.rpm thunderbird-debuginfo-2.0.0.24-13.el5_5.i386.rpm x86_64: thunderbird-2.0.0.24-13.el5_5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-13.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3767.html https://www.redhat.com/security/data/cve/CVE-2010-3772.html https://www.redhat.com/security/data/cve/CVE-2010-3776.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNAW+BXlSAg2UNWIIRAqfnAJ4xDfZUk3amB0+AmpXvIwcU9unqKgCfWFQk iGaWnXj7LcTe9fegKf5FwfU= =KqYV -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 10 01:18:53 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 9 Dec 2010 20:18:53 -0500 Subject: [RHSA-2010:0969-02] Moderate: thunderbird security update Message-ID: <201012100118.oBA1It9q022889@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0969-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0969.html Issue date: 2010-12-09 CVE Names: CVE-2010-3768 CVE-2010-3776 CVE-2010-3777 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3776, CVE-2010-3777) Note: JavaScript support is disabled in Thunderbird for mail messages. The above issues are believed to not be exploitable without JavaScript. This update adds support for the Sanitiser for OpenType (OTS) library to Thunderbird. This library helps prevent potential exploits in malformed OpenType fonts by verifying the font file prior to use. (CVE-2010-3768) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 660408 - CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74) 660415 - CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74) 660420 - CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.7-3.el6_0.src.rpm i386: thunderbird-3.1.7-3.el6_0.i686.rpm thunderbird-debuginfo-3.1.7-3.el6_0.i686.rpm x86_64: thunderbird-3.1.7-3.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.7-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.7-3.el6_0.src.rpm i386: thunderbird-3.1.7-3.el6_0.i686.rpm thunderbird-debuginfo-3.1.7-3.el6_0.i686.rpm ppc64: thunderbird-3.1.7-3.el6_0.ppc64.rpm thunderbird-debuginfo-3.1.7-3.el6_0.ppc64.rpm s390x: thunderbird-3.1.7-3.el6_0.s390x.rpm thunderbird-debuginfo-3.1.7-3.el6_0.s390x.rpm x86_64: thunderbird-3.1.7-3.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.7-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.7-3.el6_0.src.rpm i386: thunderbird-3.1.7-3.el6_0.i686.rpm thunderbird-debuginfo-3.1.7-3.el6_0.i686.rpm x86_64: thunderbird-3.1.7-3.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.7-3.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3768.html https://www.redhat.com/security/data/cve/CVE-2010-3776.html https://www.redhat.com/security/data/cve/CVE-2010-3777.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNAX+pXlSAg2UNWIIRAiYYAJ99UCE5HadBdvhn5Nl/5Mtr9PYU6gCfWczl oaOSPGa42H/wM64fvqHenNo= =uDjr -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 10 21:49:55 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 10 Dec 2010 14:49:55 -0700 Subject: [RHSA-2010:0970-01] Critical: exim security update Message-ID: <201012102149.oBALntnf007223@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: exim security update Advisory ID: RHSA-2010:0970-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0970.html Issue date: 2010-12-10 CVE Names: CVE-2010-4344 ===================================================================== 1. Summary: Updated exim packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5, and Red Hat Enterprise Linux 4.7, 5.3, and 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim's internal string_vformat() function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exim. (CVE-2010-4344) Note: successful exploitation would allow a remote attacker to execute arbitrary code as root on a Red Hat Enterprise Linux 4 or 5 system that is running the Exim mail server. An exploit for this issue is known to exist. For additional information regarding this flaw, along with mitigation advice, please see the Knowledge Base article linked to in the References section of this advisory. Users of Exim are advised to update to these erratum packages which contain a backported patch to correct this issue. After installing this update, the Exim daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 661756 - CVE-2010-4344 exim remote code execution flaw 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.1.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.ia64.rpm ppc: exim-4.43-1.RHEL4.5.el4_8.1.ppc.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.ppc.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.ppc.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.ppc.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.ppc.rpm s390: exim-4.43-1.RHEL4.5.el4_8.1.s390.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.s390.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.s390.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.s390.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.s390.rpm s390x: exim-4.43-1.RHEL4.5.el4_8.1.s390x.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.s390x.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.s390x.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.s390x.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.s390x.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm Red Hat Enterprise Linux AS version 4.7.z: Source: exim-4.43-1.RHEL4.5.el4_7.1.src.rpm i386: exim-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.ia64.rpm ppc: exim-4.43-1.RHEL4.5.el4_7.1.ppc.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.ppc.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.ppc.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.ppc.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.ppc.rpm s390: exim-4.43-1.RHEL4.5.el4_7.1.s390.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.s390.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.s390.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.s390.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.s390.rpm s390x: exim-4.43-1.RHEL4.5.el4_7.1.s390x.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.s390x.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.s390x.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.s390x.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.s390x.rpm x86_64: exim-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.1.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.i386.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.1.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.ia64.