From bugzilla at redhat.com Thu Jul 1 19:07:14 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Jul 2010 15:07:14 -0400 Subject: [RHSA-2010:0504-01] Important: kernel security and bug fix update Message-ID: <201007011907.o61J7FPe016256@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0504-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0504.html Issue date: 2010-07-01 CVE Names: CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1088 CVE-2010-1173 CVE-2010-1187 CVE-2010-1436 CVE-2010-1437 CVE-2010-1641 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * multiple flaws were found in the mmap and mremap implementations. A local user could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2010-0291, Important) * a NULL pointer dereference flaw was found in the Fast Userspace Mutexes (futexes) implementation. The unlock code path did not check if the futex value associated with pi_state->owner had been modified. A local user could use this flaw to modify the futex value, possibly leading to a denial of service or privilege escalation when the pi_state->owner pointer is dereferenced. (CVE-2010-0622, Important) * a NULL pointer dereference flaw was found in the Linux kernel Network File System (NFS) implementation. A local user on a system that has an NFS-mounted file system could use this flaw to cause a denial of service or escalate their privileges on that system. (CVE-2010-1087, Important) * a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important) * a flaw was found in the Linux kernel Transparent Inter-Process Communication protocol (TIPC) implementation. If a client application, on a local system where the tipc module is not yet in network mode, attempted to send a message to a remote TIPC node, it would dereference a NULL pointer on the local system, causing a kernel panic (denial of service). (CVE-2010-1187, Important) * a buffer overflow flaw was found in the Linux kernel Global File System 2 (GFS2) implementation. In certain cases, a quota could be written past the end of a memory page, causing memory corruption, leaving the quota stored on disk in an invalid state. A user with write access to a GFS2 file system could trigger this flaw to cause a kernel crash (denial of service) or escalate their privileges on the GFS2 server. This issue can only be triggered if the GFS2 file system is mounted with the "quota=on" or "quota=account" mount option. (CVE-2010-1436, Important) * a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important) * a flaw was found in the link_path_walk() function in the Linux kernel. Using the file descriptor returned by the open() function with the O_NOFOLLOW flag on a subordinate NFS-mounted file system, could result in a NULL pointer dereference, causing a denial of service or privilege escalation. (CVE-2010-1088, Moderate) * a missing permission check was found in the gfs2_set_flags() function in the Linux kernel GFS2 implementation. A local user could use this flaw to change certain file attributes of files, on a GFS2 file system, that they do not own. (CVE-2010-1641, Low) Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173; Mario Mikocevic for responsibly reporting CVE-2010-1436; and Dan Rosenberg for responsibly reporting CVE-2010-1641. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from http://www.redhat.com/docs/en-US/errata/RHSA-2010-0504/Kernel_Security_Upda te/index.html Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 556703 - CVE-2010-0291 kernel: untangle the do_mremap() 563091 - CVE-2010-0622 kernel: futex: Handle user space corruption gracefully 567184 - CVE-2010-1087 kernel: NFS: Fix an Oops when truncating a file 567813 - CVE-2010-1088 kernel: fix LOOKUP_FOLLOW on automount "symlinks" 578057 - CVE-2010-1187 kernel: tipc: Fix oops on send prior to entering networked mode 584645 - CVE-2010-1173 kernel: sctp: crash due to malformed SCTPChunkInit packet 585094 - CVE-2010-1437 kernel: keyrings: find_keyring_by_name() can gain the freed keyring 586006 - CVE-2010-1436 kernel: gfs2 buffer overflow 587957 - Linux VM hangs while hot adding memory in VMware [rhel-5.5.z] 588219 - 25% performance regression of concurrent O_DIRECT writes. [rhel-5.5.z] 591493 - [Intel 5.6 Bug] Fix initialization of wakeup flags for e1000 [rhel-5.5.z] 591611 - virtio balloon should not use pages from kernel's reserve pools for fill requests [rhel-5.5.z] 592844 - RHEL5: tg3: 'SIOCSIFFLAGS: Invalid argument' setting IP [rhel-5.5.z] 592846 - missing power_meter release() function [rhel-5.5.z] 594054 - [5.5] SFQ qdisc crashes with limit of 2 packets [rhel-5.5.z] 594057 - [RHEL5] bonding mode 0 doesn't resend IGMP after a failure [rhel-5.5.z] 594061 - nfs: sys_read sometimes returns -EIO [rhel-5.5.z] 595579 - CVE-2010-1641 kernel: GFS2: The setflags ioctl() doesn't check file ownership 596384 - VFS: Busy inodes after unmount issue. [rhel-5.5.z] 596385 - implement dev_disable_lro for RHEL5 [rhel-5.5.z] 598355 - [5.5] SCTP: Check if the file structure is valid before checking the non-blocking flag [rhel-5.5.z] 599332 - e1000 and e1000e driver behaviour differences [rhel-5.5.z] 599730 - fasync_helper patch causing problems with GPFS [rhel-5.5.z] 599734 - should set ISVM bit (ECX:31) for CPUID leaf 0x00000001 [rhel-5.5.z] 599737 - vm.drop_caches corrupts hugepages and causes Oracle Database ORA-600 crashes [rhel-5.5.z] 599739 - PG_error bit is never cleared, even when a fresh I/O to the page succeeds [rhel-5.5.z] 600215 - [RHEL5] Netfilter modules unloading hangs [rhel-5.5.z] 600498 - netconsole fails with tg3 [rhel-5.5.z] 601080 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour [rhel-5.5.z] 601090 - time drift due to incorrect accounting of lost ticks with VXTIME_PMTMR mode and VXTIME_TSC mode if 'tick_divider' > 1 [rhel-5.5.z] 607087 - bnx2x panic dumps with multiple interfaces enabled [rhel-5.5.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.8.1.el5.src.rpm i386: kernel-2.6.18-194.8.1.el5.i686.rpm kernel-PAE-2.6.18-194.8.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.8.1.el5.i686.rpm kernel-debug-2.6.18-194.8.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.8.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.8.1.el5.i686.rpm kernel-devel-2.6.18-194.8.1.el5.i686.rpm kernel-headers-2.6.18-194.8.1.el5.i386.rpm kernel-xen-2.6.18-194.8.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.8.1.el5.i686.rpm noarch: kernel-doc-2.6.18-194.8.1.el5.noarch.rpm x86_64: kernel-2.6.18-194.8.1.el5.x86_64.rpm kernel-debug-2.6.18-194.8.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.8.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.8.1.el5.x86_64.rpm kernel-devel-2.6.18-194.8.1.el5.x86_64.rpm kernel-headers-2.6.18-194.8.1.el5.x86_64.rpm kernel-xen-2.6.18-194.8.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.8.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.8.1.el5.src.rpm i386: kernel-2.6.18-194.8.1.el5.i686.rpm kernel-PAE-2.6.18-194.8.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.8.1.el5.i686.rpm kernel-debug-2.6.18-194.8.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.8.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.8.1.el5.i686.rpm kernel-devel-2.6.18-194.8.1.el5.i686.rpm kernel-headers-2.6.18-194.8.1.el5.i386.rpm kernel-xen-2.6.18-194.8.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.8.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.8.1.el5.i686.rpm ia64: kernel-2.6.18-194.8.1.el5.ia64.rpm kernel-debug-2.6.18-194.8.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-194.8.1.el5.ia64.rpm kernel-debug-devel-2.6.18-194.8.1.el5.ia64.rpm kernel-debuginfo-2.6.18-194.8.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-194.8.1.el5.ia64.rpm kernel-devel-2.6.18-194.8.1.el5.ia64.rpm kernel-headers-2.6.18-194.8.1.el5.ia64.rpm kernel-xen-2.6.18-194.8.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-194.8.1.el5.ia64.rpm kernel-xen-devel-2.6.18-194.8.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-194.8.1.el5.noarch.rpm ppc: kernel-2.6.18-194.8.1.el5.ppc64.rpm kernel-debug-2.6.18-194.8.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-194.8.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-194.8.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-194.8.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-194.8.1.el5.ppc64.rpm kernel-devel-2.6.18-194.8.1.el5.ppc64.rpm kernel-headers-2.6.18-194.8.1.el5.ppc.rpm kernel-headers-2.6.18-194.8.1.el5.ppc64.rpm kernel-kdump-2.6.18-194.8.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-194.8.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-194.8.1.el5.ppc64.rpm s390x: kernel-2.6.18-194.8.1.el5.s390x.rpm kernel-debug-2.6.18-194.8.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-194.8.1.el5.s390x.rpm kernel-debug-devel-2.6.18-194.8.1.el5.s390x.rpm kernel-debuginfo-2.6.18-194.8.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-194.8.1.el5.s390x.rpm kernel-devel-2.6.18-194.8.1.el5.s390x.rpm kernel-headers-2.6.18-194.8.1.el5.s390x.rpm kernel-kdump-2.6.18-194.8.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-194.8.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-194.8.1.el5.s390x.rpm x86_64: kernel-2.6.18-194.8.1.el5.x86_64.rpm kernel-debug-2.6.18-194.8.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.8.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.8.1.el5.x86_64.rpm kernel-devel-2.6.18-194.8.1.el5.x86_64.rpm kernel-headers-2.6.18-194.8.1.el5.x86_64.rpm kernel-xen-2.6.18-194.8.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.8.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0291.html https://www.redhat.com/security/data/cve/CVE-2010-0622.html https://www.redhat.com/security/data/cve/CVE-2010-1087.html https://www.redhat.com/security/data/cve/CVE-2010-1088.html https://www.redhat.com/security/data/cve/CVE-2010-1173.html https://www.redhat.com/security/data/cve/CVE-2010-1187.html https://www.redhat.com/security/data/cve/CVE-2010-1436.html https://www.redhat.com/security/data/cve/CVE-2010-1437.html https://www.redhat.com/security/data/cve/CVE-2010-1641.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-31052 http://www.redhat.com/docs/en-US/errata/RHSA-2010-0504/Kernel_Security_Update/index.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMLOcCXlSAg2UNWIIRAmAmAKCK/RPQqtlSMJJP3EkWxWmFRRYFiACgwcwT 6t0JPOft9iIbyleaOxbICJs= =wng5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 1 19:07:55 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Jul 2010 15:07:55 -0400 Subject: [RHSA-2010:0505-01] Moderate: perl-Archive-Tar security update Message-ID: <201007011907.o61J7t8B029204@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl-Archive-Tar security update Advisory ID: RHSA-2010:0505-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0505.html Issue date: 2010-07-01 CVE Names: CVE-2007-4829 ===================================================================== 1. Summary: An updated perl-Archive-Tar package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch 3. Description: The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an arbitrary file writable by the user running the script. (CVE-2007-4829) This package upgrades the Archive::Tar module to version 1.39_01. Refer to the Archive::Tar module's changes file, linked to in the References, for a full list of changes. Users of perl-Archive-Tar are advised to upgrade to this updated package, which corrects these issues. All applications using the Archive::Tar module must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 295021 - CVE-2007-4829 perl-Archive-Tar directory traversal flaws 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm noarch: perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm noarch: perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm noarch: perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-Archive-Tar-1.39.1-1.el4_8.1.src.rpm noarch: perl-Archive-Tar-1.39.1-1.el4_8.1.noarch.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm noarch: perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/perl-Archive-Tar-1.39.1-1.el5_5.1.src.rpm noarch: perl-Archive-Tar-1.39.1-1.el5_5.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-4829.html http://www.redhat.com/security/updates/classification/#moderate http://cpansearch.perl.org/src/KANE/Archive-Tar-1.39_01/CHANGES 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMLOdwXlSAg2UNWIIRAloSAJ4hQznhaWrK8w/1MrMCdwMFndc/jQCfYhRz qWeLitHY/gMNDa9MmOV5CQs= =QOKv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 8 15:48:26 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Jul 2010 09:48:26 -0600 Subject: [RHSA-2010:0518-01] Important: scsi-target-utils security update Message-ID: <201007081548.o68FmRpw021071@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: scsi-target-utils security update Advisory ID: RHSA-2010:0518-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0518.html Issue date: 2010-07-08 CVE Names: CVE-2010-2221 ===================================================================== 1. Summary: An updated scsi-target-utils package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Cluster-Storage (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. Multiple buffer overflow flaws were found in scsi-target-utils' tgtd daemon. A remote attacker could trigger these flaws by sending a carefully-crafted Internet Storage Name Service (iSNS) request, causing the tgtd daemon to crash. (CVE-2010-2221) Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct these issues. All running scsi-target-utils services must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 593877 - CVE-2010-2221 scsi-target-utils: stack buffer overflow vulnerability 6. Package List: RHEL Cluster-Storage (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/scsi-target-utils-0.0-6.20091205snap.el5_5.3.src.rpm i386: scsi-target-utils-0.0-6.20091205snap.el5_5.3.i386.rpm scsi-target-utils-debuginfo-0.0-6.20091205snap.el5_5.3.i386.rpm ia64: scsi-target-utils-0.0-6.20091205snap.el5_5.3.ia64.rpm scsi-target-utils-debuginfo-0.0-6.20091205snap.el5_5.3.ia64.rpm ppc: scsi-target-utils-0.0-6.20091205snap.el5_5.3.ppc.rpm scsi-target-utils-debuginfo-0.0-6.20091205snap.el5_5.3.ppc.rpm x86_64: scsi-target-utils-0.0-6.20091205snap.el5_5.3.x86_64.rpm scsi-target-utils-debuginfo-0.0-6.20091205snap.el5_5.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2221.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMNfM9XlSAg2UNWIIRAkdoAJ4jofX1Rz7DQvvbtBwz+Q3qs/5/uACgjYtF Dco4MBmubo5Cm0s8jO5FX3I= =nH43 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 8 15:49:20 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Jul 2010 09:49:20 -0600 Subject: [RHSA-2010:0519-01] Important: libtiff security update Message-ID: <201007081549.o68FnKlX006160@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2010:0519-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0519.html Issue date: 2010-07-08 CVE Names: CVE-2010-1411 CVE-2010-2481 CVE-2010-2483 CVE-2010-2595 CVE-2010-2597 ===================================================================== 1. Summary: Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple integer overflow flaws, leading to a buffer overflow, were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2010-1411) Multiple input validation flaws were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash. (CVE-2010-2481, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597) Red Hat would like to thank Apple Product Security for responsibly reporting the CVE-2010-1411 flaw, who credit Kevin Finisterre of digitalmunition.com for the discovery of the issue. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 592361 - CVE-2010-1411 libtiff: integer overflows leading to heap overflow in Fax3SetupState 610684 - CVE-2010-2595 libtiff: Array index error due improper handling of invalid ReferenceBlackWhite values 610776 - CVE-2010-2597 libtiff: use of uninitialized values crash 611895 - CVE-2010-2481 libtiff: TIFFExtractData out-of-bounds read crash 611900 - CVE-2010-2483 libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtiff-3.6.1-12.el4_8.5.src.rpm i386: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-devel-3.6.1-12.el4_8.5.i386.rpm ia64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.ia64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.ia64.rpm libtiff-devel-3.6.1-12.el4_8.5.ia64.rpm ppc: libtiff-3.6.1-12.el4_8.5.ppc.rpm libtiff-3.6.1-12.el4_8.5.ppc64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.ppc.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.ppc64.rpm libtiff-devel-3.6.1-12.el4_8.5.ppc.rpm s390: libtiff-3.6.1-12.el4_8.5.s390.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.s390.rpm libtiff-devel-3.6.1-12.el4_8.5.s390.rpm s390x: libtiff-3.6.1-12.el4_8.5.s390.rpm libtiff-3.6.1-12.el4_8.5.s390x.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.s390.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.s390x.rpm libtiff-devel-3.6.1-12.el4_8.5.s390x.rpm x86_64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.x86_64.rpm libtiff-devel-3.6.1-12.el4_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtiff-3.6.1-12.el4_8.5.src.rpm i386: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-devel-3.6.1-12.el4_8.5.i386.rpm x86_64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.x86_64.rpm libtiff-devel-3.6.1-12.el4_8.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtiff-3.6.1-12.el4_8.5.src.rpm i386: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-devel-3.6.1-12.el4_8.5.i386.rpm ia64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.ia64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.ia64.rpm libtiff-devel-3.6.1-12.el4_8.5.ia64.rpm x86_64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.x86_64.rpm libtiff-devel-3.6.1-12.el4_8.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtiff-3.6.1-12.el4_8.5.src.rpm i386: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-devel-3.6.1-12.el4_8.5.i386.rpm ia64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.ia64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.ia64.rpm libtiff-devel-3.6.1-12.el4_8.5.ia64.rpm x86_64: libtiff-3.6.1-12.el4_8.5.i386.rpm libtiff-3.6.1-12.el4_8.5.x86_64.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.i386.rpm libtiff-debuginfo-3.6.1-12.el4_8.5.x86_64.rpm libtiff-devel-3.6.1-12.el4_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_5.5.src.rpm i386: libtiff-3.8.2-7.el5_5.5.i386.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.i386.rpm libtiff-devel-3.8.2-7.el5_5.5.i386.rpm x86_64: libtiff-3.8.2-7.el5_5.5.i386.rpm libtiff-3.8.2-7.el5_5.5.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.i386.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_5.5.src.rpm i386: libtiff-debuginfo-3.8.2-7.el5_5.5.i386.rpm libtiff-devel-3.8.2-7.el5_5.5.i386.rpm x86_64: libtiff-debuginfo-3.8.2-7.el5_5.5.i386.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.x86_64.rpm libtiff-devel-3.8.2-7.el5_5.5.i386.rpm libtiff-devel-3.8.2-7.el5_5.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtiff-3.8.2-7.el5_5.5.src.rpm i386: libtiff-3.8.2-7.el5_5.5.i386.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.i386.rpm libtiff-devel-3.8.2-7.el5_5.5.i386.rpm ia64: libtiff-3.8.2-7.el5_5.5.i386.rpm libtiff-3.8.2-7.el5_5.5.ia64.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.i386.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.ia64.rpm libtiff-devel-3.8.2-7.el5_5.5.ia64.rpm ppc: libtiff-3.8.2-7.el5_5.5.ppc.rpm libtiff-3.8.2-7.el5_5.5.ppc64.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.ppc.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.ppc64.rpm libtiff-devel-3.8.2-7.el5_5.5.ppc.rpm libtiff-devel-3.8.2-7.el5_5.5.ppc64.rpm s390x: libtiff-3.8.2-7.el5_5.5.s390.rpm libtiff-3.8.2-7.el5_5.5.s390x.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.s390.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.s390x.rpm libtiff-devel-3.8.2-7.el5_5.5.s390.rpm libtiff-devel-3.8.2-7.el5_5.5.s390x.rpm x86_64: libtiff-3.8.2-7.el5_5.5.i386.rpm libtiff-3.8.2-7.el5_5.5.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.i386.rpm libtiff-debuginfo-3.8.2-7.el5_5.5.x86_64.rpm libtiff-devel-3.8.2-7.el5_5.5.i386.rpm libtiff-devel-3.8.2-7.el5_5.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1411.html https://www.redhat.com/security/data/cve/CVE-2010-2481.html https://www.redhat.com/security/data/cve/CVE-2010-2483.html https://www.redhat.com/security/data/cve/CVE-2010-2595.html https://www.redhat.com/security/data/cve/CVE-2010-2597.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFMNfNeXlSAg2UNWIIRApr1AJihDqm4RxqCI48Wh/pXTOEjG399AJ4tiXh+ X91x7Wfity1uQHJSxXqwRw== =opog -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 8 15:49:53 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Jul 2010 09:49:53 -0600 Subject: [RHSA-2010:0520-01] Important: libtiff security update Message-ID: <201007081549.o68FnrlF007984@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2010:0520-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0520.html Issue date: 2010-07-08 CVE Names: CVE-2010-1411 CVE-2010-2598 ===================================================================== 1. Summary: Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple integer overflow flaws, leading to a buffer overflow, were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2010-1411) An input validation flaw was discovered in libtiff. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash. (CVE-2010-2598) Red Hat would like to thank Apple Product Security for responsibly reporting the CVE-2010-1411 flaw, who credit Kevin Finisterre of digitalmunition.com for the discovery of the issue. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 592361 - CVE-2010-1411 libtiff: integer overflows leading to heap overflow in Fax3SetupState 610786 - CVE-2010-2598 libtiff: crash when reading image with not configured compression 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm i386: libtiff-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-devel-3.5.7-34.el3.i386.rpm ia64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.ia64.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.ia64.rpm libtiff-devel-3.5.7-34.el3.ia64.rpm ppc: libtiff-3.5.7-34.el3.ppc.rpm libtiff-3.5.7-34.el3.ppc64.rpm libtiff-debuginfo-3.5.7-34.el3.ppc.rpm libtiff-debuginfo-3.5.7-34.el3.ppc64.rpm libtiff-devel-3.5.7-34.el3.ppc.rpm s390: libtiff-3.5.7-34.el3.s390.rpm libtiff-debuginfo-3.5.7-34.el3.s390.rpm libtiff-devel-3.5.7-34.el3.s390.rpm s390x: libtiff-3.5.7-34.el3.s390.rpm libtiff-3.5.7-34.el3.s390x.rpm libtiff-debuginfo-3.5.7-34.el3.s390.rpm libtiff-debuginfo-3.5.7-34.el3.s390x.rpm libtiff-devel-3.5.7-34.el3.s390x.rpm x86_64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.x86_64.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm libtiff-devel-3.5.7-34.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm i386: libtiff-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-devel-3.5.7-34.el3.i386.rpm x86_64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.x86_64.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm libtiff-devel-3.5.7-34.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm i386: libtiff-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-devel-3.5.7-34.el3.i386.rpm ia64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.ia64.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.ia64.rpm libtiff-devel-3.5.7-34.el3.ia64.rpm x86_64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.x86_64.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm libtiff-devel-3.5.7-34.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-34.el3.src.rpm i386: libtiff-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-devel-3.5.7-34.el3.i386.rpm ia64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.ia64.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.ia64.rpm libtiff-devel-3.5.7-34.el3.ia64.rpm x86_64: libtiff-3.5.7-34.el3.i386.rpm libtiff-3.5.7-34.el3.x86_64.rpm libtiff-debuginfo-3.5.7-34.el3.i386.rpm libtiff-debuginfo-3.5.7-34.el3.x86_64.rpm libtiff-devel-3.5.7-34.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1411.html https://www.redhat.com/security/data/cve/CVE-2010-2598.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMNfOPXlSAg2UNWIIRAurJAJkB8wmjd26wEaNzyP/VrsZm5JRu4ACdGLLi Mq1vv6XR9uZXwmk9oGLmaUU= =wfMT -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 8 20:02:54 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Jul 2010 14:02:54 -0600 Subject: [RHSA-2010:0521-01] Moderate: gfs-kmod security update Message-ID: <201007082002.o68K2sCR018528@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gfs-kmod security update Advisory ID: RHSA-2010:0521-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0521.html Issue date: 2010-07-08 CVE Names: CVE-2010-0727 ===================================================================== 1. Summary: Updated gfs-kmod packages that fix one security issue are now available for Red Hat Enterprise Linux 5.4 Extended Update Support, kernel release 2.6.18-164.19.1.el5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Cluster-Storage (v. 5.4.Z server) - i386, ia64, ppc, x86_64 3. Description: The gfs-kmod packages contain modules that provide the ability to mount and use GFS file systems. A flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727) These updated gfs-kmod packages are in sync with the latest kernel (2.6.18-164.19.1.el5). The modules in earlier gfs-kmod packages failed to load because they did not match the running kernel. It was possible to force-load the modules. With this update, however, users no longer need to. Users are advised to upgrade to these latest gfs-kmod packages, updated for use with the 2.6.18-164.19.1.el5 kernel, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos 6. Package List: RHEL Cluster-Storage (v. 5.4.Z server): Source: gfs-kmod-0.1.34-2.el5_4.3.src.rpm i386: gfs-kmod-debuginfo-0.1.34-2.el5_4.3.i686.rpm kmod-gfs-0.1.34-2.el5_4.3.i686.rpm kmod-gfs-PAE-0.1.34-2.el5_4.3.i686.rpm kmod-gfs-xen-0.1.34-2.el5_4.3.i686.rpm ia64: gfs-kmod-debuginfo-0.1.34-2.el5_4.3.ia64.rpm kmod-gfs-0.1.34-2.el5_4.3.ia64.rpm kmod-gfs-xen-0.1.34-2.el5_4.3.ia64.rpm ppc: gfs-kmod-debuginfo-0.1.34-2.el5_4.3.ppc64.rpm kmod-gfs-0.1.34-2.el5_4.3.ppc64.rpm x86_64: gfs-kmod-debuginfo-0.1.34-2.el5_4.3.x86_64.rpm kmod-gfs-0.1.34-2.el5_4.3.x86_64.rpm kmod-gfs-xen-0.1.34-2.el5_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0727.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMNi7aXlSAg2UNWIIRApVNAJ9Ni0KxRzDzfGdRY/t5nrP5dxGMUACbB6V9 B69Pl4RzXz38NEhhhEDt4V8= =GOJs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 13 17:54:41 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Jul 2010 11:54:41 -0600 Subject: [RHSA-2010:0528-01] Moderate: avahi security update Message-ID: <201007131754.o6DHsgQV013925@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: avahi security update Advisory ID: RHSA-2010:0528-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0528.html Issue date: 2010-07-13 CVE Names: CVE-2009-0758 CVE-2010-2244 ===================================================================== 1. Summary: Updated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially-crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially-crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 488314 - CVE-2009-0758 avahi: remote DoS via legacy unicast mDNS queries 607293 - CVE-2010-2244 avahi: assertion failure after receiving a packet with corrupted checksum 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/avahi-0.6.16-9.el5_5.src.rpm i386: avahi-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm avahi-debuginfo-0.6.16-9.el5_5.i386.rpm avahi-devel-0.6.16-9.el5_5.i386.rpm avahi-glib-0.6.16-9.el5_5.i386.rpm avahi-glib-devel-0.6.16-9.el5_5.i386.rpm avahi-qt3-0.6.16-9.el5_5.i386.rpm avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm avahi-tools-0.6.16-9.el5_5.i386.rpm x86_64: avahi-0.6.16-9.el5_5.i386.rpm avahi-0.6.16-9.el5_5.x86_64.rpm avahi-compat-howl-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-0.6.16-9.el5_5.x86_64.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.x86_64.rpm avahi-debuginfo-0.6.16-9.el5_5.i386.rpm avahi-debuginfo-0.6.16-9.el5_5.x86_64.rpm avahi-glib-0.6.16-9.el5_5.i386.rpm avahi-glib-0.6.16-9.el5_5.x86_64.rpm avahi-qt3-0.6.16-9.el5_5.i386.rpm avahi-qt3-0.6.16-9.el5_5.x86_64.rpm avahi-tools-0.6.16-9.el5_5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/avahi-0.6.16-9.el5_5.src.rpm i386: avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm avahi-debuginfo-0.6.16-9.el5_5.i386.rpm avahi-devel-0.6.16-9.el5_5.i386.rpm avahi-glib-devel-0.6.16-9.el5_5.i386.rpm avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm x86_64: avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.x86_64.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.x86_64.rpm avahi-debuginfo-0.6.16-9.el5_5.i386.rpm avahi-debuginfo-0.6.16-9.el5_5.x86_64.rpm avahi-devel-0.6.16-9.el5_5.i386.rpm avahi-devel-0.6.16-9.el5_5.x86_64.rpm avahi-glib-devel-0.6.16-9.el5_5.i386.rpm avahi-glib-devel-0.6.16-9.el5_5.x86_64.rpm avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm avahi-qt3-devel-0.6.16-9.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/avahi-0.6.16-9.el5_5.src.rpm i386: avahi-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm avahi-debuginfo-0.6.16-9.el5_5.i386.rpm avahi-devel-0.6.16-9.el5_5.i386.rpm avahi-glib-0.6.16-9.el5_5.i386.rpm avahi-glib-devel-0.6.16-9.el5_5.i386.rpm avahi-qt3-0.6.16-9.el5_5.i386.rpm avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm avahi-tools-0.6.16-9.el5_5.i386.rpm ia64: avahi-0.6.16-9.el5_5.ia64.rpm avahi-compat-howl-0.6.16-9.el5_5.ia64.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.ia64.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.ia64.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.ia64.rpm avahi-debuginfo-0.6.16-9.el5_5.ia64.rpm avahi-devel-0.6.16-9.el5_5.ia64.rpm avahi-glib-0.6.16-9.el5_5.ia64.rpm avahi-glib-devel-0.6.16-9.el5_5.ia64.rpm avahi-qt3-0.6.16-9.el5_5.ia64.rpm avahi-qt3-devel-0.6.16-9.el5_5.ia64.rpm avahi-tools-0.6.16-9.el5_5.ia64.rpm ppc: avahi-0.6.16-9.el5_5.ppc.rpm avahi-0.6.16-9.el5_5.ppc64.rpm avahi-compat-howl-0.6.16-9.el5_5.ppc.rpm avahi-compat-howl-0.6.16-9.el5_5.ppc64.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.ppc.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.ppc64.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.ppc.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.ppc64.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.ppc.