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4.7.z: Source: exim-4.43-1.RHEL4.5.el4_7.1.src.rpm i386: exim-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.ia64.rpm x86_64: exim-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.1.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.ia64.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/exim-4.63-5.el5_5.2.src.rpm i386: exim-4.63-5.el5_5.2.i386.rpm exim-debuginfo-4.63-5.el5_5.2.i386.rpm exim-mon-4.63-5.el5_5.2.i386.rpm exim-sa-4.63-5.el5_5.2.i386.rpm x86_64: exim-4.63-5.el5_5.2.x86_64.rpm exim-debuginfo-4.63-5.el5_5.2.x86_64.rpm exim-mon-4.63-5.el5_5.2.x86_64.rpm exim-sa-4.63-5.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/exim-4.63-5.el5_5.2.src.rpm i386: exim-4.63-5.el5_5.2.i386.rpm exim-debuginfo-4.63-5.el5_5.2.i386.rpm exim-mon-4.63-5.el5_5.2.i386.rpm exim-sa-4.63-5.el5_5.2.i386.rpm ia64: exim-4.63-5.el5_5.2.ia64.rpm exim-debuginfo-4.63-5.el5_5.2.ia64.rpm exim-mon-4.63-5.el5_5.2.ia64.rpm exim-sa-4.63-5.el5_5.2.ia64.rpm ppc: exim-4.63-5.el5_5.2.ppc.rpm exim-debuginfo-4.63-5.el5_5.2.ppc.rpm exim-mon-4.63-5.el5_5.2.ppc.rpm exim-sa-4.63-5.el5_5.2.ppc.rpm s390x: exim-4.63-5.el5_5.2.s390x.rpm exim-debuginfo-4.63-5.el5_5.2.s390x.rpm exim-mon-4.63-5.el5_5.2.s390x.rpm exim-sa-4.63-5.el5_5.2.s390x.rpm x86_64: exim-4.63-5.el5_5.2.x86_64.rpm exim-debuginfo-4.63-5.el5_5.2.x86_64.rpm exim-mon-4.63-5.el5_5.2.x86_64.rpm exim-sa-4.63-5.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5.3.z server): Source: exim-4.63-3.el5_3.1.src.rpm i386: exim-4.63-3.el5_3.1.i386.rpm exim-debuginfo-4.63-3.el5_3.1.i386.rpm exim-mon-4.63-3.el5_3.1.i386.rpm exim-sa-4.63-3.el5_3.1.i386.rpm ia64: exim-4.63-3.el5_3.1.ia64.rpm exim-debuginfo-4.63-3.el5_3.1.ia64.rpm exim-mon-4.63-3.el5_3.1.ia64.rpm exim-sa-4.63-3.el5_3.1.ia64.rpm ppc: exim-4.63-3.el5_3.1.ppc.rpm exim-debuginfo-4.63-3.el5_3.1.ppc.rpm exim-mon-4.63-3.el5_3.1.ppc.rpm exim-sa-4.63-3.el5_3.1.ppc.rpm s390x: exim-4.63-3.el5_3.1.s390x.rpm exim-debuginfo-4.63-3.el5_3.1.s390x.rpm exim-mon-4.63-3.el5_3.1.s390x.rpm exim-sa-4.63-3.el5_3.1.s390x.rpm x86_64: exim-4.63-3.el5_3.1.x86_64.rpm exim-debuginfo-4.63-3.el5_3.1.x86_64.rpm exim-mon-4.63-3.el5_3.1.x86_64.rpm exim-sa-4.63-3.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5.4.z server): Source: exim-4.63-3.el5_4.1.src.rpm i386: exim-4.63-3.el5_4.1.i386.rpm exim-debuginfo-4.63-3.el5_4.1.i386.rpm exim-mon-4.63-3.el5_4.1.i386.rpm exim-sa-4.63-3.el5_4.1.i386.rpm ia64: exim-4.63-3.el5_4.1.ia64.rpm exim-debuginfo-4.63-3.el5_4.1.ia64.rpm exim-mon-4.63-3.el5_4.1.ia64.rpm exim-sa-4.63-3.el5_4.1.ia64.rpm ppc: exim-4.63-3.el5_4.1.ppc.rpm exim-debuginfo-4.63-3.el5_4.1.ppc.rpm exim-mon-4.63-3.el5_4.1.ppc.rpm exim-sa-4.63-3.el5_4.1.ppc.rpm s390x: exim-4.63-3.el5_4.1.s390x.rpm exim-debuginfo-4.63-3.el5_4.1.s390x.rpm exim-mon-4.63-3.el5_4.1.s390x.rpm exim-sa-4.63-3.el5_4.1.s390x.rpm x86_64: exim-4.63-3.el5_4.1.x86_64.rpm exim-debuginfo-4.63-3.el5_4.1.x86_64.rpm exim-mon-4.63-3.el5_4.1.x86_64.rpm exim-sa-4.63-3.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4344.html https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/kb/docs/DOC-43789 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNAqBkXlSAg2UNWIIRAgQJAJ4/0QH12l/tNWqDVn6H/P/QRNao8ACglSHa 0VpPPGjixTVhdrIJLxMM3yk= =GLUe -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 13 18:07:55 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Dec 2010 13:07:55 -0500 Subject: [RHSA-2010:0975-01] Important: bind security update Message-ID: <201012131807.oBDI7td6029322@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2010:0975-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0975.html Issue date: 2010-12-13 CVE Names: CVE-2010-3613 CVE-2010-3614 ===================================================================== 1. Summary: Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) It was discovered that, in certain cases, named did not properly perform DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY algorithm rollover. This flaw could cause the validator to incorrectly determine that the zone is insecure and not protected by DNSSEC. (CVE-2010-3614) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 658974 - CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named 658977 - CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm i386: bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-libs-9.7.0-5.P2.el6_0.1.i686.rpm bind-utils-9.7.0-5.P2.el6_0.1.i686.rpm x86_64: bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-utils-9.7.0-5.P2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm i386: bind-9.7.0-5.P2.el6_0.1.i686.rpm bind-chroot-9.7.0-5.P2.el6_0.1.i686.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-devel-9.7.0-5.P2.el6_0.1.i686.rpm bind-sdb-9.7.0-5.P2.el6_0.1.i686.rpm x86_64: bind-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-chroot-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-devel-9.7.0-5.P2.el6_0.1.i686.rpm bind-devel-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.i686.rpm bind-sdb-9.7.0-5.P2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm x86_64: bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-utils-9.7.0-5.P2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm x86_64: bind-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-chroot-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-devel-9.7.0-5.P2.el6_0.1.i686.rpm bind-devel-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.i686.rpm bind-sdb-9.7.0-5.P2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm i386: bind-9.7.0-5.P2.el6_0.1.i686.rpm bind-chroot-9.7.0-5.P2.el6_0.1.i686.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-libs-9.7.0-5.P2.el6_0.1.i686.rpm bind-utils-9.7.0-5.P2.el6_0.1.i686.rpm ppc64: bind-9.7.0-5.P2.el6_0.1.ppc64.rpm bind-chroot-9.7.0-5.P2.el6_0.1.ppc64.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.ppc64.rpm bind-libs-9.7.0-5.P2.el6_0.1.ppc64.rpm bind-utils-9.7.0-5.P2.el6_0.1.ppc64.rpm s390x: bind-9.7.0-5.P2.el6_0.1.s390x.rpm bind-chroot-9.7.0-5.P2.el6_0.1.s390x.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.s390x.rpm bind-libs-9.7.0-5.P2.el6_0.1.s390x.rpm bind-utils-9.7.0-5.P2.el6_0.1.s390x.rpm x86_64: bind-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-chroot-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-utils-9.7.0-5.P2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm i386: bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-devel-9.7.0-5.P2.el6_0.1.i686.rpm bind-sdb-9.7.0-5.P2.el6_0.1.i686.rpm ppc64: bind-debuginfo-9.7.0-5.P2.el6_0.1.ppc.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.ppc64.rpm bind-devel-9.7.0-5.P2.el6_0.1.ppc.rpm bind-devel-9.7.0-5.P2.el6_0.1.ppc64.rpm bind-libs-9.7.0-5.P2.el6_0.1.ppc.rpm bind-sdb-9.7.0-5.P2.el6_0.1.ppc64.rpm s390x: bind-debuginfo-9.7.0-5.P2.el6_0.1.s390.