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.ppc64.rpm avahi-debuginfo-0.6.16-9.el5_5.ppc.rpm avahi-debuginfo-0.6.16-9.el5_5.ppc64.rpm avahi-devel-0.6.16-9.el5_5.ppc.rpm avahi-devel-0.6.16-9.el5_5.ppc64.rpm avahi-glib-0.6.16-9.el5_5.ppc.rpm avahi-glib-0.6.16-9.el5_5.ppc64.rpm avahi-glib-devel-0.6.16-9.el5_5.ppc.rpm avahi-glib-devel-0.6.16-9.el5_5.ppc64.rpm avahi-qt3-0.6.16-9.el5_5.ppc.rpm avahi-qt3-0.6.16-9.el5_5.ppc64.rpm avahi-qt3-devel-0.6.16-9.el5_5.ppc.rpm avahi-qt3-devel-0.6.16-9.el5_5.ppc64.rpm avahi-tools-0.6.16-9.el5_5.ppc.rpm s390x: avahi-0.6.16-9.el5_5.s390.rpm avahi-0.6.16-9.el5_5.s390x.rpm avahi-compat-howl-0.6.16-9.el5_5.s390.rpm avahi-compat-howl-0.6.16-9.el5_5.s390x.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.s390.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.s390x.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.s390.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.s390x.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.s390.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.s390x.rpm avahi-debuginfo-0.6.16-9.el5_5.s390.rpm avahi-debuginfo-0.6.16-9.el5_5.s390x.rpm avahi-devel-0.6.16-9.el5_5.s390.rpm avahi-devel-0.6.16-9.el5_5.s390x.rpm avahi-glib-0.6.16-9.el5_5.s390.rpm avahi-glib-0.6.16-9.el5_5.s390x.rpm avahi-glib-devel-0.6.16-9.el5_5.s390.rpm avahi-glib-devel-0.6.16-9.el5_5.s390x.rpm avahi-qt3-0.6.16-9.el5_5.s390.rpm avahi-qt3-0.6.16-9.el5_5.s390x.rpm avahi-qt3-devel-0.6.16-9.el5_5.s390.rpm avahi-qt3-devel-0.6.16-9.el5_5.s390x.rpm avahi-tools-0.6.16-9.el5_5.s390x.rpm x86_64: avahi-0.6.16-9.el5_5.i386.rpm avahi-0.6.16-9.el5_5.x86_64.rpm avahi-compat-howl-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-0.6.16-9.el5_5.x86_64.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-howl-devel-0.6.16-9.el5_5.x86_64.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-0.6.16-9.el5_5.x86_64.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.i386.rpm avahi-compat-libdns_sd-devel-0.6.16-9.el5_5.x86_64.rpm avahi-debuginfo-0.6.16-9.el5_5.i386.rpm avahi-debuginfo-0.6.16-9.el5_5.x86_64.rpm avahi-devel-0.6.16-9.el5_5.i386.rpm avahi-devel-0.6.16-9.el5_5.x86_64.rpm avahi-glib-0.6.16-9.el5_5.i386.rpm avahi-glib-0.6.16-9.el5_5.x86_64.rpm avahi-glib-devel-0.6.16-9.el5_5.i386.rpm avahi-glib-devel-0.6.16-9.el5_5.x86_64.rpm avahi-qt3-0.6.16-9.el5_5.i386.rpm avahi-qt3-0.6.16-9.el5_5.x86_64.rpm avahi-qt3-devel-0.6.16-9.el5_5.i386.rpm avahi-qt3-devel-0.6.16-9.el5_5.x86_64.rpm avahi-tools-0.6.16-9.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-0758.html https://www.redhat.com/security/data/cve/CVE-2010-2244.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMPKg9XlSAg2UNWIIRApMlAKCNN0yihnW8UFWMQyAvMEjWpmhTmwCfbQmR htt8x42bF3BAtiUDVKXPrGw= =FiFd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 14 17:50:06 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Jul 2010 11:50:06 -0600 Subject: [RHSA-2010:0533-01] Moderate: pcsc-lite security update Message-ID: <201007141750.o6EHo6LE006060@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pcsc-lite security update Advisory ID: RHSA-2010:0533-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0533.html Issue date: 2010-07-14 CVE Names: CVE-2009-4901 CVE-2010-0407 ===================================================================== 1. Summary: Updated pcsc-lite packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause the pcscd daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407, CVE-2009-4901) Users of pcsc-lite should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the pcscd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 596426 - CVE-2009-4901 CVE-2009-4902 CVE-2010-0407 pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcsc-lite-1.4.4-4.el5_5.src.rpm i386: pcsc-lite-1.4.4-4.el5_5.i386.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.i386.rpm pcsc-lite-devel-1.4.4-4.el5_5.i386.rpm pcsc-lite-doc-1.4.4-4.el5_5.i386.rpm pcsc-lite-libs-1.4.4-4.el5_5.i386.rpm x86_64: pcsc-lite-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.i386.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-doc-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-libs-1.4.4-4.el5_5.i386.rpm pcsc-lite-libs-1.4.4-4.el5_5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcsc-lite-1.4.4-4.el5_5.src.rpm i386: pcsc-lite-debuginfo-1.4.4-4.el5_5.i386.rpm pcsc-lite-devel-1.4.4-4.el5_5.i386.rpm x86_64: pcsc-lite-debuginfo-1.4.4-4.el5_5.i386.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-devel-1.4.4-4.el5_5.i386.rpm pcsc-lite-devel-1.4.4-4.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pcsc-lite-1.4.4-4.el5_5.src.rpm i386: pcsc-lite-1.4.4-4.el5_5.i386.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.i386.rpm pcsc-lite-devel-1.4.4-4.el5_5.i386.rpm pcsc-lite-doc-1.4.4-4.el5_5.i386.rpm pcsc-lite-libs-1.4.4-4.el5_5.i386.rpm ia64: pcsc-lite-1.4.4-4.el5_5.ia64.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.ia64.rpm pcsc-lite-devel-1.4.4-4.el5_5.ia64.rpm pcsc-lite-doc-1.4.4-4.el5_5.ia64.rpm pcsc-lite-libs-1.4.4-4.el5_5.ia64.rpm ppc: pcsc-lite-1.4.4-4.el5_5.ppc.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.ppc.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.ppc64.rpm pcsc-lite-devel-1.4.4-4.el5_5.ppc.rpm pcsc-lite-devel-1.4.4-4.el5_5.ppc64.rpm pcsc-lite-doc-1.4.4-4.el5_5.ppc.rpm pcsc-lite-libs-1.4.4-4.el5_5.ppc.rpm pcsc-lite-libs-1.4.4-4.el5_5.ppc64.rpm x86_64: pcsc-lite-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.i386.rpm pcsc-lite-debuginfo-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-devel-1.4.4-4.el5_5.i386.rpm pcsc-lite-devel-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-doc-1.4.4-4.el5_5.x86_64.rpm pcsc-lite-libs-1.4.4-4.el5_5.i386.rpm pcsc-lite-libs-1.4.4-4.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4901.html https://www.redhat.com/security/data/cve/CVE-2010-0407.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMPfi2XlSAg2UNWIIRAm26AJ9lSB+kir8Z7llcwTmSMfYBnBu6yQCfY/tu Aeyq6TM5aX7nYgc8v+3aAzM= =Aqdu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 14 17:51:22 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Jul 2010 11:51:22 -0600 Subject: [RHSA-2010:0534-01] Important: libpng security update Message-ID: <201007141751.o6EHpNqr011738@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libpng security update Advisory ID: RHSA-2010:0534-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0534.html Issue date: 2010-07-14 CVE Names: CVE-2009-2042 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 ===================================================================== 1. Summary: Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially-crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially-crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 504782 - CVE-2009-2042 libpng: Interlaced Images Information Disclosure Vulnerability 566234 - CVE-2010-0205 libpng: excessive memory consumption due to highly compressed huge ancillary chunk 608238 - CVE-2010-1205 libpng: out-of-bounds memory write 608644 - CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng-1.2.2-30.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng10-1.0.13-21.src.rpm i386: libpng-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-devel-1.2.2-30.i386.rpm libpng10-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-devel-1.0.13-21.i386.rpm ia64: libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.ia64.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.ia64.rpm libpng-devel-1.2.2-30.ia64.rpm libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.ia64.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.ia64.rpm libpng10-devel-1.0.13-21.ia64.rpm ppc: libpng-1.2.2-30.ppc.rpm libpng-1.2.2-30.ppc64.rpm libpng-debuginfo-1.2.2-30.ppc.rpm libpng-debuginfo-1.2.2-30.ppc64.rpm libpng-devel-1.2.2-30.ppc.rpm libpng10-1.0.13-21.ppc.rpm libpng10-1.0.13-21.ppc64.rpm libpng10-debuginfo-1.0.13-21.ppc.rpm libpng10-debuginfo-1.0.13-21.ppc64.rpm libpng10-devel-1.0.13-21.ppc.rpm s390: libpng-1.2.2-30.s390.rpm libpng-debuginfo-1.2.2-30.s390.rpm libpng-devel-1.2.2-30.s390.rpm libpng10-1.0.13-21.s390.rpm libpng10-debuginfo-1.0.13-21.s390.rpm libpng10-devel-1.0.13-21.s390.rpm s390x: libpng-1.2.2-30.s390.rpm libpng-1.2.2-30.s390x.rpm libpng-debuginfo-1.2.2-30.s390.rpm libpng-debuginfo-1.2.2-30.s390x.rpm libpng-devel-1.2.2-30.s390x.rpm libpng10-1.0.13-21.s390.rpm libpng10-1.0.13-21.s390x.rpm libpng10-debuginfo-1.0.13-21.s390.rpm libpng10-debuginfo-1.0.13-21.s390x.rpm libpng10-devel-1.0.13-21.s390x.rpm x86_64: libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.x86_64.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.x86_64.rpm libpng-devel-1.2.2-30.x86_64.rpm libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.x86_64.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.x86_64.rpm libpng10-devel-1.0.13-21.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng-1.2.2-30.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng10-1.0.13-21.src.rpm i386: libpng-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-devel-1.2.2-30.i386.rpm libpng10-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-devel-1.0.13-21.i386.rpm x86_64: libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.x86_64.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.x86_64.rpm libpng-devel-1.2.2-30.x86_64.rpm libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.x86_64.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.x86_64.rpm libpng10-devel-1.0.13-21.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng-1.2.2-30.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng10-1.0.13-21.src.rpm i386: libpng-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-devel-1.2.2-30.i386.rpm libpng10-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-devel-1.0.13-21.i386.rpm ia64: libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.ia64.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.ia64.rpm libpng-devel-1.2.2-30.ia64.rpm libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.ia64.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.ia64.rpm libpng10-devel-1.0.13-21.ia64.rpm x86_64: libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.x86_64.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.x86_64.rpm libpng-devel-1.2.2-30.x86_64.rpm libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.x86_64.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.x86_64.rpm libpng10-devel-1.0.13-21.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng-1.2.2-30.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng10-1.0.13-21.src.rpm i386: libpng-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-devel-1.2.2-30.i386.rpm libpng10-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-devel-1.0.13-21.i386.rpm ia64: libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.ia64.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.ia64.rpm libpng-devel-1.2.2-30.ia64.rpm libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.ia64.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.ia64.rpm libpng10-devel-1.0.13-21.ia64.rpm x86_64: libpng-1.2.2-30.i386.rpm libpng-1.2.2-30.x86_64.rpm libpng-debuginfo-1.2.2-30.i386.rpm libpng-debuginfo-1.2.2-30.x86_64.rpm libpng-devel-1.2.2-30.x86_64.rpm libpng10-1.0.13-21.i386.rpm libpng10-1.0.13-21.x86_64.rpm libpng10-debuginfo-1.0.13-21.i386.rpm libpng10-debuginfo-1.0.13-21.x86_64.rpm libpng10-devel-1.0.13-21.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-3.el4_8.3.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-3.el4_8.4.src.rpm i386: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-devel-1.2.7-3.el4_8.3.i386.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-devel-1.0.16-3.el4_8.4.i386.rpm ia64: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.ia64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.ia64.rpm libpng-devel-1.2.7-3.el4_8.3.ia64.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.ia64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.ia64.rpm libpng10-devel-1.0.16-3.el4_8.4.ia64.rpm ppc: libpng-1.2.7-3.el4_8.3.ppc.rpm libpng-1.2.7-3.el4_8.3.ppc64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.ppc.rpm libpng-debuginfo-1.2.7-3.el4_8.3.ppc64.rpm libpng-devel-1.2.7-3.el4_8.3.ppc.rpm libpng10-1.0.16-3.el4_8.4.ppc.rpm libpng10-1.0.16-3.el4_8.4.ppc64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.ppc.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.ppc64.rpm libpng10-devel-1.0.16-3.el4_8.4.ppc.rpm s390: libpng-1.2.7-3.el4_8.3.s390.rpm libpng-debuginfo-1.2.7-3.el4_8.3.s390.rpm libpng-devel-1.2.7-3.el4_8.3.s390.rpm libpng10-1.0.16-3.el4_8.4.s390.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.s390.rpm libpng10-devel-1.0.16-3.el4_8.4.s390.rpm s390x: libpng-1.2.7-3.el4_8.3.s390.rpm libpng-1.2.7-3.el4_8.3.s390x.rpm libpng-debuginfo-1.2.7-3.el4_8.3.s390.rpm libpng-debuginfo-1.2.7-3.el4_8.3.s390x.rpm libpng-devel-1.2.7-3.el4_8.3.s390x.rpm libpng10-1.0.16-3.el4_8.4.s390.rpm libpng10-1.0.16-3.el4_8.4.s390x.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.s390.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.s390x.rpm libpng10-devel-1.0.16-3.el4_8.4.s390x.rpm x86_64: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.x86_64.rpm libpng-devel-1.2.7-3.el4_8.3.x86_64.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.x86_64.rpm libpng10-devel-1.0.16-3.el4_8.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-3.el4_8.3.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-3.el4_8.4.src.rpm i386: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-devel-1.2.7-3.el4_8.3.i386.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-devel-1.0.16-3.el4_8.4.i386.rpm x86_64: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.x86_64.rpm libpng-devel-1.2.7-3.el4_8.3.x86_64.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.x86_64.rpm libpng10-devel-1.0.16-3.el4_8.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-3.el4_8.3.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-3.el4_8.4.src.rpm i386: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-devel-1.2.7-3.el4_8.3.i386.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-devel-1.0.16-3.el4_8.4.i386.rpm ia64: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.ia64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.ia64.rpm libpng-devel-1.2.7-3.el4_8.3.ia64.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.ia64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.ia64.rpm libpng10-devel-1.0.16-3.el4_8.4.ia64.rpm x86_64: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.x86_64.rpm libpng-devel-1.2.7-3.el4_8.3.x86_64.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.x86_64.rpm libpng10-devel-1.0.16-3.el4_8.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-3.el4_8.3.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-3.el4_8.4.src.rpm i386: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-devel-1.2.7-3.el4_8.3.i386.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-devel-1.0.16-3.el4_8.4.i386.rpm ia64: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.ia64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.ia64.rpm libpng-devel-1.2.7-3.el4_8.3.ia64.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.ia64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.ia64.rpm libpng10-devel-1.0.16-3.el4_8.4.ia64.rpm x86_64: libpng-1.2.7-3.el4_8.3.i386.rpm libpng-1.2.7-3.el4_8.3.x86_64.rpm libpng-debuginfo-1.2.7-3.el4_8.3.i386.rpm libpng-debuginfo-1.2.7-3.el4_8.3.x86_64.rpm libpng-devel-1.2.7-3.el4_8.3.x86_64.rpm libpng10-1.0.16-3.el4_8.4.i386.rpm libpng10-1.0.16-3.el4_8.4.x86_64.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.i386.rpm libpng10-debuginfo-1.0.16-3.el4_8.4.x86_64.rpm libpng10-devel-1.0.16-3.el4_8.4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_5.3.src.rpm i386: libpng-1.2.10-7.1.el5_5.3.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.i386.rpm libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm x86_64: libpng-1.2.10-7.1.el5_5.3.i386.rpm libpng-1.2.10-7.1.el5_5.3.x86_64.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_5.3.src.rpm i386: libpng-debuginfo-1.2.10-7.1.el5_5.3.i386.rpm libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm x86_64: libpng-debuginfo-1.2.10-7.1.el5_5.3.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.x86_64.rpm libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm libpng-devel-1.2.10-7.1.el5_5.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-7.1.el5_5.3.src.rpm i386: libpng-1.2.10-7.1.el5_5.3.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.i386.rpm libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm ia64: libpng-1.2.10-7.1.el5_5.3.i386.rpm libpng-1.2.10-7.1.el5_5.3.ia64.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.ia64.rpm libpng-devel-1.2.10-7.1.el5_5.3.ia64.rpm ppc: libpng-1.2.10-7.1.el5_5.3.ppc.rpm libpng-1.2.10-7.1.el5_5.3.ppc64.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.ppc.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.ppc64.rpm libpng-devel-1.2.10-7.1.el5_5.3.ppc.rpm libpng-devel-1.2.10-7.1.el5_5.3.ppc64.rpm s390x: libpng-1.2.10-7.1.el5_5.3.s390.rpm libpng-1.2.10-7.1.el5_5.3.s390x.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.s390.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.s390x.rpm libpng-devel-1.2.10-7.1.el5_5.3.s390.rpm libpng-devel-1.2.10-7.1.el5_5.3.s390x.rpm x86_64: libpng-1.2.10-7.1.el5_5.3.i386.rpm libpng-1.2.10-7.1.el5_5.3.x86_64.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_5.3.x86_64.rpm libpng-devel-1.2.10-7.1.el5_5.3.i386.rpm libpng-devel-1.2.10-7.1.el5_5.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2042.html https://www.redhat.com/security/data/cve/CVE-2010-0205.html https://www.redhat.com/security/data/cve/CVE-2010-1205.html https://www.redhat.com/security/data/cve/CVE-2010-2249.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMPfjqXlSAg2UNWIIRAifAAKCVFsf5tiMGOtIwDUoYi0wW1UKJQQCfZGPv 9LOUcICHlrMbhaETYjUVy8E= =ZO9D -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 20 16:50:55 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Jul 2010 12:50:55 -0400 Subject: [RHSA-2010:0542-01] Moderate: openldap security update Message-ID: <201007201650.o6KGot13027548@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security update Advisory ID: RHSA-2010:0542-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0542.html Issue date: 2010-07-20 CVE Names: CVE-2010-0211 CVE-2010-0212 ===================================================================== 1. Summary: Updated openldap packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) Red Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salom?ki for the discovery of the issues. Users of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 605448 - CVE-2010-0211 openldap: modrdn processing uninitialized pointer free 605452 - CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.43-12.el5_5.1.src.rpm i386: compat-openldap-2.3.43_2.2.29-12.el5_5.1.i386.rpm openldap-2.3.43-12.el5_5.1.i386.rpm openldap-clients-2.3.43-12.el5_5.1.i386.rpm openldap-debuginfo-2.3.43-12.el5_5.1.i386.rpm x86_64: compat-openldap-2.3.43_2.2.29-12.el5_5.1.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5_5.1.x86_64.rpm openldap-2.3.43-12.el5_5.1.i386.rpm openldap-2.3.43-12.el5_5.1.x86_64.rpm openldap-clients-2.3.43-12.el5_5.1.x86_64.rpm openldap-debuginfo-2.3.43-12.el5_5.1.i386.rpm openldap-debuginfo-2.3.43-12.el5_5.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.43-12.el5_5.1.src.rpm i386: openldap-debuginfo-2.3.43-12.el5_5.1.i386.rpm openldap-devel-2.3.43-12.el5_5.1.i386.rpm openldap-servers-2.3.43-12.el5_5.1.i386.rpm openldap-servers-overlays-2.3.43-12.el5_5.1.i386.rpm openldap-servers-sql-2.3.43-12.el5_5.1.i386.rpm x86_64: openldap-debuginfo-2.3.43-12.el5_5.1.i386.rpm openldap-debuginfo-2.3.43-12.el5_5.1.x86_64.rpm openldap-devel-2.3.43-12.el5_5.1.i386.rpm openldap-devel-2.3.43-12.el5_5.1.x86_64.rpm openldap-servers-2.3.43-12.el5_5.1.x86_64.rpm openldap-servers-overlays-2.3.43-12.el5_5.1.x86_64.rpm openldap-servers-sql-2.3.43-12.el5_5.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openldap-2.3.43-12.el5_5.1.src.rpm i386: compat-openldap-2.3.43_2.2.29-12.el5_5.1.i386.rpm openldap-2.3.43-12.el5_5.1.i386.rpm openldap-clients-2.3.43-12.el5_5.1.i386.rpm openldap-debuginfo-2.3.43-12.el5_5.1.i386.rpm openldap-devel-2.3.43-12.el5_5.1.i386.rpm openldap-servers-2.3.43-12.el5_5.1.i386.rpm openldap-servers-overlays-2.3.43-12.el5_5.1.i386.rpm openldap-servers-sql-2.3.43-12.el5_5.1.i386.rpm ia64: compat-openldap-2.3.43_2.2.29-12.el5_5.1.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5_5.1.ia64.rpm openldap-2.3.43-12.el5_5.1.i386.rpm openldap-2.3.43-12.el5_5.1.ia64.rpm openldap-clients-2.3.43-12.el5_5.1.ia64.rpm openldap-debuginfo-2.3.43-12.el5_5.1.i386.rpm openldap-debuginfo-2.3.43-12.el5_5.1.ia64.rpm openldap-devel-2.3.43-12.el5_5.1.ia64.rpm openldap-servers-2.3.43-12.el5_5.1.ia64.rpm openldap-servers-overlays-2.3.43-12.el5_5.1.ia64.rpm openldap-servers-sql-2.3.43-12.el5_5.1.ia64.rpm ppc: compat-openldap-2.3.43_2.2.29-12.el5_5.1.ppc.rpm compat-openldap-2.3.43_2.2.29-12.el5_5.1.ppc64.rpm openldap-2.3.43-12.el5_5.1.ppc.rpm openldap-2.3.43-12.el5_5.1.ppc64.rpm openldap-clients-2.3.43-12.el5_5.1.ppc.rpm openldap-debuginfo-2.3.43-12.el5_5.1.ppc.rpm openldap-debuginfo-2.3.43-12.el5_5.1.ppc64.rpm openldap-devel-2.3.43-12.el5_5.1.ppc.rpm openldap-devel-2.3.43-12.el5_5.1.ppc64.rpm openldap-servers-2.3.43-12.el5_5.1.ppc.rpm openldap-servers-overlays-2.3.43-12.el5_5.1.ppc.rpm openldap-servers-sql-2.3.43-12.el5_5.1.ppc.rpm s390x: compat-openldap-2.3.43_2.2.29-12.el5_5.1.s390.rpm compat-openldap-2.3.43_2.2.29-12.el5_5.1.s390x.rpm openldap-2.3.43-12.el5_5.1.s390.rpm openldap-2.3.43-12.el5_5.1.s390x.rpm openldap-clients-2.3.43-12.el5_5.1.s390x.rpm openldap-debuginfo-2.3.43-12.el5_5.1.s390.rpm openldap-debuginfo-2.3.43-12.el5_5.1.s390x.rpm openldap-devel-2.3.43-12.el5_5.1.s390.rpm openldap-devel-2.3.43-12.el5_5.1.s390x.rpm openldap-servers-2.3.43-12.el5_5.1.s390x.rpm openldap-servers-overlays-2.3.43-12.el5_5.1.s390x.rpm openldap-servers-sql-2.3.43-12.el5_5.1.s390x.rpm x86_64: compat-openldap-2.3.43_2.2.29-12.el5_5.1.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5_5.1.x86_64.rpm openldap-2.3.43-12.el5_5.1.i386.rpm openldap-2.3.43-12.el5_5.1.x86_64.rpm openldap-clients-2.3.43-12.el5_5.1.x86_64.rpm openldap-debuginfo-2.3.43-12.el5_5.1.i386.rpm openldap-debuginfo-2.3.43-12.el5_5.1.x86_64.rpm openldap-devel-2.3.43-12.el5_5.1.i386.rpm openldap-devel-2.3.43-12.el5_5.1.x86_64.rpm openldap-servers-2.3.43-12.el5_5.1.x86_64.rpm openldap-servers-overlays-2.3.43-12.el5_5.1.x86_64.rpm openldap-servers-sql-2.3.43-12.el5_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0211.html https://www.redhat.com/security/data/cve/CVE-2010-0212.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMRdPAXlSAg2UNWIIRAtviAKCwonq3qhNN+BtLw8WP5ruGHK9jCACeNFaq L5OkfRKXYiPJEBiK/TCYriw= =NljB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 20 16:52:33 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Jul 2010 12:52:33 -0400 Subject: [RHSA-2010:0543-01] Moderate: openldap security update Message-ID: <201007201652.o6KGqXrC000501@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security update Advisory ID: RHSA-2010:0543-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0543.html Issue date: 2010-07-20 CVE Names: CVE-2009-3767 CVE-2010-0211 ===================================================================== 1. Summary: Updated openldap packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. An uninitialized pointer use flaw was discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use this flaw to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211) Red Hat would like to thank CERT-FI for responsibly reporting the CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salom?ki for the discovery of the issue. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name 605448 - CVE-2010-0211 openldap: modrdn processing uninitialized pointer free 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openldap-2.2.13-12.el4_8.3.src.rpm i386: compat-openldap-2.1.30-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-clients-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-devel-2.2.13-12.el4_8.3.i386.rpm openldap-servers-2.2.13-12.el4_8.3.i386.rpm openldap-servers-sql-2.2.13-12.el4_8.3.i386.rpm ia64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.ia64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.ia64.rpm openldap-clients-2.2.13-12.el4_8.3.ia64.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.ia64.rpm openldap-devel-2.2.13-12.el4_8.3.ia64.rpm openldap-servers-2.2.13-12.el4_8.3.ia64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.ia64.rpm ppc: compat-openldap-2.1.30-12.el4_8.3.ppc.rpm compat-openldap-2.1.30-12.el4_8.3.ppc64.rpm openldap-2.2.13-12.el4_8.3.ppc.rpm openldap-2.2.13-12.el4_8.3.ppc64.rpm openldap-clients-2.2.13-12.el4_8.3.ppc.rpm openldap-debuginfo-2.2.13-12.el4_8.3.ppc.rpm openldap-debuginfo-2.2.13-12.el4_8.3.ppc64.rpm openldap-devel-2.2.13-12.el4_8.3.ppc.rpm openldap-servers-2.2.13-12.el4_8.3.ppc.rpm openldap-servers-sql-2.2.13-12.el4_8.3.ppc.rpm s390: compat-openldap-2.1.30-12.el4_8.3.s390.rpm openldap-2.2.13-12.el4_8.3.s390.rpm openldap-clients-2.2.13-12.el4_8.3.s390.rpm openldap-debuginfo-2.2.13-12.el4_8.3.s390.rpm openldap-devel-2.2.13-12.el4_8.3.s390.rpm openldap-servers-2.2.13-12.el4_8.3.s390.rpm openldap-servers-sql-2.2.13-12.el4_8.3.s390.rpm s390x: compat-openldap-2.1.30-12.el4_8.3.s390.rpm compat-openldap-2.1.30-12.el4_8.3.s390x.rpm openldap-2.2.13-12.el4_8.3.s390.rpm openldap-2.2.13-12.el4_8.3.s390x.rpm openldap-clients-2.2.13-12.el4_8.3.s390x.rpm openldap-debuginfo-2.2.13-12.el4_8.3.s390.rpm openldap-debuginfo-2.2.13-12.el4_8.3.s390x.rpm openldap-devel-2.2.13-12.el4_8.3.s390x.rpm openldap-servers-2.2.13-12.el4_8.3.s390x.rpm openldap-servers-sql-2.2.13-12.el4_8.3.s390x.rpm x86_64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.x86_64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.x86_64.rpm openldap-clients-2.2.13-12.el4_8.3.x86_64.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.x86_64.rpm openldap-devel-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openldap-2.2.13-12.el4_8.3.src.rpm i386: compat-openldap-2.1.30-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-clients-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-devel-2.2.13-12.el4_8.3.i386.rpm openldap-servers-2.2.13-12.el4_8.3.i386.rpm openldap-servers-sql-2.2.13-12.el4_8.3.i386.rpm x86_64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.x86_64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.x86_64.rpm openldap-clients-2.2.13-12.el4_8.3.x86_64.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.x86_64.rpm openldap-devel-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openldap-2.2.13-12.el4_8.3.src.rpm i386: compat-openldap-2.1.30-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-clients-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-devel-2.2.13-12.el4_8.3.i386.rpm openldap-servers-2.2.13-12.el4_8.3.i386.rpm openldap-servers-sql-2.2.13-12.el4_8.3.i386.rpm ia64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.ia64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.ia64.rpm openldap-clients-2.2.13-12.el4_8.3.ia64.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.ia64.rpm openldap-devel-2.2.13-12.el4_8.3.ia64.rpm openldap-servers-2.2.13-12.el4_8.3.ia64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.ia64.rpm x86_64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.x86_64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.x86_64.rpm openldap-clients-2.2.13-12.el4_8.3.x86_64.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.x86_64.rpm openldap-devel-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openldap-2.2.13-12.el4_8.3.src.rpm i386: compat-openldap-2.1.30-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-clients-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-devel-2.2.13-12.el4_8.3.i386.rpm openldap-servers-2.2.13-12.el4_8.3.i386.rpm openldap-servers-sql-2.2.13-12.el4_8.3.i386.rpm ia64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.ia64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.ia64.rpm openldap-clients-2.2.13-12.el4_8.3.ia64.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.ia64.rpm openldap-devel-2.2.13-12.el4_8.3.ia64.rpm openldap-servers-2.2.13-12.el4_8.3.ia64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.ia64.rpm x86_64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.x86_64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.x86_64.rpm openldap-clients-2.2.13-12.el4_8.3.x86_64.rpm openldap-debuginfo-2.2.13-12.el4_8.3.i386.rpm openldap-debuginfo-2.2.13-12.el4_8.3.x86_64.rpm openldap-devel-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3767.html https://www.redhat.com/security/data/cve/CVE-2010-0211.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMRdQQXlSAg2UNWIIRArPyAJwI92F+mmCmeSWZxonuPZhLpwbU7gCffiyW J6EQCkm9k6joUzXANSyztoU= =QDUM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 21 01:44:23 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Jul 2010 21:44:23 -0400 Subject: [RHSA-2010:0544-01] Moderate: thunderbird security update Message-ID: <201007210144.o6L1iNuI001313@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0544-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0544.html Issue date: 2010-07-20 CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1211 CVE-2010-1214 CVE-2010-2753 CVE-2010-2754 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 578147 - CVE-2010-0174 Mozilla crashes with evidence of memory corruption 578149 - CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection 578150 - CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView 578152 - CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray 590804 - CVE-2010-1200 Mozilla Crashes with evidence of memory corruption 590828 - CVE-2010-1198 Mozilla Freed object reuse across plugin instances 590833 - CVE-2010-1199 Mozilla Integer Overflow in XSLT Node Sorting 590850 - CVE-2010-1197 Mozilla Content-Disposition: attachment ignored if Content-Type: multipart also present 615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards 615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability 615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability 615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm i386: thunderbird-1.5.0.12-28.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm ia64: thunderbird-1.5.0.12-28.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-28.el4.ia64.rpm ppc: thunderbird-1.5.0.12-28.