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.s390x.rpm bind-devel-9.7.0-5.P2.el6_0.1.s390.rpm bind-devel-9.7.0-5.P2.el6_0.1.s390x.rpm bind-libs-9.7.0-5.P2.el6_0.1.s390.rpm bind-sdb-9.7.0-5.P2.el6_0.1.s390x.rpm x86_64: bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-devel-9.7.0-5.P2.el6_0.1.i686.rpm bind-devel-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.i686.rpm bind-sdb-9.7.0-5.P2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm i386: bind-9.7.0-5.P2.el6_0.1.i686.rpm bind-chroot-9.7.0-5.P2.el6_0.1.i686.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-libs-9.7.0-5.P2.el6_0.1.i686.rpm bind-utils-9.7.0-5.P2.el6_0.1.i686.rpm x86_64: bind-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-chroot-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-utils-9.7.0-5.P2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.0-5.P2.el6_0.1.src.rpm i386: bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-devel-9.7.0-5.P2.el6_0.1.i686.rpm bind-sdb-9.7.0-5.P2.el6_0.1.i686.rpm x86_64: bind-debuginfo-9.7.0-5.P2.el6_0.1.i686.rpm bind-debuginfo-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-devel-9.7.0-5.P2.el6_0.1.i686.rpm bind-devel-9.7.0-5.P2.el6_0.1.x86_64.rpm bind-libs-9.7.0-5.P2.el6_0.1.i686.rpm bind-sdb-9.7.0-5.P2.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3613.html https://www.redhat.com/security/data/cve/CVE-2010-3614.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNBmDFXlSAg2UNWIIRAvG8AJ0VJdCFftwmvBa+IMUBdxxZttWsEwCdE7pC cCnvSZSN0DOiB+74vbfjmQE= =eZkz -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 13 18:17:11 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Dec 2010 13:17:11 -0500 Subject: [RHSA-2010:0976-01] Important: bind security update Message-ID: <201012131817.oBDIHB9I026286@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2010:0976-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0976.html Issue date: 2010-12-13 CVE Names: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762 ===================================================================== 1. Summary: Updated bind packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) A flaw was found in the DNSSEC validation code in named. If named had multiple trust anchors configured for a zone, a response to a request for a record in that zone with a bad signature could cause named to crash. (CVE-2010-3762) It was discovered that, in certain cases, named did not properly perform DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY algorithm rollover. This flaw could cause the validator to incorrectly determine that the zone is insecure and not protected by DNSSEC. (CVE-2010-3614) All BIND users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 640730 - CVE-2010-3762 Bind: DoS (assertion failure) via a DNS query with bad signatures 658974 - CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named 658977 - CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-4.P1.el5_5.3.src.rpm i386: bind-9.3.6-4.P1.el5_5.3.i386.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.i386.rpm bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm x86_64: bind-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.i386.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-4.P1.el5_5.3.src.rpm i386: bind-chroot-9.3.6-4.P1.el5_5.3.i386.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.i386.rpm bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.i386.rpm x86_64: bind-chroot-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.i386.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-4.P1.el5_5.3.src.rpm i386: bind-9.3.6-4.P1.el5_5.3.i386.rpm bind-chroot-9.3.6-4.P1.el5_5.3.i386.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.i386.rpm bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm bind-sdb-9.3.6-4.P1.el5_5.3.i386.rpm bind-utils-9.3.6-4.P1.el5_5.3.i386.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.i386.rpm ia64: bind-9.3.6-4.P1.el5_5.3.ia64.rpm bind-chroot-9.3.6-4.P1.el5_5.3.ia64.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.i386.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.ia64.rpm bind-devel-9.3.6-4.P1.el5_5.3.ia64.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.ia64.rpm bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm bind-libs-9.3.6-4.P1.el5_5.3.ia64.rpm bind-sdb-9.3.6-4.P1.el5_5.3.ia64.rpm bind-utils-9.3.6-4.P1.el5_5.3.ia64.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.ia64.rpm ppc: bind-9.3.6-4.P1.el5_5.3.ppc.rpm bind-chroot-9.3.6-4.P1.el5_5.3.ppc.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.ppc.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.ppc64.rpm bind-devel-9.3.6-4.P1.el5_5.3.ppc.rpm bind-devel-9.3.6-4.P1.el5_5.3.ppc64.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.ppc.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.ppc64.rpm bind-libs-9.3.6-4.P1.el5_5.3.ppc.rpm bind-libs-9.3.6-4.P1.el5_5.3.ppc64.rpm bind-sdb-9.3.6-4.P1.el5_5.3.ppc.rpm bind-utils-9.3.6-4.P1.el5_5.3.ppc.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.ppc.rpm s390x: bind-9.3.6-4.P1.el5_5.3.s390x.rpm bind-chroot-9.3.6-4.P1.el5_5.3.s390x.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.s390.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.s390x.rpm bind-devel-9.3.6-4.P1.el5_5.3.s390.rpm bind-devel-9.3.6-4.P1.el5_5.3.s390x.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.s390.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.s390x.rpm bind-libs-9.3.6-4.P1.el5_5.3.s390.rpm bind-libs-9.3.6-4.P1.el5_5.3.s390x.rpm bind-sdb-9.3.6-4.P1.el5_5.3.s390x.rpm bind-utils-9.3.6-4.P1.el5_5.3.s390x.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.s390x.rpm x86_64: bind-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-chroot-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.i386.rpm bind-debuginfo-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.i386.rpm bind-libbind-devel-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-libs-9.3.6-4.P1.el5_5.3.i386.rpm bind-libs-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-sdb-9.3.6-4.P1.el5_5.3.x86_64.rpm bind-utils-9.3.6-4.P1.el5_5.3.x86_64.rpm caching-nameserver-9.3.6-4.P1.el5_5.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3613.html https://www.redhat.com/security/data/cve/CVE-2010-3614.html https://www.redhat.com/security/data/cve/CVE-2010-3762.