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-28.el4.ppc.rpm s390: thunderbird-1.5.0.12-28.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-28.el4.s390.rpm s390x: thunderbird-1.5.0.12-28.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-28.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-28.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm i386: thunderbird-1.5.0.12-28.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm x86_64: thunderbird-1.5.0.12-28.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm i386: thunderbird-1.5.0.12-28.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm ia64: thunderbird-1.5.0.12-28.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-28.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-28.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-28.el4.src.rpm i386: thunderbird-1.5.0.12-28.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-28.el4.i386.rpm ia64: thunderbird-1.5.0.12-28.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-28.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-28.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-28.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0174.html https://www.redhat.com/security/data/cve/CVE-2010-0175.html https://www.redhat.com/security/data/cve/CVE-2010-0176.html https://www.redhat.com/security/data/cve/CVE-2010-0177.html https://www.redhat.com/security/data/cve/CVE-2010-1197.html https://www.redhat.com/security/data/cve/CVE-2010-1198.html https://www.redhat.com/security/data/cve/CVE-2010-1199.html https://www.redhat.com/security/data/cve/CVE-2010-1200.html https://www.redhat.com/security/data/cve/CVE-2010-1211.html https://www.redhat.com/security/data/cve/CVE-2010-1214.html https://www.redhat.com/security/data/cve/CVE-2010-2753.html https://www.redhat.com/security/data/cve/CVE-2010-2754.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMRlC8XlSAg2UNWIIRAkkGAKC1/ergrpI4X2nqCiPTE4KtPln7eACgiDW0 y6oPAbK0YSXGineI+KKXioY= =qkxY -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 21 01:45:27 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Jul 2010 21:45:27 -0400 Subject: [RHSA-2010:0545-01] Critical: thunderbird security update Message-ID: <201007210145.o6L1jS6k028224@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2010:0545-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0545.html Issue date: 2010-07-20 CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1205 CVE-2010-1211 CVE-2010-1214 CVE-2010-2753 CVE-2010-2754 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 578147 - CVE-2010-0174 Mozilla crashes with evidence of memory corruption 578149 - CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection 578150 - CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView 578152 - CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray 590804 - CVE-2010-1200 Mozilla Crashes with evidence of memory corruption 590828 - CVE-2010-1198 Mozilla Freed object reuse across plugin instances 590833 - CVE-2010-1199 Mozilla Integer Overflow in XSLT Node Sorting 590850 - CVE-2010-1197 Mozilla Content-Disposition: attachment ignored if Content-Type: multipart also present 608238 - CVE-2010-1205 libpng: out-of-bounds memory write 615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards 615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability 615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability 615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-6.el5.src.rpm i386: thunderbird-2.0.0.24-6.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-6.el5.i386.rpm x86_64: thunderbird-2.0.0.24-6.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-6.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-6.el5.src.rpm i386: thunderbird-2.0.0.24-6.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-6.el5.i386.rpm x86_64: thunderbird-2.0.0.24-6.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0174.html https://www.redhat.com/security/data/cve/CVE-2010-0175.html https://www.redhat.com/security/data/cve/CVE-2010-0176.html https://www.redhat.com/security/data/cve/CVE-2010-0177.html https://www.redhat.com/security/data/cve/CVE-2010-1197.html https://www.redhat.com/security/data/cve/CVE-2010-1198.html https://www.redhat.com/security/data/cve/CVE-2010-1199.html https://www.redhat.com/security/data/cve/CVE-2010-1200.html https://www.redhat.com/security/data/cve/CVE-2010-1205.html https://www.redhat.com/security/data/cve/CVE-2010-1211.html https://www.redhat.com/security/data/cve/CVE-2010-1214.html https://www.redhat.com/security/data/cve/CVE-2010-2753.html https://www.redhat.com/security/data/cve/CVE-2010-2754.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMRlEGXlSAg2UNWIIRAm74AKDAZ6vNVbJPrvaVeoY8F/+I3vjO4wCfZSjo q5mE2Lj5iUbueLA6T4ExIqE= =7eMl -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 21 01:46:07 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Jul 2010 21:46:07 -0400 Subject: [RHSA-2010:0546-01] Critical: seamonkey security update Message-ID: <201007210146.o6L1k7LC028276@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2010:0546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0546.html Issue date: 2010-07-20 CVE Names: CVE-2010-1205 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 608238 - CVE-2010-1205 libpng: out-of-bounds memory write 615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards 615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability 615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability 615480 - CVE-2010-2751 Mozilla SSL spoofing with history.back() and history.forward() 615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm i386: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-chat-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-devel-1.0.9-0.57.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm seamonkey-mail-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm ia64: seamonkey-1.0.9-0.57.el3.ia64.rpm seamonkey-chat-1.0.9-0.57.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.ia64.rpm seamonkey-devel-1.0.9-0.57.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.57.el3.ia64.rpm seamonkey-mail-1.0.9-0.57.el3.ia64.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.ia64.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.57.el3.ia64.rpm ppc: seamonkey-1.0.9-0.57.el3.ppc.rpm seamonkey-chat-1.0.9-0.57.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.57.el3.ppc.rpm seamonkey-devel-1.0.9-0.57.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.57.el3.ppc.rpm seamonkey-mail-1.0.9-0.57.el3.ppc.rpm seamonkey-nspr-1.0.9-0.57.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.ppc.rpm seamonkey-nss-1.0.9-0.57.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.57.el3.ppc.rpm s390: seamonkey-1.0.9-0.57.el3.s390.rpm seamonkey-chat-1.0.9-0.57.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.57.el3.s390.rpm seamonkey-devel-1.0.9-0.57.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.57.el3.s390.rpm seamonkey-mail-1.0.9-0.57.el3.s390.rpm seamonkey-nspr-1.0.9-0.57.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.s390.rpm seamonkey-nss-1.0.9-0.57.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.57.el3.s390.rpm s390x: seamonkey-1.0.9-0.57.el3.s390x.rpm seamonkey-chat-1.0.9-0.57.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.57.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.57.el3.s390x.rpm seamonkey-devel-1.0.9-0.57.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.57.el3.s390x.rpm seamonkey-mail-1.0.9-0.57.el3.s390x.rpm seamonkey-nspr-1.0.9-0.57.el3.s390.rpm seamonkey-nspr-1.0.9-0.57.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.s390x.rpm seamonkey-nss-1.0.9-0.57.el3.s390.rpm seamonkey-nss-1.0.9-0.57.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.57.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-1.0.9-0.57.el3.x86_64.rpm seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm i386: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-chat-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-devel-1.0.9-0.57.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm seamonkey-mail-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm x86_64: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-1.0.9-0.57.el3.x86_64.rpm seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm i386: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-chat-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-devel-1.0.9-0.57.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm seamonkey-mail-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm ia64: seamonkey-1.0.9-0.57.el3.ia64.rpm seamonkey-chat-1.0.9-0.57.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.ia64.rpm seamonkey-devel-1.0.9-0.57.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.57.el3.ia64.rpm seamonkey-mail-1.0.9-0.57.el3.ia64.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.ia64.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.57.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-1.0.9-0.57.el3.x86_64.rpm seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.57.el3.src.rpm i386: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-chat-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-devel-1.0.9-0.57.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.57.el3.i386.rpm seamonkey-mail-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.57.el3.i386.rpm ia64: seamonkey-1.0.9-0.57.el3.ia64.rpm seamonkey-chat-1.0.9-0.57.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.ia64.rpm seamonkey-devel-1.0.9-0.57.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.57.el3.ia64.rpm seamonkey-mail-1.0.9-0.57.el3.ia64.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.ia64.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.57.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.57.el3.i386.rpm seamonkey-1.0.9-0.57.el3.x86_64.rpm seamonkey-chat-1.0.9-0.57.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.57.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.57.el3.x86_64.rpm seamonkey-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.57.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.57.el3.x86_64.rpm seamonkey-mail-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.57.el3.i386.rpm seamonkey-nspr-1.0.9-0.57.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-1.0.9-0.57.el3.i386.rpm seamonkey-nss-1.0.9-0.57.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.57.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm i386: seamonkey-1.0.9-60.el4.i386.rpm seamonkey-chat-1.0.9-60.el4.i386.rpm seamonkey-debuginfo-1.0.9-60.el4.i386.rpm seamonkey-devel-1.0.9-60.el4.i386.rpm seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm seamonkey-js-debugger-1.0.9-60.el4.i386.rpm seamonkey-mail-1.0.9-60.el4.i386.rpm ia64: seamonkey-1.0.9-60.el4.ia64.rpm seamonkey-chat-1.0.9-60.el4.ia64.rpm seamonkey-debuginfo-1.0.9-60.el4.ia64.rpm seamonkey-devel-1.0.9-60.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-60.el4.ia64.rpm seamonkey-js-debugger-1.0.9-60.el4.ia64.rpm seamonkey-mail-1.0.9-60.el4.ia64.rpm ppc: seamonkey-1.0.9-60.el4.ppc.rpm seamonkey-chat-1.0.9-60.el4.ppc.rpm seamonkey-debuginfo-1.0.9-60.el4.ppc.rpm seamonkey-devel-1.0.9-60.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-60.el4.ppc.rpm seamonkey-js-debugger-1.0.9-60.el4.ppc.rpm seamonkey-mail-1.0.9-60.el4.ppc.rpm s390: seamonkey-1.0.9-60.el4.s390.rpm seamonkey-chat-1.0.9-60.el4.s390.rpm seamonkey-debuginfo-1.0.9-60.el4.s390.rpm seamonkey-devel-1.0.9-60.el4.s390.rpm seamonkey-dom-inspector-1.0.9-60.el4.s390.rpm seamonkey-js-debugger-1.0.9-60.el4.s390.rpm seamonkey-mail-1.0.9-60.el4.s390.rpm s390x: seamonkey-1.0.9-60.el4.s390x.rpm seamonkey-chat-1.0.9-60.el4.s390x.rpm seamonkey-debuginfo-1.0.9-60.el4.s390x.rpm seamonkey-devel-1.0.9-60.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-60.el4.s390x.rpm seamonkey-js-debugger-1.0.9-60.el4.s390x.rpm seamonkey-mail-1.0.9-60.el4.s390x.rpm x86_64: seamonkey-1.0.9-60.el4.x86_64.rpm seamonkey-chat-1.0.9-60.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm seamonkey-devel-1.0.9-60.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm seamonkey-mail-1.0.9-60.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm i386: seamonkey-1.0.9-60.el4.i386.rpm seamonkey-chat-1.0.9-60.el4.i386.rpm seamonkey-debuginfo-1.0.9-60.el4.i386.rpm seamonkey-devel-1.0.9-60.el4.i386.rpm seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm seamonkey-js-debugger-1.0.9-60.el4.i386.rpm seamonkey-mail-1.0.9-60.el4.i386.rpm x86_64: seamonkey-1.0.9-60.el4.x86_64.rpm seamonkey-chat-1.0.9-60.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm seamonkey-devel-1.0.9-60.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm seamonkey-mail-1.0.9-60.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm i386: seamonkey-1.0.9-60.el4.i386.rpm seamonkey-chat-1.0.9-60.el4.i386.rpm seamonkey-debuginfo-1.0.9-60.el4.i386.rpm seamonkey-devel-1.0.9-60.el4.i386.rpm seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm seamonkey-js-debugger-1.0.9-60.el4.i386.rpm seamonkey-mail-1.0.9-60.el4.i386.rpm ia64: seamonkey-1.0.9-60.el4.ia64.rpm seamonkey-chat-1.0.9-60.el4.ia64.rpm seamonkey-debuginfo-1.0.9-60.el4.ia64.rpm seamonkey-devel-1.0.9-60.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-60.el4.ia64.rpm seamonkey-js-debugger-1.0.9-60.el4.ia64.rpm seamonkey-mail-1.0.9-60.el4.ia64.rpm x86_64: seamonkey-1.0.9-60.el4.x86_64.rpm seamonkey-chat-1.0.9-60.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm seamonkey-devel-1.0.9-60.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm seamonkey-mail-1.0.9-60.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-60.el4.src.rpm i386: seamonkey-1.0.9-60.el4.i386.rpm seamonkey-chat-1.0.9-60.el4.i386.rpm seamonkey-debuginfo-1.0.9-60.el4.i386.rpm seamonkey-devel-1.0.9-60.el4.i386.rpm seamonkey-dom-inspector-1.0.9-60.el4.i386.rpm seamonkey-js-debugger-1.0.9-60.el4.i386.rpm seamonkey-mail-1.0.9-60.el4.i386.rpm ia64: seamonkey-1.0.9-60.el4.ia64.rpm seamonkey-chat-1.0.9-60.el4.ia64.rpm seamonkey-debuginfo-1.0.9-60.el4.ia64.rpm seamonkey-devel-1.0.9-60.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-60.el4.ia64.rpm seamonkey-js-debugger-1.0.9-60.el4.ia64.rpm seamonkey-mail-1.0.9-60.el4.ia64.rpm x86_64: seamonkey-1.0.9-60.el4.x86_64.rpm seamonkey-chat-1.0.9-60.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-60.el4.x86_64.rpm seamonkey-devel-1.0.9-60.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-60.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-60.el4.x86_64.rpm seamonkey-mail-1.0.9-60.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1205.html https://www.redhat.com/security/data/cve/CVE-2010-1211.html https://www.redhat.com/security/data/cve/CVE-2010-1214.html https://www.redhat.com/security/data/cve/CVE-2010-2751.html https://www.redhat.com/security/data/cve/CVE-2010-2753.html https://www.redhat.com/security/data/cve/CVE-2010-2754.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMRlFZXlSAg2UNWIIRAmzsAJ9scO3VeAZJ/qK6OMJescWXpN8ifwCgs9r0 Q9aaaYTjBNpkdjIVBr119Xs= =E44f -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 21 01:46:34 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Jul 2010 21:46:34 -0400 Subject: [RHSA-2010:0547-01] Critical: firefox security update Message-ID: <201007210146.o6L1kZ6n001986@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0547-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0547.html Issue date: 2010-07-20 CVE Names: CVE-2010-0654 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 568231 - CVE-2010-0654 firefox: cross-domain information disclosure 608238 - CVE-2010-1205 libpng: out-of-bounds memory write 608763 - CVE-2010-1206 Firefox: Spoofing attacks via vectors involving 'No Content' status code or via a windows.stop call 615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards 615456 - CVE-2010-1212 Mozilla miscellaneous memory safety hazards 615458 - CVE-2010-1208 Mozilla DOM attribute cloning remote code execution vulnerability 615459 - CVE-2010-1209 Mozilla Use-after-free error in NodeIterator 615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability 615463 - CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native function 615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow 615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability 615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and importScripts 615472 - CVE-2010-1207 Mozilla Same-origin bypass using canvas context 615474 - CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish 615480 - CVE-2010-2751 Mozilla SSL spoofing with history.back() and history.forward() 615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm i386: firefox-3.6.7-2.el4.i386.rpm firefox-debuginfo-3.6.7-2.el4.i386.rpm ia64: firefox-3.6.7-2.el4.ia64.rpm firefox-debuginfo-3.6.7-2.el4.ia64.rpm ppc: firefox-3.6.7-2.el4.ppc.rpm firefox-debuginfo-3.6.7-2.el4.ppc.rpm s390: firefox-3.6.7-2.el4.s390.rpm firefox-debuginfo-3.6.7-2.el4.s390.rpm s390x: firefox-3.6.7-2.el4.s390x.rpm firefox-debuginfo-3.6.7-2.el4.s390x.rpm x86_64: firefox-3.6.7-2.el4.x86_64.rpm firefox-debuginfo-3.6.7-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm i386: firefox-3.6.7-2.el4.i386.rpm firefox-debuginfo-3.6.7-2.el4.i386.rpm x86_64: firefox-3.6.7-2.el4.x86_64.rpm firefox-debuginfo-3.6.7-2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm i386: firefox-3.6.7-2.el4.i386.rpm firefox-debuginfo-3.6.7-2.el4.i386.rpm ia64: firefox-3.6.7-2.el4.ia64.rpm firefox-debuginfo-3.6.7-2.el4.ia64.rpm x86_64: firefox-3.6.7-2.el4.x86_64.rpm firefox-debuginfo-3.6.7-2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.7-2.el4.src.rpm i386: firefox-3.6.7-2.el4.i386.rpm firefox-debuginfo-3.6.7-2.el4.i386.rpm ia64: firefox-3.6.7-2.el4.ia64.rpm firefox-debuginfo-3.6.7-2.el4.ia64.rpm x86_64: firefox-3.6.7-2.el4.x86_64.rpm firefox-debuginfo-3.6.7-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.7-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.7-2.el5.src.rpm i386: firefox-3.6.7-2.el5.i386.rpm firefox-debuginfo-3.6.7-2.el5.i386.rpm xulrunner-1.9.2.7-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm xulrunner-devel-1.9.2.7-2.el5.i386.rpm x86_64: firefox-3.6.7-2.el5.i386.rpm firefox-3.6.7-2.el5.x86_64.rpm firefox-debuginfo-3.6.7-2.el5.i386.rpm firefox-debuginfo-3.6.7-2.el5.x86_64.rpm xulrunner-1.9.2.7-2.el5.i386.rpm xulrunner-1.9.2.7-2.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-2.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.7-2.el5.src.rpm i386: xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm xulrunner-devel-1.9.2.7-2.el5.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-2.el5.x86_64.rpm xulrunner-devel-1.9.2.7-2.el5.i386.rpm xulrunner-devel-1.9.2.7-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.7-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.7-2.el5.src.rpm i386: firefox-3.6.7-2.el5.i386.rpm firefox-debuginfo-3.6.7-2.el5.i386.rpm xulrunner-1.9.2.7-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm xulrunner-devel-1.9.2.7-2.el5.i386.rpm ia64: firefox-3.6.7-2.el5.ia64.rpm firefox-debuginfo-3.6.7-2.el5.ia64.rpm xulrunner-1.9.2.7-2.el5.ia64.rpm xulrunner-debuginfo-1.9.2.7-2.el5.ia64.rpm xulrunner-devel-1.9.2.7-2.el5.ia64.rpm ppc: firefox-3.6.7-2.el5.ppc.rpm firefox-debuginfo-3.6.7-2.el5.ppc.rpm xulrunner-1.9.2.7-2.el5.ppc.rpm xulrunner-1.9.2.7-2.el5.ppc64.rpm xulrunner-debuginfo-1.9.2.7-2.el5.ppc.rpm xulrunner-debuginfo-1.9.2.7-2.el5.ppc64.rpm xulrunner-devel-1.9.2.7-2.el5.ppc.rpm xulrunner-devel-1.9.2.7-2.el5.ppc64.rpm s390x: firefox-3.6.7-2.el5.s390.rpm firefox-3.6.7-2.el5.s390x.rpm firefox-debuginfo-3.6.7-2.el5.s390.rpm firefox-debuginfo-3.6.7-2.el5.s390x.rpm xulrunner-1.9.2.7-2.el5.s390.rpm xulrunner-1.9.2.7-2.el5.s390x.rpm xulrunner-debuginfo-1.9.2.7-2.el5.s390.rpm xulrunner-debuginfo-1.9.2.7-2.el5.s390x.rpm xulrunner-devel-1.9.2.7-2.el5.s390.rpm xulrunner-devel-1.9.2.7-2.el5.s390x.rpm x86_64: firefox-3.6.7-2.el5.i386.rpm firefox-3.6.7-2.el5.x86_64.rpm firefox-debuginfo-3.6.7-2.el5.i386.rpm firefox-debuginfo-3.6.7-2.el5.x86_64.rpm xulrunner-1.9.2.7-2.el5.i386.rpm xulrunner-1.9.2.7-2.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.7-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-2.el5.x86_64.rpm xulrunner-devel-1.9.2.7-2.el5.i386.rpm xulrunner-devel-1.9.2.7-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0654.html https://www.redhat.com/security/data/cve/CVE-2010-1205.html https://www.redhat.com/security/data/cve/CVE-2010-1206.html https://www.redhat.com/security/data/cve/CVE-2010-1207.html https://www.redhat.com/security/data/cve/CVE-2010-1208.html https://www.redhat.com/security/data/cve/CVE-2010-1209.html https://www.redhat.com/security/data/cve/CVE-2010-1210.html https://www.redhat.com/security/data/cve/CVE-2010-1211.html https://www.redhat.com/security/data/cve/CVE-2010-1212.html https://www.redhat.com/security/data/cve/CVE-2010-1213.html https://www.redhat.com/security/data/cve/CVE-2010-1214.html https://www.redhat.com/security/data/cve/CVE-2010-1215.html https://www.redhat.com/security/data/cve/CVE-2010-2751.html https://www.redhat.com/security/data/cve/CVE-2010-2752.html https://www.redhat.com/security/data/cve/CVE-2010-2753.html https://www.redhat.com/security/data/cve/CVE-2010-2754.html http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.7 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMRlF3XlSAg2UNWIIRAiFCAJ9+A52avvLezB+T83SLhWBVUykn1QCfbmUk WkO/PodI2kzo8FVvdy5Rjfo= =2BKq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 21 14:31:21 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Jul 2010 10:31:21 -0400 Subject: [RHSA-2010:0549-01] Critical: java-1.6.0-ibm security update Message-ID: <201007211431.o6LEVLOa029764@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2010:0549-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0549.html Issue date: 2010-07-21 CVE Names: CVE-2010-0887 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes one vulnerability in the IBM Java 2 Runtime Environment. This vulnerability is summarized on the IBM "Security alerts" page listed in the References section. (CVE-2010-0887) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR8-FP1 Java release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 581237 - CVE-2010-0886 CVE-2010-0887 Sun Java: Java Web Start arbitrary command line injection 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.i386.rpm ppc: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.ppc64.rpm s390: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.s390.rpm s390x: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.8.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.8.1-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.8.1-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0887.html http://www.redhat.com/security/updates/classification/#critical http://www-01.ibm.com/support/docview.wss?uid=swg21437817 http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMRwSDXlSAg2UNWIIRAvEGAKCfBMzjjyTndQDFXi78DFdnKaY/cgCguYz8 wBOKW29rgyTnF/pE6z6SYEU= =Terf -----END PGP SIGNATURE----- From bugzilla at redhat.com Sat Jul 24 00:56:42 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Jul 2010 20:56:42 -0400 Subject: [RHSA-2010:0556-01] Critical: firefox security update Message-ID: <201007240056.o6O0ugSP007711@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0556-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0556.html Issue date: 2010-07-23 CVE Names: CVE-2010-2755 ===================================================================== 1. Summary: Updated firefox and xulrunner packages that fix a security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox's plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running the Firefox application. (CVE-2010-2755) All Firefox users should upgrade to these updated packages, which contain a backported patch that corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 617657 - CVE-2010-2755 Mozilla arbitrary free flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.7-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.7-3.el5.src.rpm i386: firefox-3.6.7-3.el5.i386.rpm firefox-debuginfo-3.6.7-3.el5.i386.rpm xulrunner-1.9.2.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-3.el5.i386.rpm x86_64: firefox-3.6.7-3.el5.i386.rpm firefox-3.6.7-3.el5.x86_64.rpm firefox-debuginfo-3.6.7-3.el5.i386.rpm firefox-debuginfo-3.6.7-3.el5.x86_64.rpm xulrunner-1.9.2.7-3.el5.i386.rpm xulrunner-1.9.2.7-3.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-3.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.7-3.el5.src.rpm i386: xulrunner-debuginfo-1.9.2.7-3.el5.i386.rpm xulrunner-devel-1.9.2.7-3.el5.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-3.el5.x86_64.rpm xulrunner-devel-1.9.2.7-3.el5.i386.rpm xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.7-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.7-3.el5.src.rpm i386: firefox-3.6.7-3.el5.i386.rpm firefox-debuginfo-3.6.7-3.el5.i386.rpm xulrunner-1.9.2.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-3.el5.i386.rpm xulrunner-devel-1.9.2.7-3.el5.i386.rpm ia64: firefox-3.6.7-3.el5.ia64.rpm firefox-debuginfo-3.6.7-3.el5.ia64.rpm xulrunner-1.9.2.7-3.el5.ia64.rpm xulrunner-debuginfo-1.9.2.7-3.el5.ia64.rpm xulrunner-devel-1.9.2.7-3.el5.ia64.rpm ppc: firefox-3.6.7-3.el5.ppc.rpm firefox-debuginfo-3.6.7-3.el5.ppc.rpm xulrunner-1.9.2.7-3.el5.ppc.rpm xulrunner-1.9.2.7-3.el5.ppc64.rpm xulrunner-debuginfo-1.9.2.7-3.el5.ppc.rpm xulrunner-debuginfo-1.9.2.7-3.el5.ppc64.rpm xulrunner-devel-1.9.2.7-3.el5.ppc.rpm xulrunner-devel-1.9.2.7-3.el5.ppc64.rpm s390x: firefox-3.6.7-3.el5.s390.rpm firefox-3.6.7-3.el5.s390x.rpm firefox-debuginfo-3.6.7-3.el5.s390.rpm firefox-debuginfo-3.6.7-3.el5.s390x.rpm xulrunner-1.9.2.7-3.el5.s390.rpm xulrunner-1.9.2.7-3.el5.s390x.rpm xulrunner-debuginfo-1.9.2.7-3.el5.s390.rpm xulrunner-debuginfo-1.9.2.7-3.el5.s390x.rpm xulrunner-devel-1.9.2.7-3.el5.s390.rpm xulrunner-devel-1.9.2.7-3.el5.s390x.rpm x86_64: firefox-3.6.7-3.el5.i386.rpm firefox-3.6.7-3.el5.x86_64.rpm firefox-debuginfo-3.6.7-3.el5.i386.rpm firefox-debuginfo-3.6.7-3.el5.x86_64.rpm xulrunner-1.9.2.7-3.el5.i386.rpm xulrunner-1.9.2.7-3.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.7-3.el5.i386.rpm xulrunner-debuginfo-1.9.2.7-3.el5.x86_64.rpm xulrunner-devel-1.9.2.7-3.el5.i386.rpm xulrunner-devel-1.9.2.7-3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2755.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMSjo3XlSAg2UNWIIRAtZJAJ9Eh0859AqFgIyT7tM1TqW1HKZe5QCglDSu yjcWbNwhHW+gNu6Y8Xt//Ts= =vaHj -----END PGP SIGNATURE----- From bugzilla at redhat.com Sat Jul 24 00:57:30 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Jul 2010 20:57:30 -0400 Subject: [RHSA-2010:0557-01] Critical: seamonkey security update Message-ID: <201007240057.o6O0vUdL005861@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2010:0557-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0557.html Issue date: 2010-07-23 CVE Names: CVE-2010-2755 ===================================================================== 1. Summary: Updated seamonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. An invalid free flaw was found in SeaMonkey's plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2755) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 617657 - CVE-2010-2755 Mozilla arbitrary free flaw 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.58.el3.src.rpm i386: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-chat-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-devel-1.0.9-0.58.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.58.el3.i386.rpm seamonkey-mail-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.58.el3.i386.rpm ia64: seamonkey-1.0.9-0.58.el3.ia64.rpm seamonkey-chat-1.0.9-0.58.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.ia64.rpm seamonkey-devel-1.0.9-0.58.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.58.el3.ia64.rpm seamonkey-mail-1.0.9-0.58.el3.ia64.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.ia64.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.58.el3.ia64.rpm ppc: seamonkey-1.0.9-0.58.el3.ppc.rpm seamonkey-chat-1.0.9-0.58.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.58.el3.ppc.rpm seamonkey-devel-1.0.9-0.58.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.58.el3.ppc.rpm seamonkey-mail-1.0.9-0.58.el3.ppc.rpm seamonkey-nspr-1.0.9-0.58.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.ppc.rpm seamonkey-nss-1.0.9-0.58.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.58.el3.ppc.rpm s390: seamonkey-1.0.9-0.58.el3.s390.rpm seamonkey-chat-1.0.9-0.58.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.58.el3.s390.rpm seamonkey-devel-1.0.9-0.58.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.58.el3.s390.rpm seamonkey-mail-1.0.9-0.58.el3.s390.rpm seamonkey-nspr-1.0.9-0.58.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.s390.rpm seamonkey-nss-1.0.9-0.58.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.58.el3.s390.rpm s390x: seamonkey-1.0.9-0.58.el3.s390x.rpm seamonkey-chat-1.0.9-0.58.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.58.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.58.el3.s390x.rpm seamonkey-devel-1.0.9-0.58.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.58.el3.s390x.rpm seamonkey-mail-1.0.9-0.58.el3.s390x.rpm seamonkey-nspr-1.0.9-0.58.el3.s390.rpm seamonkey-nspr-1.0.9-0.58.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.s390x.rpm seamonkey-nss-1.0.9-0.58.el3.s390.rpm seamonkey-nss-1.0.9-0.58.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.58.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-1.0.9-0.58.el3.x86_64.rpm seamonkey-chat-1.0.9-0.58.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.x86_64.rpm seamonkey-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.58.el3.x86_64.rpm seamonkey-mail-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.58.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.58.el3.src.rpm i386: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-chat-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-devel-1.0.9-0.58.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.58.el3.i386.rpm seamonkey-mail-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.58.el3.i386.rpm x86_64: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-1.0.9-0.58.el3.x86_64.rpm seamonkey-chat-1.0.9-0.58.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.x86_64.rpm seamonkey-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.58.el3.x86_64.rpm seamonkey-mail-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.58.