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNBmLpXlSAg2UNWIIRArpGAKCzCjd4wlsWRfSZ7i4QUQx9WxyI1wCbBbrL cM1rJ6bdFgAWwnNdahO9boA= =l6ZI -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 13 18:21:11 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Dec 2010 13:21:11 -0500 Subject: [RHSA-2010:0977-01] Moderate: openssl security update Message-ID: <201012131821.oBDILBPS001073@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2010:0977-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0977.html Issue date: 2010-12-13 CVE Names: CVE-2008-7270 CVE-2009-3245 CVE-2010-4180 ===================================================================== 1. Summary: Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180, CVE-2008-7270) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could possibly crash an application using the OpenSSL library and its UBSEC hardware engine support. (CVE-2009-3245) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm ppc: openssl-0.9.7a-43.17.el4_8.6.ppc.rpm openssl-0.9.7a-43.17.el4_8.6.ppc64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ppc.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ppc64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ppc.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ppc64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ppc.rpm s390: openssl-0.9.7a-43.17.el4_8.6.s390.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390.rpm openssl-devel-0.9.7a-43.17.el4_8.6.s390.rpm openssl-perl-0.9.7a-43.17.el4_8.6.s390.rpm s390x: openssl-0.9.7a-43.17.el4_8.6.s390.rpm openssl-0.9.7a-43.17.el4_8.6.s390x.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390x.rpm openssl-devel-0.9.7a-43.17.el4_8.6.s390.rpm openssl-devel-0.9.7a-43.17.el4_8.6.s390x.rpm openssl-perl-0.9.7a-43.17.el4_8.6.s390x.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-7270.html https://www.redhat.com/security/data/cve/CVE-2009-3245.html https://www.redhat.com/security/data/cve/CVE-2010-4180.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNBmPdXlSAg2UNWIIRAhJ7AJ4udykIH04u4+SjeOtQtqP6ckm6gQCgxMQJ uHxijZs4kgRR0FnX+gzoPdU= =5RLE -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 13 18:44:13 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Dec 2010 13:44:13 -0500 Subject: [RHSA-2010:0978-01] Moderate: openssl security update Message-ID: <201012131844.oBDIiDlK016511@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2010:0978-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0978.html Issue date: 2010-12-13 CVE Names: CVE-2008-7270 CVE-2010-4180 ===================================================================== 1. Summary: Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180, CVE-2008-7270) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_5.7.src.rpm i386: openssl-0.9.8e-12.el5_5.7.i386.rpm openssl-0.9.8e-12.el5_5.7.i686.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm openssl-perl-0.9.8e-12.el5_5.7.i386.rpm x86_64: openssl-0.9.8e-12.el5_5.7.i686.rpm openssl-0.9.8e-12.el5_5.7.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.x86_64.rpm openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_5.7.src.rpm i386: openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm openssl-devel-0.9.8e-12.el5_5.7.i386.rpm x86_64: openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.x86_64.rpm openssl-devel-0.9.8e-12.el5_5.7.i386.rpm openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-12.el5_5.7.src.rpm i386: openssl-0.9.8e-12.el5_5.7.i386.rpm openssl-0.9.8e-12.el5_5.7.i686.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm openssl-devel-0.9.8e-12.el5_5.7.i386.rpm openssl-perl-0.9.8e-12.el5_5.7.i386.rpm ia64: openssl-0.9.8e-12.el5_5.7.i686.rpm openssl-0.9.8e-12.el5_5.7.ia64.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.ia64.rpm openssl-devel-0.9.8e-12.el5_5.7.ia64.rpm openssl-perl-0.9.8e-12.el5_5.7.ia64.rpm ppc: openssl-0.9.8e-12.el5_5.7.ppc.rpm openssl-0.9.8e-12.el5_5.7.ppc64.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.ppc.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.ppc64.rpm openssl-devel-0.9.8e-12.el5_5.7.ppc.rpm openssl-devel-0.9.8e-12.el5_5.7.ppc64.rpm openssl-perl-0.9.8e-12.el5_5.7.ppc.rpm s390x: openssl-0.9.8e-12.el5_5.7.s390.rpm openssl-0.9.8e-12.el5_5.7.s390x.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.s390.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.s390x.rpm openssl-devel-0.9.8e-12.el5_5.7.s390.rpm openssl-devel-0.9.8e-12.el5_5.7.s390x.rpm openssl-perl-0.9.8e-12.el5_5.7.s390x.rpm x86_64: openssl-0.9.8e-12.el5_5.7.i686.rpm openssl-0.9.8e-12.el5_5.7.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i386.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.i686.rpm openssl-debuginfo-0.9.8e-12.el5_5.7.x86_64.rpm openssl-devel-0.9.8e-12.el5_5.7.i386.rpm openssl-devel-0.9.8e-12.el5_5.7.x86_64.rpm openssl-perl-0.9.8e-12.el5_5.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-7270.html https://www.redhat.com/security/data/cve/CVE-2010-4180.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNBmlFXlSAg2UNWIIRArfgAKC08AtM/DdMUSwNoU5JHYOaPYJvcQCeJhh+ 6B6Gvl5F7ytAH5cKmTS+zxg= =+Ub6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 13 18:48:20 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 13 Dec 2010 13:48:20 -0500 Subject: [RHSA-2010:0979-01] Moderate: openssl security update Message-ID: <201012131848.oBDImK24002402@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2010:0979-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0979.html Issue date: 2010-12-13 CVE Names: CVE-2010-4180 ===================================================================== 1. Summary: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm i386: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm i386: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-perl-1.0.0-4.el6_0.2.i686.rpm openssl-static-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm i386: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm ppc64: openssl-1.0.0-4.el6_0.2.ppc.rpm openssl-1.0.0-4.el6_0.2.ppc64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.ppc.rpm openssl-debuginfo-1.0.0-4.el6_0.2.ppc64.rpm openssl-devel-1.0.0-4.el6_0.2.ppc.rpm openssl-devel-1.0.0-4.el6_0.2.ppc64.rpm s390x: openssl-1.0.0-4.el6_0.2.s390.rpm openssl-1.0.0-4.el6_0.2.s390x.rpm openssl-debuginfo-1.0.0-4.el6_0.2.s390.rpm openssl-debuginfo-1.0.0-4.el6_0.2.s390x.rpm openssl-devel-1.0.0-4.el6_0.2.s390.rpm openssl-devel-1.0.0-4.el6_0.2.s390x.rpm x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm i386: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-perl-1.0.0-4.el6_0.2.i686.rpm openssl-static-1.0.0-4.el6_0.2.i686.rpm ppc64: openssl-debuginfo-1.0.0-4.el6_0.2.ppc64.rpm openssl-perl-1.0.0-4.el6_0.2.ppc64.rpm openssl-static-1.0.0-4.el6_0.2.ppc64.rpm s390x: openssl-debuginfo-1.0.0-4.el6_0.2.s390x.rpm openssl-perl-1.0.0-4.el6_0.2.s390x.rpm openssl-static-1.0.0-4.el6_0.2.s390x.