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.58.el3.src.rpm i386: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-chat-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-devel-1.0.9-0.58.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.58.el3.i386.rpm seamonkey-mail-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.58.el3.i386.rpm ia64: seamonkey-1.0.9-0.58.el3.ia64.rpm seamonkey-chat-1.0.9-0.58.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.ia64.rpm seamonkey-devel-1.0.9-0.58.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.58.el3.ia64.rpm seamonkey-mail-1.0.9-0.58.el3.ia64.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.ia64.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.58.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-1.0.9-0.58.el3.x86_64.rpm seamonkey-chat-1.0.9-0.58.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.x86_64.rpm seamonkey-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.58.el3.x86_64.rpm seamonkey-mail-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.58.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.58.el3.src.rpm i386: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-chat-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-devel-1.0.9-0.58.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.58.el3.i386.rpm seamonkey-mail-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.58.el3.i386.rpm ia64: seamonkey-1.0.9-0.58.el3.ia64.rpm seamonkey-chat-1.0.9-0.58.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.ia64.rpm seamonkey-devel-1.0.9-0.58.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.58.el3.ia64.rpm seamonkey-mail-1.0.9-0.58.el3.ia64.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.ia64.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.58.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.58.el3.i386.rpm seamonkey-1.0.9-0.58.el3.x86_64.rpm seamonkey-chat-1.0.9-0.58.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.58.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.58.el3.x86_64.rpm seamonkey-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.58.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.58.el3.x86_64.rpm seamonkey-mail-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.58.el3.i386.rpm seamonkey-nspr-1.0.9-0.58.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-1.0.9-0.58.el3.i386.rpm seamonkey-nss-1.0.9-0.58.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.58.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-61.el4.src.rpm i386: seamonkey-1.0.9-61.el4.i386.rpm seamonkey-chat-1.0.9-61.el4.i386.rpm seamonkey-debuginfo-1.0.9-61.el4.i386.rpm seamonkey-devel-1.0.9-61.el4.i386.rpm seamonkey-dom-inspector-1.0.9-61.el4.i386.rpm seamonkey-js-debugger-1.0.9-61.el4.i386.rpm seamonkey-mail-1.0.9-61.el4.i386.rpm ia64: seamonkey-1.0.9-61.el4.ia64.rpm seamonkey-chat-1.0.9-61.el4.ia64.rpm seamonkey-debuginfo-1.0.9-61.el4.ia64.rpm seamonkey-devel-1.0.9-61.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-61.el4.ia64.rpm seamonkey-js-debugger-1.0.9-61.el4.ia64.rpm seamonkey-mail-1.0.9-61.el4.ia64.rpm ppc: seamonkey-1.0.9-61.el4.ppc.rpm seamonkey-chat-1.0.9-61.el4.ppc.rpm seamonkey-debuginfo-1.0.9-61.el4.ppc.rpm seamonkey-devel-1.0.9-61.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-61.el4.ppc.rpm seamonkey-js-debugger-1.0.9-61.el4.ppc.rpm seamonkey-mail-1.0.9-61.el4.ppc.rpm s390: seamonkey-1.0.9-61.el4.s390.rpm seamonkey-chat-1.0.9-61.el4.s390.rpm seamonkey-debuginfo-1.0.9-61.el4.s390.rpm seamonkey-devel-1.0.9-61.el4.s390.rpm seamonkey-dom-inspector-1.0.9-61.el4.s390.rpm seamonkey-js-debugger-1.0.9-61.el4.s390.rpm seamonkey-mail-1.0.9-61.el4.s390.rpm s390x: seamonkey-1.0.9-61.el4.s390x.rpm seamonkey-chat-1.0.9-61.el4.s390x.rpm seamonkey-debuginfo-1.0.9-61.el4.s390x.rpm seamonkey-devel-1.0.9-61.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-61.el4.s390x.rpm seamonkey-js-debugger-1.0.9-61.el4.s390x.rpm seamonkey-mail-1.0.9-61.el4.s390x.rpm x86_64: seamonkey-1.0.9-61.el4.x86_64.rpm seamonkey-chat-1.0.9-61.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-61.el4.x86_64.rpm seamonkey-devel-1.0.9-61.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-61.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-61.el4.x86_64.rpm seamonkey-mail-1.0.9-61.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-61.el4.src.rpm i386: seamonkey-1.0.9-61.el4.i386.rpm seamonkey-chat-1.0.9-61.el4.i386.rpm seamonkey-debuginfo-1.0.9-61.el4.i386.rpm seamonkey-devel-1.0.9-61.el4.i386.rpm seamonkey-dom-inspector-1.0.9-61.el4.i386.rpm seamonkey-js-debugger-1.0.9-61.el4.i386.rpm seamonkey-mail-1.0.9-61.el4.i386.rpm x86_64: seamonkey-1.0.9-61.el4.x86_64.rpm seamonkey-chat-1.0.9-61.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-61.el4.x86_64.rpm seamonkey-devel-1.0.9-61.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-61.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-61.el4.x86_64.rpm seamonkey-mail-1.0.9-61.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-61.el4.src.rpm i386: seamonkey-1.0.9-61.el4.i386.rpm seamonkey-chat-1.0.9-61.el4.i386.rpm seamonkey-debuginfo-1.0.9-61.el4.i386.rpm seamonkey-devel-1.0.9-61.el4.i386.rpm seamonkey-dom-inspector-1.0.9-61.el4.i386.rpm seamonkey-js-debugger-1.0.9-61.el4.i386.rpm seamonkey-mail-1.0.9-61.el4.i386.rpm ia64: seamonkey-1.0.9-61.el4.ia64.rpm seamonkey-chat-1.0.9-61.el4.ia64.rpm seamonkey-debuginfo-1.0.9-61.el4.ia64.rpm seamonkey-devel-1.0.9-61.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-61.el4.ia64.rpm seamonkey-js-debugger-1.0.9-61.el4.ia64.rpm seamonkey-mail-1.0.9-61.el4.ia64.rpm x86_64: seamonkey-1.0.9-61.el4.x86_64.rpm seamonkey-chat-1.0.9-61.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-61.el4.x86_64.rpm seamonkey-devel-1.0.9-61.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-61.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-61.el4.x86_64.rpm seamonkey-mail-1.0.9-61.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-61.el4.src.rpm i386: seamonkey-1.0.9-61.el4.i386.rpm seamonkey-chat-1.0.9-61.el4.i386.rpm seamonkey-debuginfo-1.0.9-61.el4.i386.rpm seamonkey-devel-1.0.9-61.el4.i386.rpm seamonkey-dom-inspector-1.0.9-61.el4.i386.rpm seamonkey-js-debugger-1.0.9-61.el4.i386.rpm seamonkey-mail-1.0.9-61.el4.i386.rpm ia64: seamonkey-1.0.9-61.el4.ia64.rpm seamonkey-chat-1.0.9-61.el4.ia64.rpm seamonkey-debuginfo-1.0.9-61.el4.ia64.rpm seamonkey-devel-1.0.9-61.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-61.el4.ia64.rpm seamonkey-js-debugger-1.0.9-61.el4.ia64.rpm seamonkey-mail-1.0.9-61.el4.ia64.rpm x86_64: seamonkey-1.0.9-61.el4.x86_64.rpm seamonkey-chat-1.0.9-61.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-61.el4.x86_64.rpm seamonkey-devel-1.0.9-61.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-61.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-61.el4.x86_64.rpm seamonkey-mail-1.0.9-61.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2755.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMSjpmXlSAg2UNWIIRAvyhAJ9wB0Gr5rHHUyblCLFr59fnhmGRiwCeLxD+ 13Wk4enXegihWWkbR5i3Huc= =aWZf -----END PGP SIGNATURE----- From bugzilla at redhat.com Sat Jul 24 00:58:36 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Jul 2010 20:58:36 -0400 Subject: [RHSA-2010:0558-01] Critical: firefox security update Message-ID: <201007240058.o6O0wa3S027992@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0558-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0558.html Issue date: 2010-07-23 CVE Names: CVE-2010-2755 ===================================================================== 1. Summary: Updated firefox packages that fix a security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source web browser. An invalid free flaw was found in Firefox's plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2755) All Firefox users should upgrade to these updated packages, which contain a backported patch that corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 617657 - CVE-2010-2755 Mozilla arbitrary free flaw 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.7-3.el4.src.rpm i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm ia64: firefox-3.6.7-3.el4.ia64.rpm firefox-debuginfo-3.6.7-3.el4.ia64.rpm ppc: firefox-3.6.7-3.el4.ppc.rpm firefox-debuginfo-3.6.7-3.el4.ppc.rpm s390: firefox-3.6.7-3.el4.s390.rpm firefox-debuginfo-3.6.7-3.el4.s390.rpm s390x: firefox-3.6.7-3.el4.s390x.rpm firefox-debuginfo-3.6.7-3.el4.s390x.rpm x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.7-3.el4.src.rpm i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.7-3.el4.src.rpm i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm ia64: firefox-3.6.7-3.el4.ia64.rpm firefox-debuginfo-3.6.7-3.el4.ia64.rpm x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.7-3.el4.src.rpm i386: firefox-3.6.7-3.el4.i386.rpm firefox-debuginfo-3.6.7-3.el4.i386.rpm ia64: firefox-3.6.7-3.el4.ia64.rpm firefox-debuginfo-3.6.7-3.el4.ia64.rpm x86_64: firefox-3.6.7-3.el4.x86_64.rpm firefox-debuginfo-3.6.7-3.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2755.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMSjqPXlSAg2UNWIIRAnbmAJ4jmAwTBXta+NS5lX+YIXEtbwmIXwCgpgi9 ffkcEzAS8AxcmF0uqTlBC/Y= =Ztdk -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 27 13:13:20 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 Jul 2010 09:13:20 -0400 Subject: [RHSA-2010:0565-01] Moderate: w3m security update Message-ID: <201007271313.o6RDDKpm028807@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: w3m security update Advisory ID: RHSA-2010:0565-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0565.html Issue date: 2010-07-27 CVE Names: CVE-2010-2074 ===================================================================== 1. Summary: Updated w3m packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The w3m program is a pager (or text file viewer) that can also be used as a text mode web browser. It was discovered that w3m is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake. (CVE-2010-2074) All w3m users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 604855 - CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/w3m-0.5.1-17.el5_5.src.rpm i386: w3m-0.5.1-17.el5_5.i386.rpm w3m-debuginfo-0.5.1-17.el5_5.i386.rpm w3m-img-0.5.1-17.el5_5.i386.rpm x86_64: w3m-0.5.1-17.el5_5.x86_64.rpm w3m-debuginfo-0.5.1-17.el5_5.x86_64.rpm w3m-img-0.5.1-17.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/w3m-0.5.1-17.el5_5.src.rpm i386: w3m-0.5.1-17.el5_5.i386.rpm w3m-debuginfo-0.5.1-17.el5_5.i386.rpm w3m-img-0.5.1-17.el5_5.i386.rpm ia64: w3m-0.5.1-17.el5_5.ia64.rpm w3m-debuginfo-0.5.1-17.el5_5.ia64.rpm w3m-img-0.5.1-17.el5_5.ia64.rpm ppc: w3m-0.5.1-17.el5_5.ppc.rpm w3m-debuginfo-0.5.1-17.el5_5.ppc.rpm w3m-img-0.5.1-17.el5_5.ppc.rpm s390x: w3m-0.5.1-17.el5_5.s390x.rpm w3m-debuginfo-0.5.1-17.el5_5.s390x.rpm w3m-img-0.5.1-17.el5_5.s390x.rpm x86_64: w3m-0.5.1-17.el5_5.x86_64.rpm w3m-debuginfo-0.5.1-17.el5_5.x86_64.rpm w3m-img-0.5.1-17.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2074.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMTtsoXlSAg2UNWIIRAg8CAJ0QTwGEGggGgv0vh3IqgYLp9pzougCfYiql Y7sl+awh0OG33CQLq3xuTLM= =3ZVc -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 28 14:33:52 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Jul 2010 10:33:52 -0400 Subject: [RHSA-2010:0567-01] Moderate: lvm2-cluster security update Message-ID: <201007281433.o6SEXqnW019665@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: lvm2-cluster security update Advisory ID: RHSA-2010:0567-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0567.html Issue date: 2010-07-28 CVE Names: CVE-2010-2526 ===================================================================== 1. Summary: An updated lvm2-cluster package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Cluster-Storage (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The lvm2-cluster package contains support for Logical Volume Management (LVM) in a clustered environment. It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526) Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd. All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 614248 - CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd 6. Package List: RHEL Cluster-Storage (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/lvm2-cluster-2.02.56-7.el5_5.4.src.rpm i386: lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.i386.rpm ia64: lvm2-cluster-2.02.56-7.el5_5.4.ia64.rpm lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.ia64.rpm ppc: lvm2-cluster-2.02.56-7.el5_5.4.ppc.rpm lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.ppc.rpm x86_64: lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm lvm2-cluster-debuginfo-2.02.56-7.el5_5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2526.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMUD+kXlSAg2UNWIIRAoB+AJoDbmdbm/PYvjJk3PyQfYd61mAIXgCgo16j tos6OQuVHUGkOLfqZvRXL1o= =0TE6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 29 16:46:58 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 Jul 2010 12:46:58 -0400 Subject: [RHSA-2010:0574-01] Critical: java-1.4.2-ibm security update Message-ID: <201007291646.o6TGkw2q017839@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2010:0574-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0574.html Issue date: 2010-07-29 CVE Names: CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0091 CVE-2010-0095 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0095, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP5 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) 575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390) 575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393) 575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703) 575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954) 575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) 575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597) 575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823) 575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866) 578430 - CVE-2010-0846 JDK unspecified vulnerability in ImageIO component 578432 - CVE-2010-0849 JDK unspecified vulnerability in Java2D component 578433 - CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component 578436 - CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities 578440 - CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ppc.rpm s390: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.s390.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.5-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.5-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0084.html https://www.redhat.com/security/data/cve/CVE-2010-0085.html https://www.redhat.com/security/data/cve/CVE-2010-0087.html https://www.redhat.com/security/data/cve/CVE-2010-0088.html https://www.redhat.com/security/data/cve/CVE-2010-0089.html https://www.redhat.com/security/data/cve/CVE-2010-0091.html https://www.redhat.com/security/data/cve/CVE-2010-0095.html https://www.redhat.com/security/data/cve/CVE-2010-0839.html https://www.redhat.com/security/data/cve/CVE-2010-0840.html https://www.redhat.com/security/data/cve/CVE-2010-0841.html https://www.redhat.com/security/data/cve/CVE-2010-0842.html https://www.redhat.com/security/data/cve/CVE-2010-0843.html https://www.redhat.com/security/data/cve/CVE-2010-0844.html https://www.redhat.com/security/data/cve/CVE-2010-0846.html https://www.redhat.com/security/data/cve/CVE-2010-0847.html https://www.redhat.com/security/data/cve/CVE-2010-0848.html https://www.redhat.com/security/data/cve/CVE-2010-0849.html http://www.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMUbAoXlSAg2UNWIIRAljZAKCTMdOpuyHLlD2V5dp87x4ESYdK6QCffwp7 zFChnRrKAolgMa4XUIDh9vc= =jmNl -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 30 10:27:23 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 30 Jul 2010 06:27:23 -0400 Subject: [RHSA-2010:0576-01] Low: Red Hat Enterprise Linux 3 - 3-Month End Of Life Notice Message-ID: <201007301027.o6UARNhv010775@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 3 - 3-Month End Of Life Notice Advisory ID: RHSA-2010:0576-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0576.html Issue date: 2010-07-30 ===================================================================== 1. Summary: This is the 3-month notification of the End Of Life plans for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 3 will end on October 31, 2010. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 3. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services will no longer be available for the following products: * Red Hat Enterprise Linux AS 3 * Red Hat Enterprise Linux ES 3 * Red Hat Enterprise Linux WS 3 * Red Hat Enterprise Linux Extras 3 * Red Hat Desktop 3 * Red Hat Global File System 3 * Red Hat Cluster Suite 3 Customers still running production workloads on Red Hat Enterprise Linux 3 are advised to begin planning the upgrade to Red Hat Enterprise Linux 5. Active subscribers of Red Hat Enterprise Linux already have access to all currently maintained versions of Red Hat Enterprise Linux, as part of their subscription without additional fees. For customers who are unable to migrate off Red Hat Enterprise Linux 3 before its end-of-life date, Red Hat may offer a limited, optional extension program. For more information, contact your Red Hat sales representative or channel partner. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: http://www.redhat.com/security/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Bugs fixed (http://bugzilla.redhat.com/): 616794 - Send Out RHEL 3 3-Month EOL Notice 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/redhat-release-3AS-13.9.9.src.rpm i386: redhat-release-3AS-13.9.9.i386.rpm redhat-release-debuginfo-3AS-13.9.9.i386.rpm ia64: redhat-release-3AS-13.9.9.ia64.rpm redhat-release-debuginfo-3AS-13.9.9.ia64.rpm ppc: redhat-release-3AS-13.9.9.ppc.rpm redhat-release-debuginfo-3AS-13.9.9.ppc.rpm s390: redhat-release-3AS-13.9.9.s390.rpm redhat-release-debuginfo-3AS-13.9.9.s390.rpm s390x: redhat-release-3AS-13.9.9.s390x.rpm redhat-release-debuginfo-3AS-13.9.9.s390x.rpm x86_64: redhat-release-3AS-13.9.9.x86_64.rpm redhat-release-debuginfo-3AS-13.9.9.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/redhat-release-3Desktop-13.9.9.src.rpm i386: redhat-release-3Desktop-13.9.9.i386.rpm redhat-release-debuginfo-3Desktop-13.9.9.i386.rpm x86_64: redhat-release-3Desktop-13.9.9.x86_64.rpm redhat-release-debuginfo-3Desktop-13.9.9.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/redhat-release-3ES-13.9.9.src.rpm i386: redhat-release-3ES-13.9.9.i386.rpm redhat-release-debuginfo-3ES-13.9.9.i386.rpm ia64: redhat-release-3ES-13.9.9.ia64.rpm redhat-release-debuginfo-3ES-13.9.9.ia64.rpm x86_64: redhat-release-3ES-13.9.9.x86_64.rpm redhat-release-debuginfo-3ES-13.9.9.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/redhat-release-3WS-13.9.9.src.rpm i386: redhat-release-3WS-13.9.9.i386.rpm redhat-release-debuginfo-3WS-13.9.9.i386.rpm ia64: redhat-release-3WS-13.9.9.ia64.rpm redhat-release-debuginfo-3WS-13.9.9.ia64.rpm x86_64: redhat-release-3WS-13.9.9.x86_64.rpm redhat-release-debuginfo-3WS-13.9.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.redhat.com/security/updates/classification/#low http://www.redhat.com/security/updates/errata/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMUqi0XlSAg2UNWIIRAovxAJ4u4+GxyofqLrAOE8+v/XC/DdOf1ACgnkrH ea0v9HPvKDqXocvbu6lNYlI= =yTnQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 30 16:14:38 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 30 Jul 2010 12:14:38 -0400 Subject: [RHSA-2010:0577-01] Important: freetype security update Message-ID: <201007301614.o6UGEcTH008725@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2010:0577-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0577.html Issue date: 2010-07-30 CVE Names: CVE-2010-2500 CVE-2010-2527 CVE-2010-2541 ===================================================================== 1. Summary: Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. An integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500) Several buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541) Red Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2500 and CVE-2010-2527 issues. Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 613167 - CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.c 614557 - CVE-2010-2527 Freetype demos multiple buffer overflows 617342 - CVE-2010-2541 Freetype ftmulti buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/freetype-2.1.4-15.el3.src.rpm i386: freetype-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-devel-2.1.4-15.el3.i386.rpm ia64: freetype-2.1.4-15.el3.i386.rpm freetype-2.1.4-15.el3.ia64.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.ia64.rpm freetype-devel-2.1.4-15.el3.ia64.rpm ppc: freetype-2.1.4-15.el3.ppc.rpm freetype-2.1.4-15.el3.ppc64.rpm freetype-debuginfo-2.1.4-15.el3.ppc.rpm freetype-debuginfo-2.1.4-15.el3.ppc64.rpm freetype-devel-2.1.4-15.el3.ppc.rpm s390: freetype-2.1.4-15.el3.s390.rpm freetype-debuginfo-2.1.4-15.el3.s390.rpm freetype-devel-2.1.4-15.el3.s390.rpm s390x: freetype-2.1.4-15.el3.s390.rpm freetype-2.1.4-15.el3.s390x.rpm freetype-debuginfo-2.1.4-15.el3.s390.rpm freetype-debuginfo-2.1.4-15.el3.s390x.rpm freetype-devel-2.1.4-15.el3.s390x.rpm x86_64: freetype-2.1.4-15.el3.i386.rpm freetype-2.1.4-15.el3.x86_64.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.x86_64.rpm freetype-devel-2.1.4-15.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/freetype-2.1.4-15.el3.src.rpm i386: freetype-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-devel-2.1.4-15.el3.i386.rpm x86_64: freetype-2.1.4-15.el3.i386.rpm freetype-2.1.4-15.el3.x86_64.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.x86_64.rpm freetype-devel-2.1.4-15.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/freetype-2.1.4-15.el3.src.rpm i386: freetype-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-devel-2.1.4-15.el3.i386.rpm ia64: freetype-2.1.4-15.el3.i386.rpm freetype-2.1.4-15.el3.ia64.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.ia64.rpm freetype-devel-2.1.4-15.el3.ia64.rpm x86_64: freetype-2.1.4-15.el3.i386.rpm freetype-2.1.4-15.el3.x86_64.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.x86_64.rpm freetype-devel-2.1.4-15.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/freetype-2.1.4-15.el3.src.rpm i386: freetype-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-devel-2.1.4-15.el3.i386.rpm ia64: freetype-2.1.4-15.el3.i386.rpm freetype-2.1.4-15.el3.ia64.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.ia64.rpm freetype-devel-2.1.4-15.el3.ia64.rpm x86_64: freetype-2.1.4-15.el3.i386.rpm freetype-2.1.4-15.el3.x86_64.rpm freetype-debuginfo-2.1.4-15.el3.i386.rpm freetype-debuginfo-2.1.4-15.el3.x86_64.rpm freetype-devel-2.1.4-15.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2500.html https://www.redhat.com/security/data/cve/CVE-2010-2527.html https://www.redhat.com/security/data/cve/CVE-2010-2541.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMUvohXlSAg2UNWIIRAtnyAKCKwHn52N4O6ppZcQdXecme1NrTbQCgl1/b jPLrFiAkNHUKK9JR9tCMNp0= =Vl/M -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 30 16:17:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 30 Jul 2010 12:17:32 -0400 Subject: [RHSA-2010:0578-01] Important: freetype security update Message-ID: <201007301617.o6UGHXTa008652@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2010:0578-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0578.html Issue date: 2010-07-30 CVE Names: CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2527 CVE-2010-2541 ===================================================================== 1. Summary: Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498) An integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500) Several buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519) Several buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541) Red Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues. Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 613160 - CVE-2010-2498 freetype: invalid free vulnerability with possible heap corruption 613162 - CVE-2010-2499 freetype: buffer overflow vulnerability 613167 - CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.c 613194 - CVE-2010-2519 freetype: heap buffer overflow vulnerability when processing certain font files 614557 - CVE-2010-2527 Freetype demos multiple buffer overflows 617342 - CVE-2010-2541 Freetype ftmulti buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-14.el4.8.src.rpm i386: freetype-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-demos-2.1.9-14.el4.8.i386.rpm freetype-devel-2.1.9-14.el4.8.i386.rpm freetype-utils-2.1.9-14.el4.8.i386.rpm ia64: freetype-2.1.9-14.el4.8.i386.rpm freetype-2.1.9-14.el4.8.ia64.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.ia64.rpm freetype-demos-2.1.9-14.el4.8.ia64.rpm freetype-devel-2.1.9-14.el4.8.ia64.rpm freetype-utils-2.1.9-14.el4.8.ia64.rpm ppc: freetype-2.1.9-14.el4.8.ppc.rpm freetype-2.1.9-14.el4.8.ppc64.rpm freetype-debuginfo-2.1.9-14.el4.8.ppc.rpm freetype-debuginfo-2.1.9-14.el4.8.ppc64.rpm freetype-demos-2.1.9-14.el4.8.ppc.rpm freetype-devel-2.1.9-14.el4.8.ppc.rpm freetype-utils-2.1.9-14.el4.8.ppc.rpm s390: freetype-2.1.9-14.el4.8.s390.rpm freetype-debuginfo-2.1.9-14.el4.8.s390.rpm freetype-demos-2.1.9-14.el4.8.s390.rpm freetype-devel-2.1.9-14.el4.8.s390.rpm freetype-utils-2.1.9-14.el4.8.s390.rpm s390x: freetype-2.1.9-14.el4.8.s390.rpm freetype-2.1.9-14.el4.8.s390x.rpm freetype-debuginfo-2.1.9-14.el4.8.s390.rpm freetype-debuginfo-2.1.9-14.el4.8.s390x.rpm freetype-demos-2.1.9-14.el4.8.s390x.rpm freetype-devel-2.1.9-14.el4.8.s390x.rpm freetype-utils-2.1.9-14.el4.8.s390x.rpm x86_64: freetype-2.1.9-14.el4.8.i386.rpm freetype-2.1.9-14.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.x86_64.rpm freetype-demos-2.1.9-14.el4.8.x86_64.rpm freetype-devel-2.1.9-14.el4.8.x86_64.rpm freetype-utils-2.1.9-14.el4.8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-14.el4.8.src.rpm i386: freetype-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-demos-2.1.9-14.el4.8.i386.rpm freetype-devel-2.1.9-14.el4.8.i386.rpm freetype-utils-2.1.9-14.el4.8.i386.rpm x86_64: freetype-2.1.9-14.el4.8.i386.rpm freetype-2.1.9-14.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.x86_64.rpm freetype-demos-2.1.9-14.el4.8.x86_64.rpm freetype-devel-2.1.9-14.el4.8.x86_64.rpm freetype-utils-2.1.9-14.el4.8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-14.el4.8.src.rpm i386: freetype-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-demos-2.1.9-14.el4.8.i386.rpm freetype-devel-2.1.9-14.el4.8.i386.rpm freetype-utils-2.1.9-14.el4.8.i386.rpm ia64: freetype-2.1.9-14.el4.8.i386.rpm freetype-2.1.9-14.el4.8.ia64.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.ia64.rpm freetype-demos-2.1.9-14.el4.8.ia64.rpm freetype-devel-2.1.9-14.el4.8.ia64.rpm freetype-utils-2.1.9-14.el4.8.ia64.rpm x86_64: freetype-2.1.9-14.el4.8.i386.rpm freetype-2.1.9-14.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.x86_64.rpm freetype-demos-2.1.9-14.el4.8.x86_64.rpm freetype-devel-2.1.9-14.el4.8.x86_64.rpm freetype-utils-2.1.9-14.el4.8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-14.el4.8.src.rpm i386: freetype-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-demos-2.1.9-14.el4.8.i386.rpm freetype-devel-2.1.9-14.el4.8.i386.rpm freetype-utils-2.1.9-14.el4.8.i386.rpm ia64: freetype-2.1.9-14.el4.8.i386.rpm freetype-2.1.9-14.el4.8.ia64.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.ia64.rpm freetype-demos-2.1.9-14.el4.8.ia64.rpm freetype-devel-2.1.9-14.el4.8.ia64.rpm freetype-utils-2.1.9-14.el4.8.ia64.rpm x86_64: freetype-2.1.9-14.el4.8.i386.rpm freetype-2.1.9-14.el4.8.x86_64.rpm freetype-debuginfo-2.1.9-14.el4.8.i386.rpm freetype-debuginfo-2.1.9-14.el4.8.x86_64.rpm freetype-demos-2.1.9-14.el4.8.x86_64.rpm freetype-devel-2.1.9-14.el4.8.x86_64.rpm freetype-utils-2.1.9-14.el4.8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-25.el5_5.src.rpm i386: freetype-2.2.1-25.el5_5.i386.rpm freetype-debuginfo-2.2.1-25.el5_5.i386.rpm x86_64: freetype-2.2.1-25.el5_5.i386.rpm freetype-2.2.1-25.el5_5.x86_64.rpm freetype-debuginfo-2.2.1-25.el5_5.i386.rpm freetype-debuginfo-2.2.1-25.el5_5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-25.el5_5.src.rpm i386: freetype-debuginfo-2.2.1-25.el5_5.i386.rpm freetype-demos-2.2.1-25.el5_5.i386.rpm freetype-devel-2.2.1-25.el5_5.i386.rpm x86_64: freetype-debuginfo-2.2.1-25.el5_5.i386.rpm freetype-debuginfo-2.2.1-25.el5_5.x86_64.rpm freetype-demos-2.2.1-25.el5_5.x86_64.rpm freetype-devel-2.2.1-25.el5_5.i386.rpm freetype-devel-2.2.1-25.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-25.el5_5.src.rpm i386: freetype-2.2.1-25.el5_5.i386.rpm freetype-debuginfo-2.2.1-25.el5_5.i386.rpm freetype-demos-2.2.1-25.el5_5.i386.rpm freetype-devel-2.2.1-25.el5_5.i386.rpm ia64: freetype-2.2.1-25.el5_5.i386.rpm freetype-2.2.1-25.el5_5.ia64.rpm freetype-debuginfo-2.2.1-25.el5_5.i386.rpm freetype-debuginfo-2.2.1-25.el5_5.ia64.rpm freetype-demos-2.2.1-25.el5_5.ia64.rpm freetype-devel-2.2.1-25.el5_5.ia64.rpm ppc: freetype-2.2.1-25.el5_5.ppc.rpm freetype-2.2.1-25.el5_5.ppc64.rpm freetype-debuginfo-2.2.1-25.el5_5.ppc.rpm freetype-debuginfo-2.2.1-25.el5_5.ppc64.rpm freetype-demos-2.2.1-25.el5_5.ppc.rpm freetype-devel-2.2.1-25.el5_5.ppc.rpm freetype-devel-2.2.1-25.el5_5.ppc64.rpm s390x: freetype-2.2.1-25.el5_5.s390.rpm freetype-2.2.1-25.el5_5.s390x.rpm freetype-debuginfo-2.2.1-25.el5_5.s390.rpm freetype-debuginfo-2.2.1-25.el5_5.s390x.rpm freetype-demos-2.2.1-25.el5_5.s390x.rpm freetype-devel-2.2.1-25.el5_5.s390.rpm freetype-devel-2.2.1-25.el5_5.s390x.rpm x86_64: freetype-2.2.1-25.el5_5.i386.rpm freetype-2.2.1-25.el5_5.x86_64.rpm freetype-debuginfo-2.2.1-25.el5_5.i386.rpm freetype-debuginfo-2.2.1-25.el5_5.x86_64.rpm freetype-demos-2.2.1-25.el5_5.x86_64.rpm freetype-devel-2.2.1-25.el5_5.i386.rpm freetype-devel-2.2.1-25.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2498.html https://www.redhat.com/security/data/cve/CVE-2010-2499.html https://www.redhat.com/security/data/cve/CVE-2010-2500.html https://www.redhat.com/security/data/cve/CVE-2010-2519.html https://www.redhat.com/security/data/cve/CVE-2010-2527.html https://www.redhat.com/security/data/cve/CVE-2010-2541.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMUvqpXlSAg2UNWIIRApW+AJ9L6KfVhP3bk+RWG2/fLUkv+Pn7UQCggCHk AXgjYZaqIE+ezX2Ui2TWxYo= =NzhU -----END PGP SIGNATURE-----