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm i386: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-4.el6_0.2.src.rpm i386: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-perl-1.0.0-4.el6_0.2.i686.rpm openssl-static-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4180.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNBmoxXlSAg2UNWIIRApuhAJ4/rYz+B21DIirwsrbeQPnm8OTmaQCgi2dq B9NstJ1WS7bj6BT6U30llW8= =OuwV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 14 20:06:41 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Dec 2010 15:06:41 -0500 Subject: [RHSA-2010:0981-01] Critical: HelixPlayer removal Message-ID: <201012142006.oBEK6Rns000683@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: HelixPlayer removal Advisory ID: RHSA-2010:0981-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0981.html Issue date: 2010-12-14 CVE Names: CVE-2010-2997 CVE-2010-4375 CVE-2010-4378 CVE-2010-4379 CVE-2010-4382 CVE-2010-4383 CVE-2010-4384 CVE-2010-4385 CVE-2010-4386 CVE-2010-4392 ===================================================================== 1. Summary: Helix Player contains multiple security flaws and should no longer be used. This update removes the HelixPlayer package from Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Description: Helix Player is a media player. Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, lead to arbitrary code execution with the privileges of the user running Helix Player. (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392) The Red Hat Security Response Team is unable to properly determine the impact or fix all of these issues in Helix Player, due to the source code for RealPlayer being unavailable. Due to the security concerns this update removes the HelixPlayer package from Red Hat Enterprise Linux 4. Users wishing to continue to use Helix Player should download it directly from https://player.helixcommunity.org/ 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 662772 - CVE-2010-4384 HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/HelixPlayer-1.0.6-3.el4_8.1.src.rpm i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm ppc: HelixPlayer-uninstall-1.0.6-3.el4_8.1.ppc.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/HelixPlayer-1.0.6-3.el4_8.1.src.rpm i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/HelixPlayer-1.0.6-3.el4_8.1.src.rpm i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/HelixPlayer-1.0.6-3.el4_8.1.src.rpm i386: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm x86_64: HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2997.html https://www.redhat.com/security/data/cve/CVE-2010-4375.html https://www.redhat.com/security/data/cve/CVE-2010-4378.html https://www.redhat.com/security/data/cve/CVE-2010-4379.html https://www.redhat.com/security/data/cve/CVE-2010-4382.html https://www.redhat.com/security/data/cve/CVE-2010-4383.html https://www.redhat.com/security/data/cve/CVE-2010-4384.html https://www.redhat.com/security/data/cve/CVE-2010-4385.html https://www.redhat.com/security/data/cve/CVE-2010-4386.html https://www.redhat.com/security/data/cve/CVE-2010-4392.html https://access.redhat.com/security/updates/classification/#critical https://player.helixcommunity.org/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNB84bXlSAg2UNWIIRAurzAKC/eYDbV4KNsohBAZozNnjRVx/5OgCbBrwD k/QRneR3w4rm8HTzggXxlWQ= =BC1/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 15 23:49:07 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Dec 2010 16:49:07 -0700 Subject: [RHSA-2010:0987-01] Critical: java-1.6.0-ibm security and bug fix update Message-ID: <201012152349.oBFNn7Gq028827@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security and bug fix update Advisory ID: RHSA-2010:0987-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0987.html Issue date: 2010-12-15 CVE Names: CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3553 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3560 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574) This update also fixes the following bugs: * An error in the java-1.6.0-ibm RPM spec file caused an incorrect path to be included in HtmlConverter, preventing it from running. (BZ#659716) * On AMD64 and Intel 64 systems, if only the 64-bit java-1.6.0-ibm packages were installed, IBM Java 6 Web Start was not available as an application that could open JNLP (Java Network Launching Protocol) files. This affected file management and web browser tools. Users had to manually open them with the "/usr/lib/jvm/jre-1.6.0-ibm.x86_64/bin/javaws" command. This update resolves this issue. (BZ#633341) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9 Java release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) 639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) 639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) 639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) 639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) 639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489) 639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) 642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) 642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) 642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) 642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component 642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component 642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component 642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component 642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component 642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component 642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component 642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component 659716 - IBM Java6 file modified 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.i386.rpm ppc: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.ppc.rpm s390: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.s390.rpm s390x: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.s390.rpm java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.3.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.3.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.ppc64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.0-1jpp.4.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.0-1jpp.4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3555.html https://www.redhat.com/security/data/cve/CVE-2010-1321.html https://www.redhat.com/security/data/cve/CVE-2010-3541.html https://www.redhat.com/security/data/cve/CVE-2010-3548.html https://www.redhat.com/security/data/cve/CVE-2010-3549.html https://www.redhat.com/security/data/cve/CVE-2010-3550.html https://www.redhat.com/security/data/cve/CVE-2010-3551.html https://www.redhat.com/security/data/cve/CVE-2010-3553.html https://www.redhat.com/security/data/cve/CVE-2010-3555.html https://www.redhat.com/security/data/cve/CVE-2010-3556.html https://www.redhat.com/security/data/cve/CVE-2010-3557.html https://www.redhat.com/security/data/cve/CVE-2010-3558.html https://www.redhat.com/security/data/cve/CVE-2010-3560.html https://www.redhat.com/security/data/cve/CVE-2010-3562.html https://www.redhat.com/security/data/cve/CVE-2010-3563.html https://www.redhat.com/security/data/cve/CVE-2010-3565.html https://www.redhat.com/security/data/cve/CVE-2010-3566.html https://www.redhat.com/security/data/cve/CVE-2010-3568.html https://www.redhat.com/security/data/cve/CVE-2010-3569.html https://www.redhat.com/security/data/cve/CVE-2010-3571.html https://www.redhat.com/security/data/cve/CVE-2010-3572.html https://www.redhat.com/security/data/cve/CVE-2010-3573.html https://www.redhat.com/security/data/cve/CVE-2010-3574.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ https://access.redhat.com/kb/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNCVPqXlSAg2UNWIIRAgKTAJ9cSVi2SQzdoNKlUPPWp7f8aSBHlgCcCmlC I5DAgIhnxCV2blv9FZW1Tjc= =aPA1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 20 17:56:36 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Dec 2010 12:56:36 -0500 Subject: [RHSA-2010:0998-01] Low: kvm security and bug fix update Message-ID: <201012201755.oBKHtAEF025509@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: kvm security and bug fix update Advisory ID: RHSA-2010:0998-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0998.html Issue date: 2010-12-20 CVE Names: CVE-2010-3881 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that some structure padding and reserved fields in certain data structures in QEMU-KVM were not initialized properly before being copied to user-space. A privileged host user with access to "/dev/kvm" could use this flaw to leak kernel stack memory to user-space. (CVE-2010-3881) Red Hat would like to thank Vasiliy Kulikov for reporting this issue. This update also fixes the following bugs: * The 'kvm_amd' kernel module did not initialize the TSC (Time Stamp Counter) offset in the VMCB (Virtual Machine Control Block) correctly. After a vCPU (virtual CPU) has been created, the TSC offset in the VMCB should have a negative value so that the virtual machine will see TSC values starting at zero. However, the TSC offset was set to zero and therefore the virtual machine saw the same TSC value as the host. With this update, the TSC offset has been updated to show the correct values. (BZ#656984) * Setting the boot settings of a virtual machine to, firstly, boot from PXE and, secondly, to boot from the hard drive would result in a PXE boot loop, that is, the virtual machine would not continue to boot from the hard drive if the PXE boot failed. This was caused by a flaw in the 'bochs-bios' (part of KVM) code. With this update, after a virtual machine tries to boot from PXE and fails, it continues to boot from a hard drive if there is one present. (BZ#659850) * If a 64-bit Red Hat Enterprise Linux 5.5 virtual machine was migrated to another host with a different CPU clock speed, the clock of that virtual machine would consistently lose or gain time (approximately half a second for every second the host is running). On machines that do not use the kvm clock, the network time protocol daemon (ntpd) could correct the time drifts caused by migration. However, using the pvclock caused the time to change consistently. This was due to flaws in the save/load functions of pvclock. With this update, the issue has been fixed and migrating a virtual machine no longer causes time drift. (BZ#660239) All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 649920 - CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory 656984 - TSC offset of virtual machines is not initialized correctly by 'kvm_amd' kernel module. 659850 - If VM boot seq. is set up as nc (PXE then disk) the VM is always stuck on trying to PXE boot 660239 - clock drift when migrating a guest between mis-matched CPU clock speed 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-164.el5_5.30.src.rpm x86_64: kmod-kvm-83-164.el5_5.30.x86_64.rpm kvm-83-164.el5_5.30.x86_64.rpm kvm-debuginfo-83-164.el5_5.30.x86_64.rpm kvm-qemu-img-83-164.el5_5.30.x86_64.rpm kvm-tools-83-164.el5_5.30.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-164.el5_5.30.src.rpm x86_64: kmod-kvm-83-164.el5_5.30.x86_64.rpm kvm-83-164.el5_5.30.x86_64.rpm kvm-debuginfo-83-164.el5_5.30.x86_64.rpm kvm-qemu-img-83-164.el5_5.30.x86_64.rpm kvm-tools-83-164.el5_5.30.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3881.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFND5hNXlSAg2UNWIIRAkf9AJ9c0HaUseSQez9tAXXHDZ9pam3L/QCfQS8s xKcv+5Vj4dsRtKYVb2kna0w= =9ki0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 20 18:00:13 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Dec 2010 13:00:13 -0500 Subject: [RHSA-2010:0999-01] Moderate: libvpx security update Message-ID: <201012201758.oBKHwl4S026729@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvpx security update Advisory ID: RHSA-2010:0999-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0999.html Issue date: 2010-12-20 CVE Names: CVE-2010-4203 ===================================================================== 1. Summary: Updated libvpx packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially-crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx (such as Totem), would cause the application to crash or, potentially, execute arbitrary code. (CVE-2010-4203) All users of libvpx are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libvpx must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 651213 - CVE-2010-4203 libvpx: memory corruption flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvpx-0.9.0-8.el6_0.src.rpm i386: libvpx-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm x86_64: libvpx-0.9.0-8.el6_0.i686.rpm libvpx-0.9.0-8.el6_0.x86_64.rpm libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvpx-0.9.0-8.el6_0.src.rpm i386: libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-devel-0.9.0-8.el6_0.i686.rpm libvpx-utils-0.9.0-8.el6_0.i686.rpm x86_64: libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm libvpx-devel-0.9.0-8.el6_0.i686.rpm libvpx-devel-0.9.0-8.el6_0.x86_64.rpm libvpx-utils-0.9.0-8.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvpx-0.9.0-8.el6_0.src.rpm i386: libvpx-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm ppc64: libvpx-0.9.0-8.el6_0.ppc.rpm libvpx-0.9.0-8.el6_0.ppc64.rpm libvpx-debuginfo-0.9.0-8.el6_0.ppc.rpm libvpx-debuginfo-0.9.0-8.el6_0.ppc64.rpm s390x: libvpx-0.9.0-8.el6_0.s390.rpm libvpx-0.9.0-8.el6_0.s390x.rpm libvpx-debuginfo-0.9.0-8.el6_0.s390.rpm libvpx-debuginfo-0.9.0-8.el6_0.s390x.rpm x86_64: libvpx-0.9.0-8.el6_0.i686.rpm libvpx-0.9.0-8.el6_0.x86_64.rpm libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvpx-0.9.0-8.el6_0.src.rpm i386: libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-devel-0.9.0-8.el6_0.i686.rpm libvpx-utils-0.9.0-8.el6_0.i686.rpm ppc64: libvpx-debuginfo-0.9.0-8.el6_0.ppc.rpm libvpx-debuginfo-0.9.0-8.el6_0.ppc64.rpm libvpx-devel-0.9.0-8.el6_0.ppc.rpm libvpx-devel-0.9.0-8.el6_0.ppc64.rpm libvpx-utils-0.9.0-8.el6_0.ppc64.rpm s390x: libvpx-debuginfo-0.9.0-8.el6_0.s390.rpm libvpx-debuginfo-0.9.0-8.el6_0.s390x.rpm libvpx-devel-0.9.0-8.el6_0.s390.rpm libvpx-devel-0.9.0-8.el6_0.s390x.rpm libvpx-utils-0.9.0-8.el6_0.s390x.rpm x86_64: libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm libvpx-devel-0.9.0-8.el6_0.i686.rpm libvpx-devel-0.9.0-8.el6_0.x86_64.rpm libvpx-utils-0.9.0-8.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvpx-0.9.0-8.el6_0.src.rpm i386: libvpx-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm x86_64: libvpx-0.9.0-8.el6_0.i686.rpm libvpx-0.9.0-8.el6_0.x86_64.rpm libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvpx-0.9.0-8.el6_0.src.rpm i386: libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-devel-0.9.0-8.el6_0.i686.rpm libvpx-utils-0.9.0-8.el6_0.i686.rpm x86_64: libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm libvpx-devel-0.9.0-8.el6_0.i686.rpm libvpx-devel-0.9.0-8.el6_0.x86_64.rpm libvpx-utils-0.9.0-8.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4203.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFND5kZXlSAg2UNWIIRAmNPAKCuFGSy9EX8V+PgpTwfCq0yVfOt3wCeJb0y 8KK+bk7J/bKnzpv1fk0sLXY= =x/9E -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 20 18:46:54 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Dec 2010 13:46:54 -0500 Subject: [RHSA-2010:1000-01] Important: bind security update Message-ID: <201012201845.oBKIjRcJ007836@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2010:1000-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-1000.html Issue date: 2010-12-20 CVE Names: CVE-2010-3613 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached SIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 658974 - CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/bind-9.2.4-30.el4_8.6.src.rpm i386: bind-9.2.4-30.el4_8.6.i386.rpm bind-chroot-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-devel-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-utils-9.2.4-30.el4_8.6.i386.rpm ia64: bind-9.2.4-30.el4_8.6.ia64.rpm bind-chroot-9.2.4-30.el4_8.6.ia64.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.ia64.rpm bind-devel-9.2.4-30.el4_8.6.ia64.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.ia64.rpm bind-utils-9.2.4-30.el4_8.6.ia64.rpm ppc: bind-9.2.4-30.el4_8.6.ppc.rpm bind-chroot-9.2.4-30.el4_8.6.ppc.rpm bind-debuginfo-9.2.4-30.el4_8.6.ppc.rpm bind-debuginfo-9.2.4-30.el4_8.6.ppc64.rpm bind-devel-9.2.4-30.el4_8.6.ppc.rpm bind-libs-9.2.4-30.el4_8.6.ppc.rpm bind-libs-9.2.4-30.el4_8.6.ppc64.rpm bind-utils-9.2.4-30.el4_8.6.ppc.rpm s390: bind-9.2.4-30.el4_8.6.s390.rpm bind-chroot-9.2.4-30.el4_8.6.s390.rpm bind-debuginfo-9.2.4-30.el4_8.6.s390.rpm bind-devel-9.2.4-30.el4_8.6.s390.rpm bind-libs-9.2.4-30.el4_8.6.s390.rpm bind-utils-9.2.4-30.el4_8.6.s390.rpm s390x: bind-9.2.4-30.el4_8.6.s390x.rpm bind-chroot-9.2.4-30.el4_8.6.s390x.rpm bind-debuginfo-9.2.4-30.el4_8.6.s390.rpm bind-debuginfo-9.2.4-30.el4_8.6.s390x.rpm bind-devel-9.2.4-30.el4_8.6.s390x.rpm bind-libs-9.2.4-30.el4_8.6.s390.rpm bind-libs-9.2.4-30.el4_8.6.s390x.rpm bind-utils-9.2.4-30.el4_8.6.s390x.rpm x86_64: bind-9.2.4-30.el4_8.6.x86_64.rpm bind-chroot-9.2.4-30.el4_8.6.x86_64.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.x86_64.rpm bind-devel-9.2.4-30.el4_8.6.x86_64.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.x86_64.rpm bind-utils-9.2.4-30.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/bind-9.2.4-30.el4_8.6.src.rpm i386: bind-9.2.4-30.el4_8.6.i386.rpm bind-chroot-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-devel-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-utils-9.2.4-30.el4_8.6.i386.rpm x86_64: bind-9.2.4-30.el4_8.6.x86_64.rpm bind-chroot-9.2.4-30.el4_8.6.x86_64.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.x86_64.rpm bind-devel-9.2.4-30.el4_8.6.x86_64.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.x86_64.rpm bind-utils-9.2.4-30.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/bind-9.2.4-30.el4_8.6.src.rpm i386: bind-9.2.4-30.el4_8.6.i386.rpm bind-chroot-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-devel-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-utils-9.2.4-30.el4_8.6.i386.rpm ia64: bind-9.2.4-30.el4_8.6.ia64.rpm bind-chroot-9.2.4-30.el4_8.6.ia64.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.ia64.rpm bind-devel-9.2.4-30.el4_8.6.ia64.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.ia64.rpm bind-utils-9.2.4-30.el4_8.6.ia64.rpm x86_64: bind-9.2.4-30.el4_8.6.x86_64.rpm bind-chroot-9.2.4-30.el4_8.6.x86_64.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.x86_64.rpm bind-devel-9.2.4-30.el4_8.6.x86_64.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.x86_64.rpm bind-utils-9.2.4-30.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/bind-9.2.4-30.el4_8.6.src.rpm i386: bind-9.2.4-30.el4_8.6.i386.rpm bind-chroot-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-devel-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-utils-9.2.4-30.el4_8.6.i386.rpm ia64: bind-9.2.4-30.el4_8.6.ia64.rpm bind-chroot-9.2.4-30.el4_8.6.ia64.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.ia64.rpm bind-devel-9.2.4-30.el4_8.6.ia64.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.ia64.rpm bind-utils-9.2.4-30.el4_8.6.ia64.rpm x86_64: bind-9.2.4-30.el4_8.6.x86_64.rpm bind-chroot-9.2.4-30.el4_8.6.x86_64.rpm bind-debuginfo-9.2.4-30.el4_8.6.i386.rpm bind-debuginfo-9.2.4-30.el4_8.6.x86_64.rpm bind-devel-9.2.4-30.el4_8.6.x86_64.rpm bind-libs-9.2.4-30.el4_8.6.i386.rpm bind-libs-9.2.4-30.el4_8.6.x86_64.rpm bind-utils-9.2.4-30.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3613.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFND6QZXlSAg2UNWIIRAlLbAKCrrrA5+DFzPb2zZWvWSmpnWO8VdgCaAqo1 adXvxxAZ0GKzsSciQtVbpCo= =g0Cg -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 21 17:58:39 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Dec 2010 12:58:39 -0500 Subject: [RHSA-2010:1002-01] Moderate: mod_auth_mysql security update Message-ID: <201012211757.oBLHv18M014683@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mod_auth_mysql security update Advisory ID: RHSA-2010:1002-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-1002.html Issue date: 2010-12-21 CVE Names: CVE-2008-2384 ===================================================================== 1. Summary: An updated mod_auth_mysql package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The mod_auth_mysql package includes an extension module for the Apache HTTP Server, which can be used to implement web user authentication against a MySQL database. A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash ("\") as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384) Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw. All mod_auth_mysql users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 480238 - CVE-2008-2384 mod_auth_mysql: character encoding SQL injection flaw 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mod_auth_mysql-3.0.0-11.el6_0.1.src.rpm i386: mod_auth_mysql-3.0.0-11.el6_0.1.i686.rpm mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.i686.rpm ppc64: mod_auth_mysql-3.0.0-11.el6_0.1.ppc64.rpm mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.ppc64.rpm s390x: mod_auth_mysql-3.0.0-11.el6_0.1.s390x.rpm mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.s390x.rpm x86_64: mod_auth_mysql-3.0.0-11.el6_0.1.x86_64.rpm mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mod_auth_mysql-3.0.0-11.el6_0.1.src.rpm i386: mod_auth_mysql-3.0.0-11.el6_0.1.i686.rpm mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.i686.rpm x86_64: mod_auth_mysql-3.0.0-11.el6_0.1.x86_64.rpm mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-2384.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNEOo5XlSAg2UNWIIRApLDAJ9hqHY4jbq23XLUp7aLTwM2yXfgywCaA4lc NZFe3V8rxbmhePAYOSKj2cY= =ROFf -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 21 18:02:29 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Dec 2010 13:02:29 -0500 Subject: [RHSA-2010:1003-01] Moderate: git security update Message-ID: <201012211800.oBLI0oLm026528@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: git security update Advisory ID: RHSA-2010:1003-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-1003.html Issue date: 2010-12-21 CVE Names: CVE-2010-3906 ===================================================================== 1. Summary: Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Git is a fast, scalable, distributed revision control system. A cross-site scripting (XSS) flaw was found in gitweb, a simple web interface for Git repositories. A remote attacker could perform an XSS attack against victims by tricking them into visiting a specially-crafted gitweb URL. (CVE-2010-3906) All gitweb users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 663609 - CVE-2010-3906 Git (gitweb): XSS due to missing escaping of HTML element attributes 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/git-1.7.1-2.el6_0.1.src.rpm i386: git-1.7.1-2.el6_0.1.i686.rpm git-daemon-1.7.1-2.el6_0.1.i686.rpm git-debuginfo-1.7.1-2.el6_0.1.i686.rpm noarch: emacs-git-1.7.1-2.el6_0.1.noarch.rpm emacs-git-el-1.7.1-2.el6_0.1.noarch.rpm git-all-1.7.1-2.el6_0.1.noarch.rpm git-cvs-1.7.1-2.el6_0.1.noarch.rpm git-email-1.7.1-2.el6_0.1.noarch.rpm git-gui-1.7.1-2.el6_0.1.noarch.rpm git-svn-1.7.1-2.el6_0.1.noarch.rpm gitk-1.7.1-2.el6_0.1.noarch.rpm gitweb-1.7.1-2.el6_0.1.noarch.rpm perl-Git-1.7.1-2.el6_0.1.noarch.rpm x86_64: git-1.7.1-2.el6_0.1.x86_64.rpm git-daemon-1.7.1-2.el6_0.1.x86_64.rpm git-debuginfo-1.7.1-2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/git-1.7.1-2.el6_0.1.src.rpm noarch: emacs-git-1.7.1-2.el6_0.1.noarch.rpm emacs-git-el-1.7.1-2.el6_0.1.noarch.rpm git-all-1.7.1-2.el6_0.1.noarch.rpm git-cvs-1.7.1-2.el6_0.1.noarch.rpm git-email-1.7.1-2.el6_0.1.noarch.rpm git-gui-1.7.1-2.el6_0.1.noarch.rpm git-svn-1.7.1-2.el6_0.1.noarch.rpm gitk-1.7.1-2.el6_0.1.noarch.rpm gitweb-1.7.1-2.el6_0.1.noarch.rpm perl-Git-1.7.1-2.el6_0.1.noarch.rpm x86_64: git-1.7.1-2.el6_0.1.x86_64.rpm git-daemon-1.7.1-2.el6_0.1.x86_64.rpm git-debuginfo-1.7.1-2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/git-1.7.1-2.el6_0.1.src.rpm i386: git-1.7.1-2.el6_0.1.i686.rpm git-debuginfo-1.7.1-2.el6_0.1.i686.rpm noarch: perl-Git-1.7.1-2.el6_0.1.noarch.rpm ppc64: git-1.7.1-2.el6_0.1.ppc64.rpm git-debuginfo-1.7.1-2.el6_0.1.ppc64.rpm s390x: git-1.7.1-2.el6_0.1.s390x.rpm git-debuginfo-1.7.1-2.el6_0.1.s390x.rpm x86_64: git-1.7.1-2.el6_0.1.x86_64.rpm git-debuginfo-1.7.1-2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/git-1.7.1-2.el6_0.1.src.rpm i386: git-daemon-1.7.1-2.el6_0.1.i686.rpm git-debuginfo-1.7.1-2.el6_0.1.i686.rpm noarch: emacs-git-1.7.1-2.el6_0.1.noarch.rpm emacs-git-el-1.7.1-2.el6_0.1.noarch.rpm git-all-1.7.1-2.el6_0.1.noarch.rpm git-cvs-1.7.1-2.el6_0.1.noarch.rpm git-email-1.7.1-2.el6_0.1.noarch.rpm git-gui-1.7.1-2.el6_0.1.noarch.rpm git-svn-1.7.1-2.el6_0.1.noarch.rpm gitk-1.7.1-2.el6_0.1.noarch.rpm gitweb-1.7.1-2.el6_0.1.noarch.rpm ppc64: git-daemon-1.7.1-2.el6_0.1.ppc64.rpm git-debuginfo-1.7.1-2.el6_0.1.ppc64.rpm s390x: git-daemon-1.7.1-2.el6_0.1.s390x.rpm git-debuginfo-1.7.1-2.el6_0.1.s390x.rpm x86_64: git-daemon-1.7.1-2.el6_0.1.x86_64.rpm git-debuginfo-1.7.1-2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/git-1.7.1-2.el6_0.1.src.rpm i386: git-1.7.1-2.el6_0.1.i686.rpm git-debuginfo-1.7.1-2.el6_0.1.i686.rpm noarch: perl-Git-1.7.1-2.el6_0.1.noarch.rpm x86_64: git-1.7.1-2.el6_0.1.x86_64.rpm git-debuginfo-1.7.1-2.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/git-1.7.1-2.el6_0.1.src.rpm i386: git-daemon-1.7.1-2.el6_0.1.i686.rpm git-debuginfo-1.7.1-2.el6_0.1.i686.rpm noarch: emacs-git-1.7.1-2.el6_0.1.noarch.rpm emacs-git-el-1.7.1-2.el6_0.1.noarch.rpm git-all-1.7.1-2.el6_0.1.noarch.rpm git-cvs-1.7.1-2.el6_0.1.noarch.rpm git-email-1.7.1-2.el6_0.1.noarch.rpm git-gui-1.7.1-2.el6_0.1.noarch.rpm git-svn-1.7.1-2.el6_0.1.noarch.rpm gitk-1.7.1-2.el6_0.1.noarch.rpm gitweb-1.7.1-2.el6_0.1.noarch.rpm x86_64: git-daemon-1.7.1-2.el6_0.1.x86_64.rpm git-debuginfo-1.7.1-2.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3906.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNEOr8XlSAg2UNWIIRAi+vAKCVSgOgK/zmmiuAF6LCDDmMEIk8nQCfVxEJ 4jmEhsuBmjPswEUbiRAv0jc= =hc/X -----END PGP SIGNATURE-----